{"id":21297,"date":"2024-07-25T15:17:45","date_gmt":"2024-07-25T13:17:45","guid":{"rendered":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/?p=21297"},"modified":"2025-03-07T16:31:52","modified_gmt":"2025-03-07T15:31:52","slug":"qualitaetssicherung-bei-endpoint-sicherheitssoftware","status":"publish","type":"post","link":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/2024\/07\/qualitaetssicherung-bei-endpoint-sicherheitssoftware\/","title":{"rendered":"Qualit\u00e4tssicherung bei Endpoint-Sicherheitssoftware"},"content":{"rendered":"

Nach der >> weltweiten IT-St\u00f6rung<\/a> in der letzten Woche, verursacht durch ein fehlerhaftes Update der Sicherheitssoftware von CrowdStrike, sind Diskussionen \u00fcber die Qualit\u00e4tssicherungsprozesse f\u00fcr Endpunktprodukte entbrannt. Endpoint-Sicherheitsprodukte sind eng mit dem Betriebssystem (OS) verkn\u00fcpft und erfordern daher strengere Qualit\u00e4tsprozesse. Die Besonderheit dieser Produkte und die Anforderungen an den privilegierten Betriebssystemzugriff machen den Entwicklungs- und Qualit\u00e4tssicherungsprozess (QS) komplexer als bei anderen Arten der Softwareentwicklung. Da diese Art von Software auf zehntausenden bis hin zu Hunderten Millionen Endpunkten und in sehr unterschiedlichen Umgebungen l\u00e4uft, ist es unm\u00f6glich, alle m\u00f6glichen Umgebungen zu testen, in denen das Produkt letztlich eingesetzt wird. Um dieses Problem zu l\u00f6sen, haben die technischen Teams von WatchGuard einen Prozess implementiert, der zwar den Rhythmus der Ver\u00f6ffentlichungen einh\u00e4lt, aber die M\u00f6glichkeit von St\u00f6rungen im normalen Betrieb verringert und die Auswirkungen eines fehlerhaften Update-Rollouts minimiert.<\/p>\n

Den ausf\u00fchrlichen kontrollierten Upgrade-Prozess finden Sie in unserem Blog unter >> HOWTO: WatchGuard Endpoint Security \u2013 Kontrollierter Upgrade-Prozess<\/a>.
\nAu\u00dferdem finden Sie in unserem Blog einen Artikel zum Thema >> WatchGuard Endpoint Security Upgrade Zeitplan<\/a>.<\/p>\n

Nach dem Vorfall letzte Woche versichert WatchGuard besonders wachsam zu bleiben und interne Prozesse st\u00e4ndig neu zu bewerten, um Schutz vor echten Bedrohungen zu gew\u00e4hrleisten.<\/p>\n

Corey Nachreiner, Chief Security Officer von WatchGuard, spricht im Blog und in einer Sonderausgabe vom “The 443”-Podcast \u00fcber den Vorfall:
\n>> Understanding the Global IT Outage Caused by a CrowdStrike Update<\/a><\/p>\n

<\/p>\n

_______________________________________________________<\/p>\n

Original-Meldung von Guillermo Gomez Santamaria<\/a>, Vice President of Advanced Endpoint Products and Services bei WatchGuard Technologies:<\/p>\n

\n

Last week\u2019s news of a global IT disruption caused by a security vendor\u2019s content update has driven important conversations about quality assurance processes for endpoint product and content updates. At WatchGuard, with more than 30 years of experience in this industry, we know well the sensitivity of the update process and wanted to take this opportunity to highlight the processes we have in place to protect you, our valued partner community, and your customers from the impacts of a flawed update rollout.<\/p>\n

Endpoint security products are closely intertwined with the operating system (OS) and thus they require stronger quality processes. These products\u2019 uniqueness and privileged OS access requirements make the development and quality assurance (QA) process harder than other types of software development. Due to this type of software running on ten to hundreds of millions of endpoints and in extremely diverse settings, we cannot test all the exact same environments in which the product will end up running. To solve that problem, the technical teams at WatchGuard have implemented a process that, while keeping the rhythm of releases, limits the possibility of disrupting normal operations.<\/p>\n

WatchGuard\u2019s Endpoint Product Update Process<\/h4>\n

Phase 1 - Friends and Family Preview:<\/h5>\n

The process, which is explained in this tech article<\/a>, starts after the Quality team completes all the internal alpha and beta testing procedures on a new release. Once the software is certified, we start with a stage we call internally Friends & Family testing; in essence, because it started being exactly that, friends and family testing the new solution in production.<\/p>\n

