katie lay’s Post

A company’s success depends on keeping its data secure. Our solutions protect businesses through #vulnerability detection, mitigation and remediation before, during, and after an attack. ➡️Visit to learn more: https://lnkd.in/egZzPzrv #FueledbyHCLSoftware #EnterpriseSecurity

Here is Crowdstrike's updated report on the global incident. https://lnkd.in/eiMJJAZE Pushing out a bad update could happen to anybody. This could happen to any company. Saying, "how unlucky for them" and thanking the heavens that this didn't happen to you is not enough. If a company offers software and hardware, they could introduce something that breaks customer equipment. The report mentioned the extensive testing that Crowdstrike performed, including automated testing. A bug allowed their faulty update to be released. With all that preparation, something still went wrong. The main takeaway for me is that recovery is the most important thing in an organization. Even if Crowdstrike had had a mechanism to catch their bug, that mechanism may itself have a bug in the future. Every company must have an even more robust recovery procedure to allow them to bounce back from any mishap. Most security programs and books list Recovery as one of the last chapters. Recovery should be the first chapter of all these materials, because it is the most important.

Hello Enterprise storage users, good day. In order to protect the critical data we may need to consider safeguarded copy solution . This is very much important today because let's see we have 2 scenarios 1. If the corruption happens at logical volume level then your replicated copy will also be corrupted. Operating system will not stop IO and it will pass on corrupt data to destination volume. 2. If something deleted file on source volume then replication copy will also be deleted with metro mirror. or something like ransomware attack, we loose data at both places. To protect these, we need to safeguard the copy which is like immutable copy. Immutable copy will not be overwritten. at least flash copy every 4-8 hours will help for quick recovery. Note- this is just recommendation and the recovery mechanism can vary for each and every environment. Actual recovery has to be fully tested and concluded. Reference - IBM safeguard copy guide IBM FS9500.

Regarding the untested crowdstrike patch that has affected millions of systems and organizations globally and done severe damage to the global economy. I haven't really heard anybody talk about the failure of patch management here. Not only did a globally distributed EDR company not test their software and put all of their customers at risk; in many cases business continuity will be affected. Not only was crowdstrike to blame, but all the corporations that blindly patched their systems are also to blame because none of them are following industry standard patch management best practices. You don't patch all your systems at once with recently released patches, you're supposed to do staging and testing to make sure that those patches aren't going to affect your environment! I'm seeing a lot of bad practices here causing billions of dollars in negligent damage to the global economy across a wide variety of important industries and even government agencies. We're going to see a massive fall out here. Many C levels are going to lose their jobs, as well as many it managers and directors. I hope the industry at large and the world learns from this because it's honestly ridiculous! It should have never happened! This wasn't just a mistake, it's criminal negligence!

SolarWinds Head of Government Affairs, Chip Daniels discusses how agencies and industry can combine to combat software supply chain attacks in this article for Carahsoft. Learn more here: https://lnkd.in/dNNbqpV8

Chip Daniels from SolarWinds discusses how agencies and industry can combine to combat software supply chain attacks in this article for Carahsoft. Learn more here: https://bit.ly/4ddH7Uh

Why are we focused on "MAKING MOBILE SECURITY EASY"? This is an excellent example of the potential ROI for an enterprise that embraces security properly. USD 1.68M - Cost savings from high levels of DevSecOps adoption  USD 1.49M - Cost savings achieved by organizations with high levels of IR planning and testing  USD 1.44M - Increase in data breach costs for organizations that had high levels of security system complexity USD 1.02M - Average cost difference between breaches that took more than 200 days to find and resolve, and those that took less than 200 days #mobilesecurity #mobileappsecurity #zimperium Source: IBM Cost of Data Breach Report 2023

CrowdStrike Releases Root Cause Analysis (RCA) Report of Global IT Outage ... CrowdStrike has published it's Root Cause Analysis (RCA) Report detailing what caused the July 19, 2024, systems crash that caused global outages.. The incident is attributed to a combination of security vulnerabilities and process gaps. The root cause analysis highlighted several factors contributing to the Falcon EDR sensor crash. These included a mismatch between inputs validated by a Content Validator and those provided to a Content Interpreter, an out-of-bounds read issue in the Content Interpreter, and the absence of a specific test. CrowdStrike pledged to collaborate with Microsoft to ensure secure and reliable access to the Windows kernel. CrowdStrike explained that sensors receiving the new version of Channel File 291, which contained problematic content, were exposed to an out-of-bounds read issue in the Content Interpreter. When the operating system sent the next IPC notification, the new IPC Template Instances were evaluated, requiring a comparison against the 21st input value, while the Content Interpreter expected only 20 values. This discrepancy caused an out-of-bounds memory read, leading to a system crash. Although the issue with Channel File 291 can no longer occur, it has prompted CrowdStrike to implement process improvements and mitigation steps to enhance resilience.