MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.
Issue link: https://digital.macdirectory.com/i/1525170
On July 19, the world suffered what many have described as the largest IT outage in history, when 8.5 million Windows computers crashed and wouldn’t restart. The cause was a bug triggered by an automatic update for a piece of software that until Friday nobody beyond cyber security nerds had heard of: CrowdStrike’s Falcon. Falcon is a type of software known as “endpoint detection and response”, or EDR for short. It’s somewhat like an anti-virus on steroids. When installed, Falcon monitors a computer for signs of cyber attacks. It can collect data about what files you open, what programs you run, what websites you visit, and so on. This makes it highly privileged software. When an employee accidentally opens a malicious email attachment, Falcon is watching – eternally vigilant. EDR programs are considered best practice, recommended by the Australian government’s chief cyber defence agency. Which means that in 2024, the best strategy that cyber security experts recommend involves software that spies on everything that happens on our computers. How did we get here, and is there a better way forward? The case for EDR CrowdStrike is a market leader in EDR, hence why so many systems went down late last week. And there are good reasons for recommending EDR technologies like Falcon. For individual organisations, they are invaluable for alerting IT security teams to signs of cyber intrusion. This helps IT teams to thwart an attacker before they can cause significant damage. In the case of more stealthy attacks, it helps flag suspicious behaviour that could point to a long-standing intrusion. The Medibank hack of 2022 is a good example. After initially gaining access, the hacker spent weeks inside Medibank’s networks undetected. Technologies like CrowdStrike’s Falcon also provide valuable intelligence about emerging cyber threats globally. Because its software is deployed in so many organisations around the world, CrowdStrike has a bird’s eye view that – at least in theory – allows it to identify patterns of malicious behaviour beyond what any individual organisation can see. For this reason, it’s also a leader in cyber threat intelligence, providing information to IT teams about what to look out for. If an organisation detects a cyber attack, data collected by EDR tools like Falcon can also help figure out exactly how the intrusion occurred. Again, the Medibank hack serves as a good example. Federal Court filings contain detailed information about the timeline of events that led to the hack, including how the initial intrusion occurred and what the attacker did once they gained access to Medibank’s networks. Without the omniscient view provided by surveillance tools like EDR, assembling this kind of information would be incredibly challenging. What are the downsides? In the wake of Friday’s outage, it’s worth questioning the downsides of EDR technologies. Many have already raised the obvious questions about our society’s dependence on too few global tech giants, and the risks of tech monocoltures. But we’ve known of these risks for over two decades. We likely can’t expect this incident to undo the monopolies that pervade technology markets.