On Friday July 19th at 04:09 UTC (11:09 EST, 8:09PM PST Thursday July 18th) CrowdStrike pushed out an “update” heard round the world. This “update” consisted of a routine push of a sensor configuration file, called a channel update file. The configuration update includes changes to the behavioral analysis engine and other updates to how the Flacon Engine operates while it provides protection. This is nothing new and happens often with many EDR engines that are either ML based, or which contain behavior models. The problem this time is that there was a “logic error” in a file (C-00000291-.sys). This caused the agent to crash during the boot process. This logic flaw impacted roughly 8.5 million systems before CrowdStrike was able to correct the issue and replace the file.

As someone who has recently started their own business, the title of this article is one that I have seen in different formats in multiple courses, videos, webinars, etc. (I will just refer to them as courses moving forward) on what to do to get your business going. These courses talk about very important things when it comes to starting, funding, and running a business. A topic that is rarely covered (with a few exceptions) is how to properly protect and govern your business systems and client data. This omission has become more and more evident to me as I work with small businesses, especially when trying to help them navigate through a security incident. So, let’s see if I can add some information into the standard “start-up” process.

There is a bit of a tongue-in-cheek theory which states that politicians will often expend a lot of energy to appear to be going to great lengths to address a problem while actually doing very little to solve it. While this might bring a chuckle to some when mentioned, there are times when it seems sadly accurate. Some of the times are when we hear political talking heads discussing a complex and nuanced problem stampede towards a “ban” on something. There are examples of this throughout history and they keep popping up in modern times. A recent example is the “ban” on Kaspersky. On the surface the move is portrayed as a national security move due to perceived connections with the Russian Government. However, considering this is not the first time this has been talked about, I have to wonder if that is really what is going on.

Security by Obscurity has been and still is something that many smaller organizations practice. There is a good reason for this as many smaller businesses believe they cannot afford all the tools and staff they have been told they need. As a consultant in the SMB space, I hear this a lot during client calls, and it can be disappointing to hear what some organizations believe they must have to be more secure…. However, that is not the point of this article, so I won’t belabor that point. Instead, let’s pivot to how the current target rich environment (for attackers) might be making security by obscurity less helpful.