Risky Business Wide World of Cyber: Why we should show CrowdStrike no mercy
15 snips
Jul 30, 2024 
Chris Krebs, a former government cybersecurity official, and Alex Stamos, a prominent security expert, dive deep into the fallout from a recent incident involving CrowdStrike. They highlight the critical operational failures that led to widespread issues like blue screens. The discussion shifts to the evolving landscape of antivirus software and the importance of rigorous testing practices. They also scrutinize Microsoft's role and the urgent need for enhanced accountability and transparent security measures in the tech industry to rebuild trust.
AI Snips
Chapters
Transcript
Episode notes
Kernel Architecture Increased Risk
- CrowdStrike's kernel-heavy architecture made the outage possible and was a deliberate engineering choice.
- Alex Stamos says this was preventable and not something that 'could happen to anybody.'
Minimize Kernel Logic
- Keep minimal logic in the kernel and push parsing, ML and rules into user mode with well-tested IPC.
- Design kernel modules to tap only required APIs and test the kernel/user boundary extensively.
Test And Stagger Content Updates
- Run thousands of dynamic tests on real VMs and real hardware, dogfood updates, then roll out incrementally with telemetry gating.
- Automatically stop deployment if metrics don't meet thresholds before wide release.