Originally, nearly 10 years ago, we started by upgrading our personal systems, both corporate systems and personal devices at home. Our internal WatchGuard systems are among the first ones to be included in the Friends & Family deployment \u2013 not only the personal computers but also the production servers.<\/p>\n

Over time, this environment has become much more diverse, with hundreds of accounts and thousands of endpoints. Some of our most strategic partners and some customer administrators wanted to join early adoption of our new versions, which adds these customer environments to our early Friends & Family testing.<\/p>\n

All systems included in this stage are highly monitored. We added extended telemetry to verify that the new version does not behave differently from the one being upgraded. Among the extended data, we upload and monitor for potential crashes and errors, but also health data, such as memory consumed or average CPU usage.<\/p>\n

Depending on the changes, we maintain this stage for enough time to verify that both the initial deployment was successful, and that it also works properly for a sufficient period of time.<\/p>\n

Our Support team is also very active during this stage to identify any potential new issues. In fact, they provide the main input to decide if we can move forward to the next step of the upgrade release process. When our Support team is satisfied with the version and all the metrics are under the defined parameters, we proceed.<\/p>\n

Phase 2 \u2013 Controlled Preview:<\/h5>\n

Next for us is to notify on the Cloud console that a new version is available. The intention is to provide our partners and customers with a notice that they can start deploying the new release. It is possible, as described in this tech article<\/a>, to perform the upgrade of your systems in a controlled manner.<\/p>\n

We stay at this stage for several weeks, monitoring the number of new devices being upgraded. As in the Friends & Family stage, our Support teams are very active in identifying anomalous behaviors that might be related to the new version.<\/p>\n

Phase 3 \u2013 Automatic Upgrade Process:<\/h5>\n

Once we are comfortable with the new release, we start the automatic upgrade phases. Again, the number of phases depends on the changes, but they are typically divided into three to four stages, during which we start pushing the upgrade to customers in those stages.<\/p>\n

WatchGuard\u2019s Content Update Process<\/h4>\n

The process of delivering content updates is similar. In this case, we have a staging environment similar to our Friends & Family, with hundreds of accounts and thousands of devices. Once the content is certified, we first publish the update to this environment. Similarly to the Friends & Family stage, this environment is highly monitored for health data. Any deviation over the previous performance line is evaluated and retested in this environment. Only when that process is complete \u2013 without reporting any new issues \u2013 do we push the update to our partners and customers.<\/p>\n

I want to take this opportunity to acknowledge the effort and resulting value of the work our internal Development, Quality Assurance, DevOps, and Support teams do daily to ensure we keep the solution up to date against new threats and avoid problems for our partners and customers. I also want to reiterate WatchGuard\u2019s ongoing commitment to revisit, revise, and evolve these processes as appropriate to continue earning your trust.<\/p>\n

Finally, I have been in the industry for more than twenty-five years and I know the pain caused by a failed rollout, and I don\u2019t like seeing this happen to other companies. When this happens, our impulse is to double down on the effort to verify that we keep our partners and customers safe from real threats, and to stay vigilant in constantly reassessing our internal processes.<\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"

Nach der >> weltweiten IT-St\u00f6rung in der letzten Woche, verursacht durch ein fehlerhaftes Update der Sicherheitssoftware von CrowdStrike, sind Diskussionen \u00fcber die Qualit\u00e4tssicherungsprozesse f\u00fcr Endpunktprodukte entbrannt. Endpoint-Sicherheitsprodukte sind eng mit dem Betriebssystem (OS) verkn\u00fcpft und erfordern daher strengere Qualit\u00e4tsprozesse. Die Besonderheit dieser Produkte und die Anforderungen an den privilegierten Betriebssystemzugriff machen den Entwicklungs- und Qualit\u00e4tssicherungsprozess (QS) komplexer als bei anderen Arten der Softwareentwicklung. Da diese … Weiterlesen Qualit\u00e4tssicherung bei Endpoint-Sicherheitssoftware<\/span> »<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[445],"tags":[704,1088,137,46,954,1223,1047],"class_list":["post-21297","post","type-post","status-publish","format-standard","hentry","category-aktuelle-nachrichten","tag-endpoint-security","tag-qualitaetssicherung","tag-update","tag-upgrade","tag-upgrade-zeitplan","tag-upgrade-prozess","tag-watchguard-endpoint"],"_links":{"self":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/21297"}],"collection":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/comments?post=21297"}],"version-history":[{"count":21,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/21297\/revisions"}],"predecessor-version":[{"id":27519,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/21297\/revisions\/27519"}],"wp:attachment":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/media?parent=21297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/categories?post=21297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/tags?post=21297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}