Crowdstrike – While widely known by security experts, the sheer impact of such an update was made painfully clear to the average person, affecting countless businesses and organisations in every sector.

With airlines to healthcare, and financial services to government being affected, the impacts on people were felt far and wide, with banking apps out of action and hospitals having to cancel non-urgent surgeries.

Yet a year on from the global IT outage, have businesses really learned anything? Recent outages for banks and major service providers would suggest otherwise.

Although not every outage can be avoided, there are a few key things businesses should remember.

Eileen Haggerty area vice president, product & solutions at NETSCOUT, gives her biggest takeaways from the Crowdstrike outage and how organisations can avoid the same happening again:

“If nothing else, businesses should ensure they have the visibility they need to pre-empt issues stemming from software updates. Realistically, they need complete, round-the-clock monitoring of their networks and entire IT environment. With this visibility, and by carrying out maintenance checks and regular updates, organisations can mitigate the risk of unexpected downtime and, in turn, prevent financial and reputational losses.

“Securing a network and assuring consistent performance isn’t just about deploying defences; it’s about anticipating every move.

That’s why a best practice for IT teams could include conducting proactive synthetic tests which simulate real traffic, long before a single customer encounters a frustrating lag or a critical function fails.

Conducting these tests provides organisations with the vital foresight they need to anticipate issues before they even have a chance to materialise.

This step, combined with proactive real-time traffic monitoring provides vital details necessary when facing a security incident, major industry outage, or a local corporate issue, enabling the appropriate response with evidence as fast as possible.

“While outages like last year’s are a harsh lesson for businesses, they also present an invaluable learning opportunity. Truly resilient organisations will turn the disruption they experienced into a powerful data source and a blueprint for performance assurance and cyber resilience. This means leveraging advanced visibility tools to conduct deeply informative post-mortems. By building a rich, detailed repository of information from every previous incident, organisations aren’t just documenting history; establishing best practice policies; they’re actively future-proofing their operations, ensuring they can anticipate and navigate any potential challenges – before they become an issue for customers.”

• Major banks, media, airports and airlines affected by major major glitch 
• Microsoft says it is ‘investigating’ problem
• Cyber security software linked with outage
• Complicated workaround found
• A worldwide Microsoft Windows glitch has taken much of the world’s infrastructure offline.
• Payment systems impacted in different parts of the world, including Australia and the UK.
• Australia’s government calls for emergency meeting
• Significant disruption to some Microsoft services
• 911 services disrupted in several US states including Alaska, Arizona, Indiana, Minnesota, New Hampshire and Ohio.
• Services at London Stock Exchange disrupted
• Sky News is off air
• Reports the issue relates to problem at global cybersecurity firm Crowdstrike

Everything from banks and payment companies to airlines and train companies said that they would see delays and technical issues following a major IT glitch traced to Microsoft.

Microsoft 365 said that it was investigating the problem and “continue to take mitigation actions”.

Some cancer radiotherapy appointments rescheduled due to IT glitch

For instance, Royal Surrey NHS Foundation Trust said on Friday morning that radiotherapy treatments at their hospitals had been impacted by the outage.

They have declared a critical incident, saying that they are “currently unable to deliver our scheduled radiotherapy treatments”.

A spokesperson added: “This issue has affected Varian, the IT system we use to deliver radiotherapy treatments. We have contacted our patients who were due to have radiotherapy this morning to reschedule appointments while we work to fix these issues.”

British Airways says some flights might be disrupted

British Airways says that “some” flights might be disrupted and advises people to check their flight status.

“Due to the widely-reported global Microsoft IT outage, some of our flights may experience disruption today. Our teams are working hard to manage the impact of this issue as quickly as possible.

“Please visit our flight status page for the most up-to-date information on your flight. We apologise for any potential impact to your travel plans.

“If you have a connecting flight as part of the same ticket and there’s a chance you may miss your connection, we’ll automatically rebook your onward journey. Please check Manage My Booking.

