Microsoft’s Resiliency Advice Post-CrowdStrike

LISTEN ON:

This Week in IT, I look at Microsoft’s recently published security best practice advice following the CrowdStrike outage and how managed detection and response solutions fit into it.

Links and resources

Episode Overview

In this week’s IT news, the focus is on Microsoft’s security advice following the CrowdStrike incident and how Managed Detection and Response (MDR) solutions can be integrated into these practices.

  • Microsoft’s Security Advice Post-CrowdStrike Incident: Microsoft has shared best practice security advice to prevent or recover from incidents similar to the CrowdStrike issue, emphasizing business continuity planning, secure and frequent backups, and the ability to restore systems.
  • Deployment Rings and Staged Rollouts: Microsoft recommends using deployment rings or staggered rollouts for updates to minimize the risk of causing problems, suggesting that updates be deployed to a small subset of devices before wider distribution.
  • Cloud-Native Management Approach: Microsoft advises adopting a cloud-native management approach, such as using Microsoft Intune, to manage devices more efficiently, especially those that are remote or not on-premises.
  • CrowdStrike’s Update and Testing Process: CrowdStrike’s Rapid Response Content update caused issues by blue-screening Windows devices. They plan to improve their internal testing and deploy staggered rollouts for future updates.
  • Importance of Internal Testing and Deployment Rings: Organizations are encouraged to conduct their own internal testing using deployment rings to reduce risks, even if external testing and staggered rollouts are already in place.
  • Broader Security Best Practices: In addition to using MDR solutions, organizations should follow broader security best practices such as updating operating systems, patching applications, applying the principle of least privilege, and considering application whitelisting.