CrowdStrike Plans to Increase Testing for Security Content Updates

Quick Read:

• A defective update impacted millions of Windows computers.
• Additional layers of testing and quality assurance will be introduced.
• Introducing a phased deployment strategy.
• Customers will have increased control over updates.
• A comprehensive root cause analysis will be published by CrowdStrike.

Incident Overview

CrowdStrike, the EDR (endpoint detection and response) provider, has pledged to make substantial alterations after a faulty update caused millions of Windows computers to become unusable. The problem originated from a sensor configuration update that evaded the standard validation processes because of a bug in the content validator.

The vendor revealed that the defective update had passed a validation process that was trusted due to similar checks being successful on four prior occasions this year.

Types of Updates

CrowdStrike regularly provides two kinds of security content configuration files for its Falcon EDR clients: sensor releases and operational speed updates. Sensor releases are subject to thorough quality assurance (QA) and testing, allowing customers to select their preferred version for installation. On the other hand, operational speed updates, utilized by threat detection engineers for telemetry and behavior analysis, undergo less stringent QA and testing.

The Problematic Update

The problematic update was an operational speed enhancement. This update was developed and configured using CrowdStrike’s cloud-based Falcon platform. Although a content validator was in place to review updates before publication, it did not have the extensive quality assurance processes used for sensor releases, resulting in the unintentional distribution of flawed content data.

Planned Improvements

CrowdStrike intends to add more testing layers, such as local developer testing, stress testing, and stability testing, to avoid future issues with these file types. Moreover, they will adopt a staggered deployment strategy beginning with a canary deployment, followed by a gradual rollout of updates to increasingly larger parts of the sensor base.

CrowdStrike will offer customers increased control over how updates are delivered, enabling them to choose specific times and locations for deployment. The company has committed to providing a comprehensive root cause analysis after their investigations are finalized.

Summary

CrowdStrike is enhancing its security update processes following an issue with a recent update that impacted millions of Windows devices. The company plans to introduce more stringent testing phases, carry out phased rollouts, and provide customers with greater control over updates. A comprehensive root cause analysis will be provided soon.

Q&A Section

What led to the Windows computers becoming unusable?

A bug in the content validator allowed a faulty sensor configuration update to skip standard validation checks.

Q: What kinds of updates are delivered by CrowdStrike?

CrowdStrike offers two categories of updates: sensor releases that go through thorough quality assurance and testing, and operational speed updates that concentrate on telemetry and behavior analysis but have less stringent quality assurance.

Q: What enhancements will CrowdStrike make to their update procedure?

CrowdStrike intends to add further testing layers, including local developer testing, stress testing, and stability testing. They will also adopt a staggered deployment strategy and provide customers with increased control over software updates.

Q: Will customers have increased control over upcoming updates?

A: Indeed, CrowdStrike enables customers to choose the timing and location of updates, offering enhanced control.

When can we anticipate the comprehensive root cause analysis?

CrowdStrike has promised to provide a comprehensive root cause analysis after concluding their investigations.