Food Engineering logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • PRODUCTS
  • TOPICS
  • EXCLUSIVES
  • MEDIA
  • FOOD MASTER
  • EVENTS
  • RESOURCES
  • EMAGAZINE
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Latest Headlines
  • Manufacturing News
  • People & Industry News
  • Plant Openings
  • Recalls
  • Regulatory Watch
  • Supplier News
  • PRODUCTS
  • New Plant Products
  • New Retail Products
  • TOPICS
  • Alternative Protein
  • Automation
  • Cannabis
  • Cleaning | Sanitation
  • Fabulous Food Plants
  • Food Safety
  • Maintenance Strategies
  • OEE
  • Packaging
  • Sustainability
  • More
  • EXCLUSIVES
  • Plant Construction Survey
  • Plant of the Year
  • Sustainable Plant of the Year
  • State of Food Manufacturing
  • Top 100 Food & Beverage Companies
  • MEDIA
  • Podcasts
  • Videos
  • Webinars
  • White Papers
  • EVENTS
  • Food Automation & Manufacturing Symposium and Expo
  • Industry Events
  • RESOURCES
  • eNewsletter
  • Custom Content & Marketing Services
  • FE Store
  • Government Links
  • Industry Associations
  • Market Research
  • Classified Ads
  • EMAGAZINE
  • eMagazine
  • Archive Issue
  • Advertise
Food Engineering logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Food Engineering logo
  • NEWS
    • Latest Headlines
    • Manufacturing News
    • People & Industry News
    • Plant Openings
    • Recalls
    • Regulatory Watch
    • Supplier News
  • PRODUCTS
    • New Plant Products
    • New Retail Products
  • TOPICS
    • Alternative Protein
    • Automation
    • Cannabis
    • Cleaning | Sanitation
    • Fabulous Food Plants
    • Food Safety
    • Maintenance Strategies
    • OEE
    • Packaging
    • Sustainability
    • More
  • EXCLUSIVES
    • Plant Construction Survey
    • Plant of the Year
    • Sustainable Plant of the Year
    • State of Food Manufacturing
    • Top 100 Food & Beverage Companies
  • MEDIA
    • Podcasts
    • Videos
    • Webinars
    • White Papers
  • FOOD MASTER
  • EVENTS
    • Food Automation & Manufacturing Symposium and Expo
    • Industry Events
  • RESOURCES
    • eNewsletter
    • Custom Content & Marketing Services
    • FE Store
    • Government Links
    • Industry Associations
    • Market Research
    • Classified Ads
  • EMAGAZINE
    • eMagazine
    • Archive Issue
    • Advertise
  • SIGN UP!
OEE

When a Threat Detection System Becomes the ‘Threat’

Fixing issues related to the recent CrowdStrike update to Windows systems required personal onsite attention.

By Wayne Labs, Senior Contributing Technical Editor
CrowdStrike Remediation Screen

CrowdStrike posted a remediation screen shortly after its update shutdown thousands to millions of key Windows servers and clients, affecting corporations large and small. Source: CrowdStrike

August 1, 2024

On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for its Windows-based “Falcon Sensor” to gather telemetry on possible novel threat techniques. Unfortunately, the update had issues, which caused Windows to restart with the infamous “blue screen of death,” a common occurrence when Windows detects a defective driver operating in “kernel mode” that could potentially cause damage to the Windows OS. Without attention, the blue screen of death remains until the problem is remedied.

Most all virus and threat scanners must operate in kernel mode (as opposed to “user mode” where applications run) to be able to protect the OS from potential viruses and threats. This means that a problematic threat scanner driver or its definition/configuration file could accidentally keep a Windows computer from rebooting after downloading an update. Removing the defective definition/configuration file or disabling the scanner/driver can temporarily fix the issue, allowing a Windows computer to restart, albeit without the protection, until a new definitions file is distributed from the vendor, in this case, CrowdStrike.

In this situation, it was not a virus or threat that caused the failed reboots of thousands to millions of Windows computers, both clients and servers: It was a defective CrowdStrike update. And the worst part of it was that IT technicians would have to fix the problem by physically being on-location to log into the machines in “Administrator Mode.” Using Remote Desktop was not an option as Windows has to be in full operation to run that service. Being on premises also included Windows virtual machines operating in datacenters, which would also have needed the same personal attention—One. By. One. This is why it took so long to recover machines.

FOOD ENGINEERING asked experts from Tenable, an exposure management platform catering to industrial systems for comments.

FE: How can Windows industrial users protect their equipment from “accidental” updates that shut down systems?

