Hell yeah! And the people who rely on their software to detect intrusions - we don't care!
They have liability and it should be somehow handled (I don't know how, I am not a lawyer/finance guy) but without losing sight of what CS provides to a company.
> And the people who rely on their software to detect intrusions - we don't care
They can replace with an alternative. Crowdstrike was installed via an automated manner at any organisation which has the scale to merit it (right?), therefore replacing it with a competitor should be easy.
> without losing sight of what CS provides to a company.
Zero quality controls, leading to them releasing kernel crashing updates for RHEL and then Windows in the span of a few months? Nah fuck 'em. Such negligence doesn't deserve to be in business. And if they're that negligent with quality, how would anyone trust them that the software actually does what it should?
Do you work in cybersecurity? Because if you do and you did a comparison of the solutions to choose one that is tailored to your needs and did an awful amount of tests to check if all your OSes and installed apps do not suffer from CS and worked on eradicating the false positives -- then please enlighten me how to make a massive change on 200+k machines bypassing all this effort.
Sure, if you have CS on 3 machines you can expertly issue such comments.
> And if they're that negligent with quality, how would anyone trust them that the software actually does what it should?
Because the ones that actually use the product know its pros and cons.
I have no attachment to CS and would be happy if we lived in the world you imagine - a world where managing IT and security is a matter of pressing a button. But we do not live in such a world and I do not comment on medical studies just because I read an article in Vogue about it.
I am rather emotional because such comments assume that people in cybersecurity are a bunch of idiots who have no idea about how to do their job. But thank you for showing us the path.
EDIT: I just had a look at your profile and you are in IT. Shame on you for not giving a shit about the reality of the work of people you sell your solutions to.
No, I don't, I just suffer from it. Mostly checklist driven development.
> you did a comparison of the solutions to choose one that is tailored to your needs and did an awful amount of tests to check if all your OSes and installed apps do not suffer from CS and worked on eradicating the false positives -- then please enlighten me how to make a massive change on 200+k machines bypassing all this effort.
You wouldn't bypass it, you would do your job. Because the vendor you've currently chosen has shown themselves to be utterly incompetent at basic tech stuff... So why the hell would you trust them for something as vital as cybersecurity? If they cannot be bothered to do even simple testing, why the hell do you think they'd be able to detect an intrusion? Or is it just to check a checkbox for someone, yes we have antivirus.
> Because the ones that actually use the product know its pros and cons.
Do they? They knew that Crowdstrike do zero testing and can and will push out updates that crash every system? If they did and they still chose them as a vendor, there are serious doubts around their competence too.
> I am rather emotional because such comments assume that people in cybersecurity are a bunch of idiots who have no idea about how to do their job
My comment was entirely about Crowdstrike and how their negligence and incompetence means the company should fold. I made no comment at all on cybersecurity professionals. But let's be real for a second - if a vendor of yours for something so critical shat the bed that much (again - no testing, pushing out an update that crashes everything for everyone for the second time in a few months), and your reaction is "it will be too complicated to move away from them, so let's just pray they improve"... That's not OK. And it's precisely because of this kind of reaction I wish the corporate death penalty on Crowdstrike. If their users cannot be trusted to make the correct choice and drop the insecure negligent vendor, the vendor should disappear and leave them with no choice.
> But let's be real for a second - if a vendor of yours for something so critical shat the bed that much (again - no testing, pushing out an update that crashes everything for everyone for the second time in a few months), and your reaction is "it will be too complicated to move away from them, so let's just pray they improve"... That's not OK. And it's precisely because of this kind of reaction I wish the corporate death penalty on Crowdstrike. If their users cannot be trusted to make the correct choice and drop the insecure negligent vendor, the vendor should disappear and leave them with no choice.
I sure hope that companies you work with or for never ever have a bug. Please just do not tell me that you use MS Windows?? You do not use that, right? Because they have so many issues and you have looked with Bill Gates at how exactly they do their QA.
Or Linux!! Hope you do not use that either. Full of bugs, repeatedly. What a pile of crap.
What world do you live in? Are you showing your customers your CI/CD when you sell your product? Are you telling them to never ever use Windows or Linux or Mac or VAX or AS400 or anything that has bugs?
