On July 19, 2024, an update to CrowdStrike software on Windows hosts caused a significant global IT outage. Although this was not a cyberattack, the effects were similarly disruptive. Reports say that airlines including Delta, American, RyanAir, and United Airlines are grounding flights due to communications issues related to the outage. Some electronic payment systems are down, preventing people from buying groceries.
What is CrowdStrike, and what happened?
CrowdStrike is renowned for its cybersecurity solutions, specializing in detecting and preventing security breaches. CrowdStrike’s Falcon platform provides antivirus protection, endpoint security, threat detection, and real-time monitoring. CrowdStrike is widely viewed as one of the best security companies in the world, and the company’s valuation currently stands at over $83 billion.
Like other “endpoint detection and response” (EDR) systems, the CrowdStrike Falcon product relies on a host-based security agent. And, like all agent-based security systems, the CrowdStrike agent occasionally requires an update.
On July 19, a routine update of the CrowdStrike agent caused the underlying Windows operating system to enter a boot loop, otherwise known as the Windows “blue screen of death.” This faulty update caused Windows-based systems using CrowdStrike agent to go offline en masse.
Although CrowdStrike has issued a fix, resolving the issue will take time because IT administrators may require physical access to the Windows computers to restore functionality. The recovery timeline will therefore vary based on the size and resources of the affected organization’s IT team.
To some extent, this type of thing is to be expected. It is not the first time that a bad security agent has caused a massive outage. A quick review of history shows that similar things have happened to McAfee (2010 and again in 2020), Bitdefender (2010), Avira (2012), Norton (2012), Kaspersky (2016), Webroot (2017), Sophos (2020), and Microsoft (2021).
What does this outage have to do with enterprise IoT?
Just like traditional computers, IoT devices need to be secured from cyber attack, and they need to be monitored. This can be done by using an onboard agent, or by using the network, or a combination of the two.
Historically, agents have not been a popular choice for securing enterprise IoT devices for two reasons: First, agents require a huge amount of system resources, which raises the cost of goods for the IoT device and can quickly render an IoT project uneconomical. Second, the impact of an agent interfering with the operation of an IoT device can be disastrous.
By their nature, IoT devices interact with the physical world. They operate in industrial environments, healthcare, transportation, etc. When an IoT device malfunctions, the consequence could be an explosion at a power plant, an accident with an automobile, or the improper dosage of medication into a human body.
Thus, the perspective of someone managing an operational environment is quite different than someone managing an IT environment. Change is the enemy in operational environments, because any change (such as a software update) can cause an outage, which can have serious repercussions. But in an IT environment, the emphasis is to patch often and to patch quickly.
Network-based security systems are thus the preferred approach for enterprises that need highly reliable (and economical) IoT or OT systems.
Optimum security for enterprise IoT systems
Aeris IoT Watchtower™ is a network-based security system for cellular-connected IoT devices. Unlike agent-based systems, it doesn’t consume system resources or risk interfering with IoT operations, making it ideal for critical environments like industrial, healthcare, and transportation. Aeris IoT Watchtower offers real-time visibility, AI-based anomaly detection, granular Zero Trust policies, and automated threat blocking, ensuring robust and reliable IoT security without the drawbacks of traditional agent-based approaches.
This network-based approach is crucial for maintaining the integrity and functionality of IoT devices, avoiding the potential disruptions seen with agent-based systems. Aeris IoT Watchtower’s inline network security ensures seamless protection and operational stability.
To learn more about Aeris IoT Watchtower, please visit us at www.aeris.com to schedule a brief demonstration of how our inline network security solutions protect millions of devices globally every day.
