Stamus-Networks-Blog

The CrowdStrike Incident: Why a Multi-Layered Defense is Essential for Cyber Resilience

Written by Stamus Networks Team | Jul 19, 2024 1:49:32 PM

The recent global outage caused by an update to CrowdStrike Falcon, CrowdStrike's endpoint detection and response (EDR) system, served as a stark reminder of the importance of a layered security approach to achieve and maintain cyber resilience in the face of external factors beyond your control.

With Windows machines worldwide locking up, businesses are facing significant disruptions and potential financial losses – not to mention, their security defenses are weakened. This incident highlights the downsides of relying on a single security tool – in this case, EDR systems, and the impact this approach can have not only on security but also business operations. It also demonstrates the value of taking a multi-layered approach – particularly combining EDR with non-intrusive network detection and response (NDR) solutions.

EDR: A Double-Edged Sword

EDR is undoubtedly a valuable tool in the cybersecurity arsenal. By focusing on individual devices, EDR can identify and isolate threats at the source. However, EDR's reliance on software agents installed on each endpoint creates a potential single point of failure. 

As seen in the CrowdStrike incident, a faulty update or conflict with other software can cripple an entire fleet of devices, causing widespread disruption.

NDR: The Silent Guardian

Network detection and response (NDR) offers a different approach to security. Instead of focusing on individual endpoints, NDR passively monitors network traffic, analyzing patterns and anomalies to detect threats. This non-intrusive approach means NDR operates in the background without impacting device performance or requiring software agents. Consequently, NDR is immune to the types of disruptions that plagued CrowdStrike's EDR solution.

The Benefits of a Layered Defense

EDR excels at identifying and containing threats on individual devices, while NDR provides a broader view of the network, detecting lateral movement and other sophisticated attacks that may bypass endpoint security. Together, EDR and NDR offer a more complete picture of the threat landscape, enabling organizations to respond more effectively to security events.

The CrowdStrike incident underscores the importance of a multi-layered security strategy. By combining EDR and NDR, businesses can create a comprehensive defense that covers both endpoints and network traffic. This layered approach provides redundancy and resilience, ensuring that a failure in one system does not leave the entire organization vulnerable. In short, it provides cyber resilience that keeps organizations protected, minimizes the risk of disruption and helps them get back to business faster.

Case Studies: NDR in Action

Here are several recent case studies that our team has encountered that demonstrate the power of NDR

Further Reading