“Our call centres are also experiencing issues. We’ve introduced greater flexibility on ba.com for customers travelling today on our short-haul network. This flexibility will enable you to make changes to your booking via Manage My Booking free of charge.

“Thank you for your patience and understanding.”

CrowdStrike finally speaks out about problem

George Kurtz, CrowdStrike’s president and chief executive, has finally addressed the issue. He says that it is not a cyber attack, and that a fix has been deployed for the issue.

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted,” he wrote.

“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.

“We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels.

“Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”

GPs and pharmacies hit by global IT outage disrupting appointment bookings and prescriptions

The problems have hit GPs and pharmacies, the NHS has said. The full story is here.

Train companies apologise and say they are working to fix problems

Rail firms across the UK have been hit by the outage. The Rail Delivery Group, representing train operators, said in a statement: “Train operators have been affected by ongoing global IT issues which may result in some short notice service changes and cancellations, also impacting real-time information screens and services at stations. We are sorry for any customers experiencing disruption to their journeys today; staff are working hard to resolve the issues as soon as possible.

“Most trains are still running across the country and rail staff will be able to provide the latest information to customers in person. You can also visit the National Rail Enquiries website for the latest updates.”

Father of the internet had warned about the ‘fragility’ of our online systems

In what now appears a very prescient warning, father of the internet Vint Cerf had warned only this week that the internet was fragile. That was among his many warnings about the threats his creation faces as it reaches its 50th birthday.

Problem does not appear to be a ‘mega cyber attack’, expert says

Dan Card, of BCS, The Chartered Institute for IT and a cyber security expert said: “People should remain calm whilst organisations respond to this global issue. It’s affecting a very wide range of services from banks to stores to air travel.

“It looks like a bug to a regular security update, rather than any form of ‘mega cyber attack’, but this is still causing worldwide challenges and is likely to require a large number of people to make manual remedial steps

“Companies should make sure their IT teams are well supported as it will be a difficult and highly stressful  weekend for them as they help customers of all kinds. People often forget the people that are running around fixing things.”

US secretary of transportation speaks:

Peter Buttigieg, the US secretary of transportation, posted overnight to say that his department will hold all airlines ‘to their responsibilities to meet the needs of passengers’.

These processors are an innovative enhancement in data centre computing, built with industry-leading performance, energy efficiency, and advanced capabilities for Google Cloud customers.

Google Axion Processors were built with a focus on addressing challenges such as information retrieval, global video distribution, and generative AI.

Google has invested heavily in custom silicon technology and the Axion Processors are designed specifically for the data centre.

Axion Processors are the latest addition to Google’s portfolio of custom silicon solutions, which includes Tensor Processing Units (TPU) and Video Coding Units (VCU).

These processors are built on the Arm Neoverse V2 CPU architecture, delivering commendable performance for a wide range of workloads, including web and app servers, containerized microservices, open-source databases, and CPU-based AI training.

What sets Axion apart is its outstanding performance and energy efficiency. Google says that Axion processors offer up to 30% better performance than existing Arm-based instances in the cloud, and up to 50% better performance and 60% better energy efficiency than comparable x86-based instances.

This improvement in performance and efficiency will bolster the capabilities of Google Cloud customers, enabling them to achieve new levels of performance, reduce infrastructure costs, and meet sustainability goals.

Axion Processors are underpinned by Titanium, a system of purpose-built custom silicon microcontrollers and tiered scale-out offloads.

This architecture optimizes platform operations such as networking and security, ensuring enhanced performance and efficiency for customer workloads.

Additionally, Axion processors leverage Hyperdisk, a new block storage service that decouples performance from instance size, further enhancing efficiency and scalability.

Google’s collaboration with Arm and industry partners has been very important in the development of Axion Processors.

These processors are built on the standard Armv9 architecture and instruction set, ensuring out-of-the-box application compatibility and interoperability.

