New
July 22, 2024

Three Lessons if you are “CrowdStruck” and even if you aren't

As the industry recovers from being “Crowd-struck”, it is clear the cost borne by businesses is in the billions as business applications are impacted by a dependency-chain reaction.

CrowdStrike Outage: On July 19, 2024, a faulty update from CrowdStrike blue-screened 8.5 million Windows devices. With its large installed base of more than 25,000 customers, the business shockwaves are significant - from serious impacts like thousands of flights canceled, 911 offline, hospitals canceling surgeries, DMV offices not issuing licenses, to inconveniences like not being able to order your coffee before you arrived at Starbucks. Microsoft and CrowdStrike have put in a major effort to undo the damage and we are all grateful.

Business Impact: The impact of this outage will be billions of dollars - and will be estimated over time. This cost is borne by organizations whose applications run on Windows devices protected by CrowdStrike. These applications are down not because of what is in the application these organizations built, but what’s around the application when deployed. The CrowdStrike incident highlights that your business does not just run on the applications you build and deploy but also depends on other vendors’ software your applications cooperate and interact with.

Software Supply Chain Implications: Top 3 takeaways from the CrowdStrike incident

  • The software you Build has a direct runtime dependency on the software you did not build:  The business application deployed by these organizations had a dependency on Microsoft Windows which they do not create but deployed. A change in Windows may break your application if it affects one of the services your application depends on. The same lesson extends to the virtual and container images your business applications run on in the cloud. Both the Build-time call-graph and the Run-time call-graph of your application are critical to ensuring that your business application continues to run your business even as software supply chain evolves.
  • The software you Buy and its “independent updates” are not truly independent: We deploy security software, application performance management tools, and management agents along with our business applications. In this case, CrowdStrike Falcon agents were installed on devices and acontent update to this agent impacted a common runtime dependency chain. Understanding the security posture and the behavior of the software you buy and its interactions with the software you build is key., Essentially, on Windows devices, virtual images, and containers,the runtime call graph of all deployed software is important. Updates - even those tagged as “Content” - need to be managed as they are not truly independent regardless of vendor claims.
  • Your Application’s Dependency Chain includes the Software you Build, the Software you Source, and the Software you Buy: These three sets of software interact with each other in deep complicated ways and frequently co-operate and are co-deployed. They may interact in a single machine or across multiple machines. Understanding and managing these dependencies is critical for your business - lest you be “Crowd-Struck” and your business loses millions.

The widespread impact of the CrowdStrike outage underscores how deeply intertwined the Software we Build is with the Software we Source and the Software we Buy. Business rely on these diverse technologies to work together seamlessly while building and running. Assembling them and Updating them also requires coordination. Effective management and coordination of these components, whether they are on a Windows PC, a Virtual Machine, or a Container, are crucial. The component-level call graph represents our dependency chain and; therefore, our software supply chain.

Lineaje builds products that assess all your software: Software you build, Software you Source, Software you Buy, and Software you Sell. And because we know ALL software, we generate detailed dependency graphs of their interactions.

In this complex, interconnected digital world, managing these dependencies is essential, and the Lineaje portfolio is designed to address these needs through a central, integrated platform.

Lineaje Products:

Meet us at The Software Supply Chain Security Summit or at Booth SC212 at Black Hat

Products
SBOM360SBOM360 HubThird Party Risk ManagerOpen Source ManagerLineaje AI
cOMPANY
About UsContact Us
rESOURCES
BlogChart of the WeekSoftware Supply Chain Security SummitFeatureHubLearning CenterNews & CoverageCompliance
© 2024 Lineaje Inc
Terms & Conditions
Privacy Policy