什麼是 CrowdStrike Falcon，它有什麼作用？我的電腦安全嗎？
2024年7月19日 

英國《對話》/what-is-crowdstrike-falcon-and-what-does-it-do-is-my-computer-safe-235123
作者
托比·默里
墨爾本大學計算與資訊系統學院網路安全副教授 6park.com
披露聲明
托比·默里（Toby Murray）不為任何可能從本文中受益的公司或組織工作、諮詢、擁有股份或接受資助，並且除了學術任命之外，沒有披露任何相關從屬關係。
合作夥伴
墨爾本大學作為The Conversation AU的創始合作夥伴提供資金。
 6park.com
我們相信資訊的自由流動
在知識共用許可下，免費在線或印刷重新發佈我們的文章。
 6park.com
2024 年 7 月 19 日，一名乘客在印度德里機場通過故障信息螢幕。美國環保署/拉賈特·古普塔
大規模的 IT 中斷目前正在影響全球的電腦系統。在澳大利亞和紐西蘭，報告顯示銀行、媒體機構、醫院、交通服務、商店收銀台、機場等的計算機都受到了影響。
今天的停電規模和嚴重程度是前所未有的。受影響計算機所發生情況的技術術語是它們已被「磚砌」。。這個詞指的是那些因這次中斷而變得如此無用的計算機——至少現在——它們可能就像磚頭一樣。
大範圍的停電與一款名為CrowdStrike Falcon的軟體有關。它是什麼，為什麼會造成如此廣泛的破壞？
什麼是 CrowdStrike Falcon？

CrowdStrike 是一家美國網路安全公司，在全球科技市場佔有重要份額。Falcon 是其軟體產品之一，組織將其安裝在其計算機上，以保護它們免受網路攻擊和惡意軟體的侵害。 6park.com

Falcon 就是所謂的「端點檢測和回應」（EDR） 軟體。它的工作是監視安裝它的計算機上發生的事情，尋找惡意活動（例如惡意軟體）的跡象。當它檢測到可疑的東西時，它有助於鎖定威脅。
這意味著 Falcon 就是我們所說的特權軟體。為了檢測攻擊跡象，獵鷹必須對計算機進行大量詳細監控，因此它可以訪問許多內部系統。這包括計算機通過 Internet 發送的通信以及正在運行的程式、正在打開的檔案等等。
從這個意義上說，Falcon有點像傳統的防病毒軟體，但使用類固醇。

然而，不僅如此，它還需要能夠鎖定威脅。例如，如果它檢測到它正在監控的計算機正在與潛在的駭客通信，則 Falcon 需要能夠關閉該通信。這意味著Falcon與其運行的計算機的核心軟體（Microsoft Windows）緊密集成。 6park.com

 6park.com
來自 CrowdStrike 網站的更新警報，通知客戶與 Falcon 相關的 Windows 崩潰。 對話/人群罷工
為什麼獵鷹會導致這個問題？
這種特權和緊密的集成使獵鷹變得強大。但這也意味著，當獵鷹發生故障時，可能會導致嚴重的問題。今天的停電是最壞的情況。
我們目前所知道的是，Falcon 的更新導致它出現故障，導致 Windows 10 電腦崩潰，然後無法重新啟動，導致可怕的“藍屏死機”（BSOD）。
這是一個親切的術語，用於指代Windows計算機崩潰並需要重新啟動時顯示的螢幕 - 只是在這種情況下，Falcon問題意味著計算機無法重新啟動而不會再次遇到BSOD。
為什麼獵鷹被如此廣泛地使用？
CrowdStrike 是 EDR 解決方案的市場領導者。這意味著它的產品（如Falcon）很常見，並且可能是意識到網路安全的組織的首選。
正如今天的停電所表明的那樣，這包括醫院、媒體公司、大學、大型超市等等。影響的全部規模尚未確定，但肯定是全球性的。
為什麼家用電腦不受影響？
雖然 CrowdStrike 的產品廣泛部署在需要保護自己免受網路攻擊的主要組織中，但它們在家用 PC 上的使用要少得多。
這是因為 CrowdStrike 的產品是為大型組織量身定製的，在這些組織中，CrowdStrike 的工具幫助他們監控網路的攻擊跡象，併為他們提供及時回應入侵所需的資訊。
對於家庭用戶來說，諾頓和邁克菲等公司提供的內置防病毒軟體或安全產品更受歡迎。
這需要多長時間才能解決？
在此階段，CrowdStrike 提供了有關人們如何在受影響的計算機上解決問題的手動說明。
但是，在撰寫本文時，似乎還沒有自動修復該問題的方法。某些組織的 IT 團隊可能只需擦除受影響的電腦並從備份或類似位置恢復它們，即可快速解決此問題。
一些 IT 團隊還可以在其組織的電腦上「回滾」（恢復到早期版本）受影響的 Falcon 版本。一些 IT 團隊也可能不得不手動修復其組織計算機上的問題，一次一個。
我們應該預料到，在許多組織中，問題可能需要一段時間才能完全解決。
具有諷刺意味的是，安全專業人員多年來一直在鼓勵組織部署先進的安全技術，例如EDR。然而，同樣的技術現在已經導致了我們多年來從未見過的重大中斷。
對於像 CrowdStrike 這樣銷售高特權安全軟體的公司來說，這是一個及時的提醒，在為其產品部署自動更新時要格外小心。
網路安全IT系統人群罷工
聽聽更多歐洲學者的心聲
有數以百萬計的人正在努力尋找解決我們最大問題的方法。 6park.com
在我們每周的電子郵件中，我幫助策劃，你會得到一個均衡的新聞飲食，不會讓你筋疲力盡......但對歐洲事務充滿活力和希望