Changing a product like CS is a MASSIVE MASSIVE effort. An effort that takes a year and yes, you have to look for alternatives (always, not only when there is an issue) but you do not do that "hop!" like this.
I am frightened by people who claim to be experts in areas they have no idea about, and explain what the ones who spend their time there must do. This looks very much like some management.
I am sure you have compared discoverability before and after having an EDR and the market for EDRs, and tested all of the big players and made a decision after discussing QA with their QA managers. Good for you. Not everyone have the same capabilities like you, we must rely on a team of clueless people who do that over a year with input from the vendor. I will be sure to ask for the CI/CD pipes, details of QA etc when I stumble upon the next product - because someone on Internet told me that they think that this is how it should be done.
> sure hope that companies you work with or for never ever have a bug
We aren't talking about a bug, we're talking about wilful negligence here (funnily, your example about Microsoft is on point - Azure exhibits the same type wilful negligence with their absurd lack of security). It's not a "shit happens" type of situation - of course bugs happen. Security bugs happen too. Sometimes even very stupid ones!
Again, we're talking about a company with highly privileged access (to the kernel) and associated potential for security exploits and crashes not doing any testing on updates. And not only releasing a broken update that results in crashes once, but fucking twice. Why didn't the they learn from it the first time? It was inexcusable once, it's even more inexcusable that it happened twice.
And yes, if you buy from random vendors without doing your due diligence on how their failure might impact you, and what they're doing to make sure it doesn't happen, you're taking massive risks. If you get burned by it and still can't be bothered to think about this, I don't know what to tell you. At least that checkbox is ticked and we have EDR so we secure, am I right? That's all that matters for a lot of cybersecurity people, hope you're not one of them.
I am rather emotional because such comments assume that people in cybersecurity are a bunch of idiots who have no idea about how to do their job. But thank you for showing us the path.
But in my experience, this is exactly the case. I've successfully elevated myself from <nothing> to <global super admin>, in two very large compagny. First one, I got anonymous AWS super admin access. Second one (where I'm still at), I got admin AD access (again, anonymous), as well as git admin, access to all k8s and admin azure (all subs).
From there, and considering that the security people were shocked, what should be the conclusion ?
Most importantly : considering that security people, once informed of the details, did nothing about it, how on earth should I respect such clowns ?
Eh, to give credit, cybersecurity can never be perfect.
I have a much bigger problem with cybersecurity "professionals" who have no idea what they're doing, purely engaging in checkbox ticking without considering or understanding the impact of their work. And worst of all, unable to comprehend when being explained that what they've enacted makes no sense and doesn't improve security (or actively harms it). Those are the worst.
14 comments
[ 2.4 ms ] story [ 47.3 ms ] threadThey have liability and it should be somehow handled (I don't know how, I am not a lawyer/finance guy) but without losing sight of what CS provides to a company.
They can replace with an alternative. Crowdstrike was installed via an automated manner at any organisation which has the scale to merit it (right?), therefore replacing it with a competitor should be easy.
> without losing sight of what CS provides to a company.
Zero quality controls, leading to them releasing kernel crashing updates for RHEL and then Windows in the span of a few months? Nah fuck 'em. Such negligence doesn't deserve to be in business. And if they're that negligent with quality, how would anyone trust them that the software actually does what it should?
Do you work in cybersecurity? Because if you do and you did a comparison of the solutions to choose one that is tailored to your needs and did an awful amount of tests to check if all your OSes and installed apps do not suffer from CS and worked on eradicating the false positives -- then please enlighten me how to make a massive change on 200+k machines bypassing all this effort.
Sure, if you have CS on 3 machines you can expertly issue such comments.
> And if they're that negligent with quality, how would anyone trust them that the software actually does what it should?
Because the ones that actually use the product know its pros and cons.
I have no attachment to CS and would be happy if we lived in the world you imagine - a world where managing IT and security is a matter of pressing a button. But we do not live in such a world and I do not comment on medical studies just because I read an article in Vogue about it.
I am rather emotional because such comments assume that people in cybersecurity are a bunch of idiots who have no idea about how to do their job. But thank you for showing us the path.
EDIT: I just had a look at your profile and you are in IT. Shame on you for not giving a shit about the reality of the work of people you sell your solutions to.