Google has contributed to the SystemReady Virtual Environment (VE), Arm’s hardware and firmware interoperability standard, making it easier for customers to deploy Arm workloads on Google Cloud with minimal code rewrites.

The announcement of Axion Processors has garnered excitement and anticipation from Google Cloud customers and partners worldwide.

Industry leaders such as Broadcom, CrowdStrike, Cybereason, Datadog, Elastic, OpenX, Snap, and WP Engine have affirmed optimism for testing Axion-based virtual machines and exploring the potential performance and sustainability gains.

While details about availability and pricing haven’t been disclosed yet, Axion is expected to be available to Google Cloud customers later this year.

[Featured Image Credit]

“We believe Gartner recognized Sophos again, due to our market-leading and flagship EPP solution, a Leader in this Magic Quadrant because we are consistently innovating our protection-first technologies to defeat current and changing cyberattacks,” said Raja Patel, chief product officer at Sophos. “Security vendors cannot stay static. There’s too much at stake. Adversaries will always look for the easiest and newest ways to avoid detection or take advantage of misconfigurations and other security gaps to reach their endgame. That’s why we always prioritize adaptive and preventative EPP defenses for our customers.”

Sophos Intercept X defends more than 300,000 organizations from ransomware, exploited software vulnerabilities and other modern cyberattacks, and leverages deep learning artificial intelligence (AI) to enhance protections.

Intercept X includes the industry-first Adaptive Attack Protection, which automatically disrupts in-progress attacks and dynamically puts “shields up” to give defenders valuable additional time to respond to an intrusion.

The Account Health Check capability also identifies security posture drift and misconfigurations, and provides the ability to remediate these issues with one click.

Sophos Intercept X with Extended Detection and Response (XDR) integrates telemetry sources from numerous technology and security providers, including Microsoft, Amazon Web Services (AWS), Google, CrowdStrike, Palo Alto Networks, Cisco Systems, Fortinet, Check Point, Duo, Proofpoint, Darktrace, and many others, through the Sophos Marketplace.

Enhanced security operations and analyst workflow and case management features collate redundant alerts, offer complete visibility from a single console and reduce workloads with automated responses.

Already this year, Sophos was named a Customers’ Choice in the Gartner Peer Insights Voice of the Customer for Endpoint Protection Platforms (EPP) report. Sophos was the only vendor recognized as a Customer’s Choice across EPP, managed detection and response (MDR), network firewalls, and mobile threat defense.

Like Intercept X, Sophos MDR is recognized and is the most reviewed MDR solution on Gartner Peer Insights and G2.

As the most widely used MDR offering with more than 19,000 customers, Sophos MDR is the only MDR service that can be delivered across end users’ existing third-party security deployments as well as Sophos offerings.

Managed in the cloud-native Sophos Central platform, Sophos’ portfolio solutions are part of the Sophos Adaptive Cybersecurity Ecosystem, where security data is collected, correlated and enriched with additional context to enable automatic and synchronized responses to active threats.

This platform is further optimized by Sophos X-Ops’ real-time and historical threat intelligence and expertise.

=====

Sophos, a global leader in innovating and delivering cybersecurity as a service, has announced the general availability of Sophos Managed Detection and Response (MDR) with new industry-first threat detection and response capabilities.

Sophos is the first endpoint security provider to integrate vendor agnostic telemetry from third-party security technologies into its MDR offering, providing unprecedented visibility and detection across diverse operating environments. Sophos also introduced the Sophos Marketplace and $1 million Sophos Breach Protection Warranty.

The need for MDR services and specialized defenders has never been greater, as shown in today’s new research, “LockBit 3.0 ‘Black’ Attacks and Leaks Reveal Wormable Capabilities and Tooling,” from Sophos X-Ops, the company’s cross-domain threat intelligence unit. The research analyzes tactics, techniques and procedures (TTPs) used by LockBit, one of today’s most prolific ransomware gangs, that are similar to BlackMatter, and explains how the latest version of the ransomware, LockBit 3.0, adds wormable capabilities and uses legitimate pentesting tools to evade detection.

