JON AMATO , SENIOR DIRECTOR ANALYST , GARTNER

A component of the Crowdstrike agent , csagent . sys was released , at some unspecified point in the past that failed to gracefully reject input that was corrupt . This error was not discovered in pre-deployment testing , and may not have been obvious at all at the time it was released .

On Friday 19th July , a second component , called a channel file , was corrupted . The CSAgent . sys component would attempt to read that file , fail to do so , and crash as a result . That is the high-level explanation of what we think happened . One could easily speculate that something may have broken down in the pre-release quality testing process at Crowdstrike .

ALOIS REITBAUER , CHIEF AI STRATEGIST , DYNATRACE

Given the increasing complexity of software , all software developers and organisations are susceptible to outages . When outages do occur , organisations need the capability to pinpoint root cause and remediate immediately . AI-driven approaches have

Mark Grindey , CEO Zeus Cloud incident or cyber-attack and this manual intervention required to get back up and running opens the door for other potential security risks and vulnerabilities .

Jon Amato , Senior Director Analyst , Gartner

IT managers need to understand that security software is there to manage cybersecurity risks , but it itself presents a risk to operations like any other software . I would recommend having very specific quality testing requirements for any largescale piece of enterprise software they intend to deploy .

Alois Reitbauer , Chief AI Strategist , Dynatrace become essential for complex IT operations to deploy as manual processes cannot keep up .

MARK GRINDEY , CEO ZEUS CLOUD

It is clear that adequate testing for updates should be done in a safe environment before issuing them company-wide . Companies should never have auto-updates set in a live environment and always test an update in a safe environment before releasing it live to minimise potential risks . This global outage highlights the need for businesses to not blindly trust their suppliers when it comes to updates before testing first .

The only fix now is to reboot in safe mode and remove the erroneous file ; unfortunately , this cannot be done remotely . It could so easily have been a security

KEVIN REED , CHIEF INFORMATION SECURITY OFFICER , ACRONIS

The recent CrowdStrike outage appears to stem from a bug in their EDR agent , which was unfortunately not thoroughly tested . This resulted in widespread disruption as many installations were affected globally .

Kevin Reed , Chief Information Security Officer , Acronis

42 www . intelligenttechchannels . com