Channel partners including managed service providers and solutions providers play a central part in remediating IT issues at organizations large and small. So when a CrowdStrike update caused an IT outage across the world last week, it's not surprising that MSPs and other solution providers stepped up to help.
ChannelE2E spoke to Wayne Selk, CompTIA's VP for cybersecurity programs and executive director of the CompTIA ISAO about his organization's response and how MSPs help each other in times of need.
The full transcript is below, and here's the video.
Be sure to also check out the CyberRisk Alliance Network's full coverage of the CrowdStrike outage here:
- MSPs Come Together to Hasten CrowdStrike Outage Remediation
- MSSPs Help Organizations Through CrowdStrike IT Outage
- Security pros brace for manual system-by-system fix to CrowdStrike outage
- CrowdStrike Update Causes Global Outages: Analysis
- What the CrowdStrike update outage means for cybersecurity
- Seven tips that offer short-term and long-term fixes following the CrowdStrike outage
- CrowdStrike confirms faulty update is tied to massive global IT outage: ‘Fix has been deployed’
- Analyzing the CrowdStrike Incident and Its Ripple Effects
Transcript: CompTIA's Wayne Selk Talks about the CrowdStrike Crisis
Jessica C Davis - Hey, everybody, it's Jessica Davis, Editorial Director of Channel EDE and MSSP Alert. And I'm here with Wayne Selk, who is a big celebrity in the MSP space. He's a thought leader, he's a security leader. Tell us what your actual job title is, Wayne, and your role.
Wayne R. Selk - Sure, I'm happy to be here. Thank you for having me. Wayne Selk, I'm Vice President of Cybersecurity Programs at CompTIA. And I also have a second title of the, I'm the executive director of the CompTIA Community Information Sharing and Analysis Organization.
Jessica C Davis - Fantastic. Thank you, Wayne. Thanks for joining me today. And today we're talking about the big CrowdStrike and Microsoft outage that the world has been dealing with really for the last, not quite 24 hours yet as of this recording. And I wanted to start off by asking you, Wayne, what has CompTIA done so far? I know that you are coming to the aid of MSPs and other partners with some information.
Wayne R. Selk - Right. So through the Information Sharing and Analysis Organization, CrowdStrike folks actually, we're just amplifying the message coming out of CrowdStrike with the mitigation. So our threat report, it was an informational threat report that we released with a high severity, because obviously the impact is there. To our community, our broader community to say, hey, look, this is happening. And then we outlined the mitigation steps for them inside of the threat report so that they knew exactly what needed to take place in order to solve for this current little hiccup.
Jessica C Davis - Excellent. And I know you've been heads down working on that. And so I'm wondering, but I'm wondering, you know, do many MSPs use CrowdStrike? I mean, how widespread could this be for the impact to MSP customers?
Wayne R. Selk - I mean, the CrowdStrike Falcon sensor agent that is deployed, I think a good majority of MSPs like CrowdStrike and they like using the Falcon sensor agent because it's actually a useful tool, right? So I would suspect that there's probably quite a few MSPs that have been impacted by this. Again, at least in the last mitigation effort that I saw, as long as they haven't rebooted the systems, things will auto-correct itself because it's auto-updated through CrowdStrike, the agent set. It was a faulty update that got pushed. We can talk about that another time. Stuff does happen. Quality checks are missed. But this is a good reason why quality checks are very important. And that they're tested against the various iterations of the operating system set to make sure there isn't a challenge in there. But the mitigation step, even if the unit is impacted, from what I saw, it's boot into recovery mode, goes into if you can get the networking enabled, great. And then you can either remove the line through the registry or update the agent and it should correct itself, right? And then restart to get it back into normal operating mode.
Wayne R. Selk - It's not really a lot. It's just very time consuming, especially because you have to touch these individual computers that are impacted. It's not something I don't think, well, there's probably a very smart individual out there, not me, I'm not smart, who could probably automate that to happen for their systems too. So a nuisance, annoying for sure. But thankfully, I think all of the reports I've seen so far, CrowdStrike saying it was a oops on our part, it wasn't any part of a major cyber attack.
But you know, we can't always say that until down the road and we get confirmation from folks. Right, right. Because in the heat of the moment, everybody's Oh, I was on a cyber attack. But, you know, so I guess right now, we'll just wait to see.
Jessica C Davis - So it sounds like it's going to be a time consuming process for MSPs to remediate just because not difficult, but it takes a while to touch each endpoint.
Wayne R. Selk - Correct. And you and I were chatting before we actually started this call, my wife's office was impacted by it. Not everybody in the office was impacted, right? A lot of them didn't reboot their computers, so they were not impacted. It was just able to resolve itself on its own. That was one of the other indicators there that they said, don't reboot or shut down or restart if you don't have to, right?
Jessica C Davis - They're always telling me I should reboot, but I always resist it.
Wayne R. Selk - One of those rare instances where rebooting is going to cause the problem, not fix the problem.
Jessica C Davis - Right. The other thing I wanted to ask you, I know that CompTIA has been super active in getting MSPs to help each other in these instances. MSPs are really unique in how they they step up and do what they can to help each other. Can you talk a little bit about that, Wayne, and what happens in time of crisis among MSPs?
Wayne R. Selk - Yeah, absolutely. That's one of the great things about our community. If one person is having a challenge, a lot of folks actually come together to be able to jump in and help, which is just so amazing. That's one of the amazing things about our community as a whole. And one of the reasons why folks continue to belong, sign up, and become a member of the association is just for that. Networking as well as, hey, I'm having a challenge, can somebody help me? It's like we're all hands on deck. So it's awesome. It's a great place, a great community of folks that we work with.
Jessica C Davis - Yeah, I love it too. Well, thank you so much, Wayne, for joining me today. Really appreciate it. Really appreciate your insight on this CrowdStrike Microsoft and gigantic massive IT outage that we're experiencing at your wife's office and all across the world. So thank you.
Wayne R. Selk - No worries. Anytime. Thanks for having me.
