An incorrect update of CrowdStrike’s endpoint detection and response solution has affected Windows devices around the world, showing corporate users the “blue screen of death”. Kaspersky believes this incident could have been avoided.
“Avoiding this situation should have been straightforward. First, the update shouldn’t have been released on a Friday as per a rule that’s been known to all in the industry since the year dot: if an error occurs, there’s too little time to fix it before the weekend so the system administrators at all companies affected need to work over the weekend to fix things,” according to Kaspersky’s latest blog.
“It’s important to be as responsible as possible about the quality of updates released. We, at Kaspersky, launched a program back in 2009 to prevent mass failures such as this and passed an SOC 2 audit, which confirms the security of our internal processes. For 15 years now, every update has been subjected to multi-level performance testing on various configurations and operating system versions. This allows us to identify potential problems in advance and resolve them on the spot.”
Kaspersky says the principle of granular releases should be followed: updates should be distributed gradually; not all at once to all customers. “This approach allows us to react instantly and stop an update if necessary. If our users have a problem, we register it and its solution becomes a priority at all levels of the company.”
As with cybersecurity incidents, in addition to fixing the visible damage, it’s crucial to find the root cause to avoid repeating these incidents, advises Kaspersky. It’s necessary to check software updates on test infrastructure for operability and errors before integration into the company’s “combat” infrastructure – and changes should be implemented gradually with continual monitoring for potential failures.