So let's imagine that it has to be updated manually. New threat appears and since it takes a while to manually update it means bad actors can act on it meanwhile, causing a similar or even worse disruption since it could have far more severe impact, because of the bad intents.
"Immediate across the fleet" and "Entirely manual process" are not the only two options. HN rules say we must assume good faith, but there are obviously options in between, and all of them stop the issue that happened on Friday.
Your argument is the 0.01% of cases should dictate the other 99.99%s actions?
I would pick automated testing and spread fleet deploys. There's no reason in any enterprise this should take more than 1-2 hours, which is a perfectly acceptable window of risk.
I'm not fully sure what you mean by 0.01% cases? Where did you get those percentages?
Businesses are under a constant barrage of cyber attacks, with goals to steal the data, encrypt it and then blackmail or sell all the data. Ransomware payouts exceeded $1 bil last year. And that doesn't include all the damage done besides the payouts.
Edit: Supposedly global cost of cybercrime is expected to reach $20 trillion+ by 2027.
How often do you think RCE vulerabilities are dropping on enterprise machines that already have vectors for security (firewalls, password policy, software install policy, etc)?
I understand cybercrime is real, however I highly doubt the amount of real time RCE exploits leaked into the wild executed within 2 hours is > 0.01% of the updates pushed by CrowdStrike.
This would require a deep dive into analyzing the importance of that specific update and all the other updates they do and at which frequencies and for which reasons. 2 leading causes for ransomware are social engineering and unpatched software which something like CrowdStrike should be able to secure against.
If there's a new pattern of social engineering/phishing attack it might be a question of hours to be able to respond to that and identify those specific patterns. Or just every minute will mean that more companies and machines will be compromised if there's a mass phishing campaign going on.
If you need to have automatic updates then you need to apply risk analyses of what would happen if that system fails.
A typical solution would be to have two machines, one with the automatic updates and a second one without automatic updates that jumps in in case the first one breaks down.
>A typical solution would be to have two machines, one with the automatic updates and a second one without automatic updates that jumps in in case the first one breaks down.
Great, now the other one is still vulnerable and hackers can still steal information from it.
The proper solution is a hardened machine build for critical systems that doesn't have internet access, disabled USB, attachments blocked in email, etc.
However that isn't popular and most orgs would prefer a day of downtime from this type of outage vs the hassle and cost of doing it right.
Would that be better?