Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots. Blog

Scope of the CrowdStrike Outage

Vincent Saporito, Vice President, Product Marketing | July 19, 2024

Early this morning, on July 19th, CrowdStrike reported a major outage caused by an update to the Falcon sensor. The issue was confined to the Windows operating system but led to  a system crash, causing significant business   disruption and frustration across multiple sectors. CrowdStrike has since rolled back the update, but affected systems will need manual intervention for repair.  For more details on the incident and to stay up to date with CrowdStrike, you can read more here.

While the cybersecurity space is highly competitive, we all have the same goal: to secure our customers and ensure they can operate their businesses safely and securely without worry. In that spirit, we wanted to give you an update on our products and services.

Forescout Platform and Solutions

Like you, we have been busy assessing the scope of our critical systems and have quickly remediated any affected assets. All customer services were unaffected and are up and running to help you continue securing your environment.

Our Customers

If you need to proactively identify assets that could be affected by this outage, please follow these steps in Forescout eyeSight.

  1. Navigate to Asset Inventory
  2. Search for “CrowdStrike” and locate CrowdStrike Windows Sensor

  3. Clicking on this will show all endpoints running CrowdStrike and the versions deployed. This information is obtained directly from the endpoint and not from the Falcon platform.
  4. You can build a policy to uninstall CrowdStrike under the Policy Tab and creating a custom run script on endpoint.

If you need to identify systems that may have crashed and are inaccessible, customers leveraging Forescout for Threat Detection & Response (or their own SIEM/XDR tool) and sending Windows event logs can search for the following Event ID: 41.

  1. Login into Forescout Cloud and navigate to Logs -> Xplorer
  2. Navigate to the advanced query and enter the query: “event_id:41 AND data_source:windows_events

From here, you can identify potential hosts  affected by the update and plan manual remediation.

Wrap Up

The recent CrowdStrike outage has understandably caused concern and disruption. While the issue was limited to the Windows operating system, it has highlighted the importance of proactive asset management.

At Forescout, we are committed to supporting you through this period. Our services remain unaffected and fully operational to ensure your environment stays secure.

Demo RequestForescout PlatformTop of Page