Scott Caveza, staff research engineer, Tenable: Accidental updates like this are fortunately quite rare. While we’ve observed bad Windows operating system updates that have crashed systems or caused reboot loops in some circumstances, these issues are still rare. To combat this, some organizations will test updates on non-critical systems to verify that the updates do not cause any inadvertent issues. However, by delaying patching of systems, this can introduce more risk, especially when the updates are for security patches. Taking a “defense-in-depth” approach is the best option and part of that involves ensuring that planning for outages and recovery are part of the playbook for all organizations.

FE: How should industrial users vet cybersecurity problems to avoid failures of this nature in the future? 

Caveza: In an industrial environment, uptime is mission critical and downtime can incur major costs. The question becomes, does the impact from a cyberattack or crashed systems from other technical issues have more impact? In the Crowdstrike scenario, recovery was relatively quick for those impacted, once guidance was released. A cyberattack could result in more downtime as incident response processes take over. While both incur significant operational costs, it’s important to remember that a cyberattack could be exponentially worse. To that end, organizations need to plan for both contingencies and have plans and processes in place to understand what recovery looks like and how it will be performed. While it’s impossible to predict if a bad update will plague your security solution or block data flows inadvertently, time is better spent on planning on the next outage and understanding how to recover systems quickly and effectively.

FE: Can security systems like Crowdstrike be set up to run outside of kernel mode (in user mode) and still protect a machine?

Satnam Narang, senior staff research engineer, Tenable: There are some security solutions that don’t utilize kernel mode but those are limited to other types of solutions. Most Endpoint Detection and Response (EDR) solutions require kernel-mode access and it is, unfortunately, the nature of the beast when it comes to EDR. 

FE: What options can be set up to make it easy to bypass a bad “virus/malware definitions update,” which shuts down a driver, in turn shutting down Windows? Does a Windows user really want to reboot a dozen times, hoping that Windows OS might recognize the problem and disable the driver automatically?

Narang: The onus starts with more thorough testing by the vendors prior to deploying these updates. It may also require organizations to conduct additional testing of said updates themselves. There are also a variety of lessons to be learned from what happened as a result of the bad/faulty update. 

FE: What are some of the lessons to be learned? Would one of them be having a successful backup ready for unforeseen circumstances?

Narang: Plan for the unexpected. Unexpected interruptions, whether from a cyberattack or a failed update are both continuity-impacting incidents. Planning for one helps build resilience for the other. Identification of your mission critical assets and how you would recover and restore functionality as quickly as possible should be core to the plan. Once a plan is established, the next crucial step is to actually test it. Tabletop the backup plan and treat it as an actual incident. There’s much to learn for each environment and despite having a well-documented plan, it means nothing if it’s not been put through the paces. The final step is to remember that the backup and recovery plan is a living process. It will require continued maintenance and testing, just as with the systems themselves.

For more information from CrowdStrike, see its Tech Info: “Remediation And Guidance Hub: Falcon Content Update For Windows Hosts” on its website. More information on Tenable can be found at tenable.com.

About the interviewees

Scott Caveza_Tenable

Scott Caveza joined Tenable in 2012 as a research engineer on the Nessus Plugins team. Over the years, he has written hundreds of plugins for Nessus, and reviewed code for even more from his time being a team lead and manager of the Plugins team. Previously leading the Security Response team and the Zero Day Research team, Caveza is currently a member of the security response team, helping the research organization respond to the latest threats. He has more than a decade of experience in the industry with previous work in the security operations center (SOC) for a major domain registrar and web hosting provider. Caveza is a current CISSP and actively maintains his GIAC GWAPT Web Application Penetration Tester certification.


Satnam Narang_Tenable

Satnam Narang joined Tenable in 2018. He has more than 15 years’ experience in the industry (M86 Security and Symantec). He contributed to the Anti-Phishing Working Group, helped develop a social networking guide for the National Cyber Security Alliance, uncovered a huge spam botnet on Twitter and was the first to report on spam bots on Tinder. He's appeared on NBC Nightly News, Entertainment Tonight, Bloomberg West, and the Why Oh Why podcast.

KEYWORDS: cybersecurity downtime IT/OT systems

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Wayne labs 200px
Wayne Labs has more than 30 years of editorial experience in industrial automation. He served as senior technical editor for I&CS/Control Solutions magazine for 18 years where he covered software, control system hardware and sensors/transmitters. Labs ran his own consulting business and contributed feature articles to Electronic Design, Control, Control Design, Industrial Networking and Food Engineering magazines. Before joining Food Engineering, he served as a senior technical editor for Omega Engineering Inc. Labs also worked in wireless systems and served as a field engineer for GE’s Mobile Communications Division and as a systems engineer for Bucks County Emergency Services. In addition to writing technical feature articles, Wayne covers FE’s Engineering R&D section.

Recommended Content

JOIN TODAY
to unlock your recommendations.

