CrowdStrike's Kernel Issue and ITS's Superior Approach to MDR/EDR

What Happened with Crowdstrike?

Recently, Crowdstrike faced a significant issue due to a faulty update that caused widespread crashes on Windows systems. The problem originated from an update that their Falcon sensor received, leading to an out-of-bounds memory read. This type of error happens when a program tries to access parts of the computer’s memory it shouldn’t, causing affected systems to crash repeatedly (SiliconANGLE) (SC Media)

The incident had a massive impact globally, disrupting operations in hospitals, airports, and various businesses. For instance, airports like JFK and LaGuardia in the U.S. experienced grounded flights, and numerous hospitals faced operational issues (BleepingComputer). Crowdstrike has since issued a fix and promised to improve their update validation processes to prevent such occurrences in the future (SiliconANGLE).

ITS's Holistic Approach to MDR/EDR

Intelligent Technical Solutions (ITS) offers a more reliable and comprehensive solution for Managed Detection and Response (MDR) and Endpoint Detection and Response (EDR). ITS's approach is designed to avoid the pitfalls that Crowdstrike encountered, ensuring stability and security for its clients. Here’s how ITS achieves this:

1. Thorough Testing and Validation: ITS performs extensive testing of all updates and system changes. This includes simulating potential failure scenarios to ensure that any issues can be detected and resolved before updates are deployed to clients. Unlike Crowdstrike's Content Validator, ITS uses multiple layers of testing, including fault injection, to ensure robustness.
2. Automatic Rollback Features: ITS systems are equipped with automatic rollback mechanisms. In case an update causes instability, the system can revert to the previous stable state without manual intervention, minimizing downtime and disruption.
3. Proactive Monitoring and Real-Time Analytics: Continuous monitoring allows ITS to detect anomalies and potential issues early. Real-time analytics help in identifying threats and performance issues, enabling quick and effective responses.
4. Gradual Rollout of Updates: Instead of deploying updates to the entire client base simultaneously, ITS uses a phased approach. Updates are first released to a small group of devices (canary deployment). This allows ITS to monitor the update’s impact and catch any issues before a broader rollout.
5. Client-Centric Communication: ITS ensures transparent and timely communication with clients. This includes informing them about upcoming updates, potential impacts, and providing support during and after the update process.

For further reading on Crowdstrike’s recent issues, you can visit the original Forbes article.