Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

One Faulty File: Global Disruption

As I write this, billions of users are looking at “the blue screen of death.” Flights are grounded around the world, 9-1-1 service is offline in the entire state of Alaska, hospitals can’t check in patients, retailers cannot make sales because their POS systems are down, Newark airport has reverted to paper tickets for check-in, and countless other organizations are at a standstill. This is the top story on every major news site I’ve checked. What could cause this carnage?

A Brief History of Graduality

In the early hours of July 19th, 2024, CrowdStrike endpoints on Windows machines worldwide received a faulty content update, causing what is shaping up to be the one of the largest global IT outages to date. All over the world reports of Windows workstations and servers stuck in a boot loop with a BSOD were pouring in, impacting airlines, airports, banks, hospitals and many other critical infrastructures such as emergency services call centers, and the list goes on.

CrowdStrike Outage: Short-Term Actions and Strategic Priorities for the Future

As most in the industry are aware, a defective content update to CrowdStrike’s Falcon Sensor for Windows led to a global cascade of system outages affecting critical industry sectors such as transportation, banking, healthcare, and public safety. Many enterprises and government agencies around the world are still actively managing their response to this incident.

Technical Fix for Global IT Outage - CrowdStrike and Microsoft Incident

Our team at Arctic Wolf has been following the CrowdStrike issue affecting Windows endpoints since approximately 12 AM EST on July 19th, 2024. Although Arctic Wolf’s service is not impacted, some of our customers who leverage CrowdStrike for endpoint security are experiencing widespread outages. Arctic Wolf continues to protect and monitor these customers’ environments while they focus their attention on recovering from this event.

How to Create a Cybersecurity Incident Response Plan: Guide for 2024

Few organizations know how to handle a cybersecurity incident properly and minimize its impact on the business. Having a well-designed incident response plan (IRP) in place can save your organization time and resources spent on incident remediation. We can help you build an efficient IRP. Read this post and create an IRP that fits your organization’s needs using the best practices from the NIST incident response planning framework.

Navigating On-Call Rotations for After-Hours IT Workers

The role of IT teams has expanded significantly as clients begin to expect seamless, 24/7 operations. To ensure uninterrupted services, many organizations rely on on-call rotations, which often lead to burnout, decreased productivity, and negative job satisfaction among engineers. Therefore, it is crucial for management to design equitable on-call rotations that foster a healthy work-life balance for after-hours engineers, thus improving their job satisfaction.

UEBA Superpowers: Simplify Incident Investigations to Increase SOC Efficiency

In an era marked by an increasing volume and sophistication of cyber threats, the efficiency of your SOC operations has become more important than ever. SOCs are flooded by a daily barrage of attacks and alerts, with a significant portion being false positives, leading to alert fatigue and the potential for genuine threats to slip through the cracks.

Inside the war room: Best practices learned from the Sumo Logic security incident

In November 2023, Sumo Logic experienced a security incident. While no one wants to be a victim of a cyberattack, and we certainly learned a lot about things that we can do better in the future, our team was lauded by customers and media alike for how we handled the situation underscoring the importance of a good incident response plan. One of the core values at Sumo Logic is that we’re in it with our customers. But more broadly speaking, we’re in it with the InfoSec community.