Crowdstrike Update – 7/25/24

At approximately 12:09 EST on July 19, Crowdstrike released a sensor configuration update that caused outages of approximately 8.5 million Windows devices globally. 5ironCyber has numerous clients using the Crowdstrike Falcon EDR platform.

By 2:30 am EST, the 5ironCyber team notified clients directly affected by the outage and worked through the night to help them remediate affected machines. Working together, 5iron and our clients prioritized critical systems needed for operations, bringing those systems online before the start of business on Friday. As a result, all 5ironCyber clients were operational at the start of the day on Friday, although some were affected by outages at upstream vendors. 

During this global outage, timing was the key to success. Many companies reported further impact because they were unaware of the issue until they realized their systems were down at the start of the business day. 

Once the outage was identified and remediation tasks were defined, the time needed to complete those tasks became the limiting factor. The sooner these processes could be started, the better. Our clients were notified in under 140 minutes and given specific information about affected systems, along with instructions on how to recover them. As a result, these organizations had an additional five to eight hours during non-production hours to address the outage.

After Action

Crowdstrike has released a Preliminary Post Incident Review which outlines the timeline of the event and their initial determination of root cause.

https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/

We are continuing to monitor Crowdstrike’s response and will provide further updates as needed.