In a second article, “Detection Tools and Human Analysis Lead to a Security Non-Event,” Sophos X-Ops details a recent Sophos MDR use case involving credential theft, another technique that allows adversaries to impersonate legitimate users. In this case, the Sophos MDR team combined its threat hunting intelligence with information from the customer’s third-party security appliance to thwart an attack.

“The only way to reliably detect and neutralize determined attackers who increasingly combine the use of pentesting tools, stolen credentials and other stealthy tactics to maneuver undetected is with 24×7 eyes on glass, operating on signals from a diversity of event sources and employing actionable threat intelligence into real-time attacker behaviors,” said Joe Levy, chief technology and product officer at Sophos. “Organizations are struggling to keep pace with well-funded adversaries who are continuously innovating and industrializing their ability to evade defensive technologies alone. Sophos MDR can discover and intercept these steps before they result in a data breach, ransomware or other type of costly compromise. Sadly, ransomware persists as one of the greatest cybercrime threats to organizations, as evidenced in the Sophos 2023 Threat Report. We’re raising the industry standard for how critical MDR services can be delivered to broaden visibility for better, faster detection and response.”

Industry-First Detection and Response and the New Sophos Marketplace

Sophos is the first leading endpoint security provider delivering MDR across both its own product portfolio as well as end users’ existing security deployments.

To support this effort, Sophos launched the Sophos Marketplace, an open ecosystem of more than 75 technology integrations, including Amazon Web Services (AWS), Check Point, CrowdStrike, Darktrace, Fortinet, Google, Microsoft, Okta, Palo Alto Networks, Rapid7, and many others.

Expanded visibility across these integrations and diverse operating environments enables Sophos MDR experts to better detect and remediate attacks with speed and precision, regardless of customers’ existing security solutions.

In addition to Sophos MDR, Sophos Marketplace provides third-party integrations for Sophos’ portfolio of services, products and technologies.

Telemetry is automatically consolidated, correlated and prioritized with insights from the Sophos Adaptive Cybersecurity Ecosystem and the Sophos X-Ops threat intelligence unit. 

Extended Protection Warranty

Sophos stands behind its MDR customers with the new Sophos Breach Protection Warranty that covers up to $1 million in response expenses for organizations protected by Sophos MDR Complete, Sophos’ most comprehensive MDR offering.

Underwritten solely by Sophos, the warranty covers endpoints – both Windows and Mac devices – and servers, and unlike competitive offerings, there are no warranty tiers or duration limitations for active customers.

This Sophos Breach Protection Warranty is automatically included with all purchases and renewals of Sophos MDR Complete annual subscriptions through Sophos’ global reseller partner network.

Availability

More than 13,000 organizations already rely on Sophos’ existing MDR service for 24/7 threat hunting, detection and response by an expert team as a fully-managed service.

The newest offering with third party integration capabilities is available now, and the service is customizable with different tiers and threat response options, enabling customers to choose whether to have the Sophos MDR operations team execute full-scale incident response, provide collaborative assistance for confirmed threats, or deliver detailed alert notifications for their security operations teams to manage themselves.

Learn More About

• The Sophos Marketplace, which provides integrations for the entire Sophos portfolio, including Sophos MDR, Sophos Central, Sophos Factory, and Sophos Cloud Optix
• The Sophos Breach Protection Warranty
• The threat landscape and trends likely to impact cybersecurity in the 2023 Threat Report
• Sophos X-Ops and its groundbreaking threat research by subscribing to the Sophos X-Ops blogs
• Attacker dwell times and insights into tactics, techniques and procedures (TTPs) in Sophos’ Active Adversary Playbook 2022
• The global prevalence and impact of ransomware in the State of Ransomware 2022 report

• Ransomware by name in the Ransomware Threat Intelligence Center