 6park.com
蘿拉·胡德 6park.com



英國《對話》政治編輯兼助理編輯
 6park.com
What is CrowdStrike Falcon and what does it do? Is my computer safe?
Published: July 19, 2024 12.20pm CEST

A massive IT outage is currently affecting computer systems worldwide. In Australia and Aotearoa New Zealand, reports indicate computers at banks, media organisations, hospitals, transport services, shop checkouts, airports and more have all been impacted. 6park.com



Today’s outage is unprecedented in its scale and severity. The technical term for what has happened to the affected computers is that they have been “bricked”. This word refers to those computers being rendered so useless by this outage that – at least for now – they may as well be bricks. 6park.com



The widespread outage has been linked to a piece of software called CrowdStrike Falcon. What is it, and why has it caused such widespread disruption? 6park.com


What is CrowdStrike Falcon?

CrowdStrike is a US cyber security company with a major global share in the tech market. Falcon is one of its software products that organisations install on their computers to keep them safe from cyber attacks and malware. 6park.com

 6park.com
A weekly email with evidence-based analysis from Europe's best scholars

Get our newsletter
 6park.com

Falcon is what is known as “endpoint detection and response” (EDR) software. Its job is to monitor what is happening on the computers on which it is installed, looking for signs of nefarious activity (such as malware). When it detects something fishy, it helps to lock down the threat. 6park.com



This means Falcon is what we call privileged software. To detect signs of attack, Falcon has to monitor computers in a lot of detail, so it has access to a lot of the internal systems. This includes what communications computers are sending over the internet as well as what programs are running, what files are being opened, and much more. 6park.com



In this sense, Falcon is a bit like traditional antivirus software, but on steroids. 6park.com



More than that, however, it also needs to be able to lock down threats. For example, if it detects that a computer it is monitoring is communicating with a potential hacker, Falcon needs to be able to shut down that communication. This means Falcon is tightly integrated with the core software of the computers it runs on – Microsoft Windows. 6park.com

 6park.com
 6park.com


 6park.com

An update alert from the CrowdStrike website informing customers about the Windows crashes related to Falcon. The Conversation/Crowdstrike
Why did Falcon cause this problem?

This privilege and tight integration makes Falcon powerful. But it also means that when Falcon malfunctions, it can cause serious problems. Today’s outage is a worst-case scenario. 6park.com



What we currently know is that an update to Falcon caused it to malfunction in a way that caused Windows 10 computers to crash and then fail to reboot, leading to the dreaded “blue screen of death” (BSOD). 6park.com


This is the affectionate term used to refer to the screen that is displayed when Windows computers crash and need to be rebooted – only, in this case, the Falcon problem means the computers cannot reboot without encountering the BSOD again.
Why is Falcon so widely used?

CrowdStrike is the market leader in EDR solutions. This means its products – such as Falcon – are common and likely the pick of the bunch for organisations conscious of their cyber security. 6park.com



As today’s outage has shown, this includes hospitals, media companies, universities, major supermarkets and many more. The full scale of the impact is yet to be determined, but it’s certainly global. 6park.com


Why aren’t home PCs affected?

While CrowdStrike’s products are widely deployed in major organisations that need to protect themselves from cyber attacks, they are much less commonly used on home PCs. 6park.com



This is because CrowdStrike’s products are tailored for large organisations in which CrowdStrike’s tools help them monitor their networks for signs of attack, and provide them with the information they need to respond to intrusions in a timely way. 6park.com


For home users, built-in antivirus sofware or security products offered by companies such as Norton and McAfee are much more popular.
How long will this take to fix?

At this stage, CrowdStrike has provided manual instructions for how people can fix the problem on individual affected computers. 6park.com



However, at the time of writing there does not yet appear to be an automatic fix for the problem. IT teams at some organisations may be able to fix this problem quickly by simply wiping the affected computers and restoring them from backups or similar. 6park.com



Some IT teams may also be able to “roll back” (revert to an earlier version) the affected Falcon version on their organisation’s computers. It’s also possible some IT teams will have to manually fix the problem on their organisation’s computers, one at a time. 6park.com



We should expect that in many organisations it may take a while before the problem can be resolved entirely. 6park.com



What is ironic about this incident is that security professionals have been encouraging organisations to deploy advanced security technology such as EDR for years. Yet that same technology has now resulted in a major outage the likes of which we haven’t seen in years. 6park.com




 6park.com

For companies like CrowdStrike that sell highly privileged security software, this is a timely reminder to be incredibly careful when deploying automatic updates to their products.
 6park.com




CybersecurityIT systemsCrowdStrike

Hear from more scholars in Europe

There are millions of people who are working to find solutions to our biggest problems.
 6park.com

In our weekly email, which I help curate, you will get a balanced news diet that doesn’t leave you exhausted… but energised and hopeful about European matters.

Get our newsletter 6park.com

 6park.com
Laura Hood 6park.com
Politics Editor & Assistant Editor, The Conversation UK 6park.com


贴主:jefferson23于2024_07_20 10:51:53编辑