No, I don't, I just suffer from it. Mostly checklist driven development.
> you did a comparison of the solutions to choose one that is tailored to your needs and did an awful amount of tests to check if all your OSes and installed apps do not suffer from CS and worked on eradicating the false positives -- then please enlighten me how to make a massive change on 200+k machines bypassing all this effort.
You wouldn't bypass it, you would do your job. Because the vendor you've currently chosen has shown themselves to be utterly incompetent at basic tech stuff... So why the hell would you trust them for something as vital as cybersecurity? If they cannot be bothered to do even simple testing, why the hell do you think they'd be able to detect an intrusion? Or is it just to check a checkbox for someone, yes we have antivirus.
> Because the ones that actually use the product know its pros and cons.
Do they? They knew that Crowdstrike do zero testing and can and will push out updates that crash every system? If they did and they still chose them as a vendor, there are serious doubts around their competence too.
> I am rather emotional because such comments assume that people in cybersecurity are a bunch of idiots who have no idea about how to do their job
My comment was entirely about Crowdstrike and how their negligence and incompetence means the company should fold. I made no comment at all on cybersecurity professionals. But let's be real for a second - if a vendor of yours for something so critical shat the bed that much (again - no testing, pushing out an update that crashes everything for everyone for the second time in a few months), and your reaction is "it will be too complicated to move away from them, so let's just pray they improve"... That's not OK. And it's precisely because of this kind of reaction I wish the corporate death penalty on Crowdstrike. If their users cannot be trusted to make the correct choice and drop the insecure negligent vendor, the vendor should disappear and leave them with no choice.
I sure hope that companies you work with or for never ever have a bug. Please just do not tell me that you use MS Windows?? You do not use that, right? Because they have so many issues and you have looked with Bill Gates at how exactly they do their QA.
Or Linux!! Hope you do not use that either. Full of bugs, repeatedly. What a pile of crap.
What world do you live in? Are you showing your customers your CI/CD when you sell your product? Are you telling them to never ever use Windows or Linux or Mac or VAX or AS400 or anything that has bugs?
Changing a product like CS is a MASSIVE MASSIVE effort. An effort that takes a year and yes, you have to look for alternatives (always, not only when there is an issue) but you do not do that "hop!" like this.
I am frightened by people who claim to be experts in areas they have no idea about, and explain what the ones who spend their time there must do. This looks very much like some management.
I am sure you have compared discoverability before and after having an EDR and the market for EDRs, and tested all of the big players and made a decision after discussing QA with their QA managers. Good for you. Not everyone have the same capabilities like you, we must rely on a team of clueless people who do that over a year with input from the vendor. I will be sure to ask for the CI/CD pipes, details of QA etc when I stumble upon the next product - because someone on Internet told me that they think that this is how it should be done.
We aren't talking about a bug, we're talking about wilful negligence here (funnily, your example about Microsoft is on point - Azure exhibits the same type wilful negligence with their absurd lack of security). It's not a "shit happens" type of situation - of course bugs happen. Security bugs happen too. Sometimes even very stupid ones!
Again, we're talking about a company with highly privileged access (to the kernel) and associated potential for security exploits and crashes not doing any testing on updates. And not only releasing a broken update that results in crashes once, but fucking twice. Why didn't the they learn from it the first time? It was inexcusable once, it's even more inexcusable that it happened twice.
And yes, if you buy from random vendors without doing your due diligence on how their failure might impact you, and what they're doing to make sure it doesn't happen, you're taking massive risks. If you get burned by it and still can't be bothered to think about this, I don't know what to tell you. At least that checkbox is ticked and we have EDR so we secure, am I right? That's all that matters for a lot of cybersecurity people, hope you're not one of them.
From there, and considering that the security people were shocked, what should be the conclusion ?
Most importantly : considering that security people, once informed of the details, did nothing about it, how on earth should I respect such clowns ?
(I'm not saying good people do not exist)
I have a much bigger problem with cybersecurity "professionals" who have no idea what they're doing, purely engaging in checkbox ticking without considering or understanding the impact of their work. And worst of all, unable to comprehend when being explained that what they've enacted makes no sense and doesn't improve security (or actively harms it). Those are the worst.