Reflections on CrowdStrike: Friends, Romans, Countrymen

by Gadi Evron

8 August 2024

Friends are those whose weekend is gone. Whose coming month is gone. Those who will go computer by computer and try to bring the world back online. My heart is with them, in the trenches.

Friends

Then, what of those who had to submit their Ph.D. and its now gone. Or those who just wanted to chat with their grandma today, perhaps for the last time? Or the grandma whose only interest in passing the day is watching a show?

This is about the real basics, and why we’re in cybersecurity to begin with.

Romans

Romans are those who fight about platform vs. best-of-breed. Our biggest lesson from the 90s is actually about monoculture - running the same software everywhere, making us vulnerable to a single attack or failure.

Where infrastructure is concerned, our risk assessment can’t allow that route any longer. We can’t all go down because of one bug. We can’t all run the same software - not always.

The pendulum in 2024 shifted to platforms and ease of management. We must assess infrastructure risk to include catastrophic failures - just like multi-cloud became a much bigger risk after the first major AWS outage.

Countrymen

Countrymen are those who look at GDP and see how much wealth one software bug has wiped out, and how we as software vendors and buyers have a personal responsibility for more than just code.

We should be accountable to bugs, under reasonable regulation. The washing machine manufacturer is.
And yet… This kind of thing happens. It just does.

Am I happy with it? No.

Incident Response: CrowdStrike's Defining Measure

Would CrowdStrike be measured by how they respond to the incident, as opposed to just its impact? Absolutely - a lesson they know well as a company dealing with incident response crisis daily. The main lesson I had when I wrote the post-mortem for the first Internet war (Estonia, 2007).

Reflections on CrowdStrike

Facing Challenges: The Power of Collective Response

All I can do for now is stare at the attached picture below, and remember that FUD aside - when shizzle hits the fan, people get together and fix it. The sun will rise tomorrow, and business will go on.

Shifting Focus: Lessons for Buyers Beyond FUD

So, instead of FUD I suggest that we focus on what buyers can do differently to learn from the Crowdstike incident, regardless of whether the organization was hit by it or not.