Already have an account? Sign In

  • Global Organic Food & Beverage Market to Grow

    Global Organic Food & Beverage Market to Grow

    With a CAGR of 12.07%, Bonafide Research estimates this...
    Latest headlines
  • skilled MEP worker

    Predicting Food and Beverage Manufacturing Trends for 2024

    The two words that should be kept in mind are labor and...
    Automation
    By: Derrick Teal
  • cleaning and sanitation

    The basics of cleaning and sanitation in food plants

    Sanitation maintains or restores a state of cleanliness...
    Food Safety
    By: Richard F. Stier
Manage My Account
  • eMagazine
  • eNewsletter
  • Online Registration
  • Manage My Preferences
  • Customer Service

Food Plant Openings and Expansions May 2025

Food Plant Openings and Expansions May 2025

OT Cybersecurity Vulnerabilities in Food Manufacturing Facilities

OT Cybersecurity Vulnerabilities in Food Manufacturing Facilities

Understanding Impacts of OT Cybersecurity Events in Food Manufacturing

Understanding Impacts of OT Cybersecurity Events in Food Manufacturing

Food Plant Openings and Expansions April 2025

Food Plant Openings and Expansions April 2025

More Videos

Popular Stories

FMTE Formed by Four Food Manufacturing Companies

Coalition Unites Europe’s Food Manufacturing Technologies and Equipment Sector

mechanical and chemical recycling

Clean Label Packaging Expands to Include Sustainability Considerations

Bottling machine

How Sensing Technologies Can Help Avoid Food and Water Waste

CHECK OUT OUR NEW ESSENTIAL TOPICS

Alternative ProteinAutomationCleaning/SanitationFabulous Food Plants

Food SafetyMaintenance StrategiesOEE

PackagingSustainability

Events

June 17, 2025

Refrigerated & Frozen Foods’ State of the Cold Chain

On Demand Kelley Rodriguez, Editor in Chief of Refrigerated & Frozen Foods, will be joined in this 60-minute webinar by industry experts to help unpack the latest research.

July 10, 2025

Smarter Innovation With Practical AI: How to Stay Agile in Uncertain Times

Regulatory updates, supply chain shifts and evolving consumer demands keep the food and beverage industry in a state of constant change.

View All Submit An Event

Products

Recent Advances in Ready-to-Eat Food Technology

Recent Advances in Ready-to-Eat Food Technology

See More Products

Plant of the Year

Related Articles

  • TACCP-threat-assessment

    TACCP: HACCP for threat assessments

    See More
  • Chinova Lab Test

    Stem sell: An often-discarded mushroom part becomes a natural preservative

    See More
  • SoftAI is a bundled hardware and software solution

    Soft-touch robotics system becomes human-like with new AI software

    See More

Events

View AllSubmit An Event
  • March 27, 2025

    Optimizing Production Efficiency With Checkweighers: A Comprehensive Guide

    On Demand Whether you're in the food, pharmaceutical, or personal care industry, this webinar will provide valuable insights into leveraging checkweighers for optimal efficiency and brand protection.
  • May 6, 2025

    Fortifying Food Production: Automation and the Critical Role of Cybersecurity

    On Demand Food manufacturers face many challenges, including maintaining quality, managing labor shortages and sustaining the safety of their products, workforce and facilities. How can producers possibly keep up?
View AllSubmit An Event
×

Elevate your expertise in food engineering with unparalleled insights and connections.

Get the latest industry updates tailored your way.

JOIN TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Food Master
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Food Engineering logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Food Engineering logo
  • NEWS
    • Latest Headlines
    • Manufacturing News
    • People & Industry News
    • Plant Openings
    • Recalls
    • Regulatory Watch
    • Supplier News
  • PRODUCTS
    • New Plant Products
    • New Retail Products
  • TOPICS
    • Alternative Protein
    • Automation
    • Cannabis
    • Cleaning | Sanitation
    • Fabulous Food Plants
    • Food Safety
    • Maintenance Strategies
    • OEE
    • Packaging
    • Sustainability
    • More
  • EXCLUSIVES
    • Plant Construction Survey
    • Plant of the Year
    • Sustainable Plant of the Year
    • State of Food Manufacturing
    • Top 100 Food & Beverage Companies
  • MEDIA
    • Podcasts
    • Videos
    • Webinars
    • White Papers
  • FOOD MASTER
  • EVENTS
    • Food Automation & Manufacturing Symposium and Expo
    • Industry Events
  • RESOURCES
    • eNewsletter
    • Custom Content & Marketing Services
    • FE Store
    • Government Links
    • Industry Associations
    • Market Research
    • Classified Ads
  • EMAGAZINE
    • eMagazine
    • Archive Issue
    • Advertise
  • SIGN UP!