CrowdStrike incident not only raises concern among CrowdStike users, but other brands of EDR software also face similar risks. Recently, Fortinet, the manufacturer of FortiEDR, has come forward to disclose a strategy to protect clients from crashing machines.
The software testing for FortiEDR is divided into three levels: Major, Minor, and Patch. Major and Minor undergo months of testing before release, while Patch is tested for several weeks before being made available in limited availability (LA) before expanding.
Similar to CrowdStrike, FortiEDR operates in the kernel, posing potential crash risks. However, Fortinet specifies a special mechanism to check if a module can cause a crash. If detected, it will self-disable and operate solely at the user-space level to connect with the management system for troubleshooting.
The CrowdStike incident is not a direct software update, but a continuous configuration file update. These updated configuration files trigger existing bugs and are rapidly disseminated through Rapid Response Content channels, causing immediate impact.
TLDR: Fortinet reveals strategies for FortiEDR to prevent client machine crashes, following in the footsteps of the recent CrowdStrike incident.
Leave a Comment