On September 10th, Microsoft met with government representatives and cybersecurity professionals at the Windows Endpoint Security Ecosystem Summit. The summit occurred nearly two months after a CrowdStrike outage caused Windows machines worldwide to crash. CrowdStrike did an in-house investigation to evaluate what happened, and Microsoft published an analysis soon afterward. While most in the IT security realm agree that the CrowdStrike outage was not Microsoft’s fault, many have asked whether the firm should permit security products to have kernel-level access.
Did You Know? Kernel-level access allows security products to operate at the deepest level, maximizing their efficacy. While Microsoft offered this access to CrowdStrike, Apple has denied similar access to partners due to security risks.
Improving Resiliency
Reports indicate that the summit went well. All attendees agreed on the need to enhance resiliency. They reached an overall consensus that there was a growing need for openly sharing data about how products function, how updates are processed, and how disruptions are handled.
The colleagues spoke about Microsoft’s secure deployment practices and discussed best practices in the business community, including sharing data, tools, and documented processes. The attendees agreed that when rolling out significant Windows updates, a common set of challenges – from strategizing measured rollouts with a diverse set of endpoints to pausing the rollout if necessary.
A Core SDP Principle was Ignored
A software-defined perimeter (SDP) is a method for hiding Internet-connected servers, routers, and networks so that external parties and attackers cannot see them. This principle applies whether the asset is hosted on-premise or in the cloud. A core SDP principle is the “gradual and staged deployment of updates sent to customers.”
However, CrowdStrike’s Rapid Response content did not use this protocol before the July incident. However, staged update deployment protocols are now in place.
Summit Focus: “Outside Of Kernel Mode”
The summit also explored new platform abilities that Microsoft plans to release for Windows shortly. For instance, Windows 11’s “improved security posture and security defaults enable the platform to provide more security capabilities to solution providers outside of kernel mode.”
Microsoft shared that partners and end users believe providing additional security capabilities outside kernel mode can still deliver highly available security solutions. They also stressed the importance of disaster recovery/ business continuity planning and having an incident response plan in place. Frequently backing up data securely remains one of the best ways to ensure rapid recovery.
Security Professionals Respond to the Summit
In general, security vendors have agreed with Microsoft’s plans since the summit. For example, ESET CyberSecurity representatives said the company “supports modifications to the Windows ecosystem that demonstrate measurable improvements to stability, on condition that any change must not weaken security, affect performance, or limit the choice of cybersecurity solutions.”
However, while congratulating Microsoft for holding the summit, partner Featurespace believes that accountability sits with vendors. “It is their updates after all — and they need to be held accountable.” The company highlighted the importance of appropriate testing and a more staggered rollout — two aspects conspicuously missing from the doomed CrowdStrike July update.
Still, most experts agree that kernel access remains necessary for these products to be developed and work efficiently. They point out that although the Crowdstrike incident was bad, events arising from kernel access are exceptionally rare.
Alliance IT works with Sarasota area SMBs to structure and implement robust security and recovery plans to protect their data – come what may. With the integration of end users, platforms, and third-party vendors into every network, taking a holistic approach is necessary. Call Alliance IT today to learn more about technical assessments, consulting and cloud services.