I have managed a few single and multi tenant Sentinel One instances over the past few years, and have been happy enough to choose them again at each company. It's been effective while not being a major ticket generation machine like other products I have used like Webroot, for example. Just thought I would chime in on the topic as a Systems Administrator, SSCP, blah, blah, blah.
Its time for more opensource EDR. Just like other disasters that were mitigated by open code, the crowdstrike thing could have been stopped before it was a problem
I'd suggest Seceon, has it's own EDR and is essentially Darktrace with remediation which can be automated, You feed it syslogs and flows from core switches and firewalls to get insights and configurable actions. It also uses machine learning to compare behaviours with Mitre ATT&ck DB and many other features.
Any producer of critical software should be personally and financially responsible for these kinds of errors. Their impact is so great it may be necessary for their to be an independently verified PRIOR to release .....
Putting people in danger of death due to releasing faulty software should be a criminal offence, at least in a form of negligence. If that's what you mean by personal responsibility. Whoever had this responsibility of releasing untested software should be held responsible.
All of this is spot on and I don't disagree with any of it. I use and manage both Crowdstrike and SentinelOne on the daily. Crowdstrike had been rock solid for the most part with updates for a LONG time. SentinelOne was more sketchy with updates to their agents, but it inherently noisy. I use Huntress and have it manage Windows Defender, and it's solid. I'd like to see it at a larger scale to compare it to both SentinelOne and Crowdstrike, but it's a solid solution. The "just move to Linux" argument I feel still needs a good look. A lot we do these days is web based, and I feel Microsoft is too big for it's own britches, they see vulnerabilities to their OS and don't patch them sometimes for months, and just assume...what are you going to do, move to another OS?! HAHAHAHA
The fact that this software digs its roots deep into kernel space is reason enough for a mass exodus from anyone competent who is capable of making a switch. Whether a Linux kernel panic or a Windows BSOD, I don't care--no software should attach itself to the kernel without *damn* good reason.
There is no real way to do EDR on windows without being in the kernel. The only reason you can do it on MacOS is because Apple engineered a robust enough API because they were determined to remove the need to anyone else kernel access. Given how much Microsoft is following Apple design it maybe the future, but, who knows.
I would have to disagree with you there. ePO is complex, but the things you could accomplish with it was crazy. Sure it took me a good 6 months of using it and supporting it daily to really get it, but man...I could fully automate that thing and walk away for months and never worry. The problem with McAfee was they got waaay too comfortable on those government contracts that they forgot everything was going to cloud and EDR based endpoint protection, by the time they figured it out they were 10 years behind.
As the former Worldwide Expert for that product at McAfee, I can tell you it had a massive lead 10 years ago but it suffered from literal zero ($0) investment. I had to leave and move onward. After years of nothing, it was surpassed by everyone.
I am not too skilled in this topic, but my business class PC has HP Surestart, which claims to heal any corruption at the boot level from its second encrypted copy right before booting the system. Couldn't companies have something similar on their servers or computers and only give user privileges to general staff?
what you said about not following n-1 is not factual. It was a rapid response content update not a software update that caused the issue so n-1 doesn't apply and would be real bad security if you tried to follow n-1 for zero day exploits. i'm more concerned with the fact so many critical systems run on windows
A £7.75 voucher for Über Eats that doesn't even work. Looking at Über eats, I've never used them; a pizza costs £11.19 + £4 delivery fee. I have a stock of frozen pizzas in my freezer, they cost about £3 each at the supermarket, and I can do one of them in the oven quicker than it takes to get Über / Deliveroo / Just Eat to deliver one to me.
there's always some one that will stay with them after that f up... or! hell companies don't care... they will keep crowdstrike. but hey... maybe if they lose 4 trillion dollars, they will drop them. if I were a CEO, I would drop them on a heartbeat
Que vergonha, falta de consideração e respeito, 2000 pessoas assistiram ao vídeo e menos de 200 deram o like sabendo que esta é a remuneração do desenvolvedor do canal.
One other, less addressed, concern .... This outage may have been _deliberate_ ... a ticked off employee, external influences, making a point, whatever. Nobody seems to want to ask the questions.
Words for the algorithm Gods: "Utube is trying to train me to be reddit mod, only notifications I get are just the toxic ones. Someone trying to reply to me asking about my opinion on something doesn’t show up, unless I manually check from my history list."
I have managed a few single and multi tenant Sentinel One instances over the past few years, and have been happy enough to choose them again at each company. It's been effective while not being a major ticket generation machine like other products I have used like Webroot, for example. Just thought I would chime in on the topic as a Systems Administrator, SSCP, blah, blah, blah.
Its time for more opensource EDR. Just like other disasters that were mitigated by open code, the crowdstrike thing could have been stopped before it was a problem
I'd suggest Seceon, has it's own EDR and is essentially Darktrace with remediation which can be automated, You feed it syslogs and flows from core switches and firewalls to get insights and configurable actions. It also uses machine learning to compare behaviours with Mitre ATT&ck DB and many other features.
Any producer of critical software should be personally and financially responsible for these kinds of errors. Their impact is so great it may be necessary for their to be an independently verified PRIOR to release .....
Putting people in danger of death due to releasing faulty software should be a criminal offence, at least in a form of negligence. If that's what you mean by personal responsibility. Whoever had this responsibility of releasing untested software should be held responsible.
All of this is spot on and I don't disagree with any of it. I use and manage both Crowdstrike and SentinelOne on the daily. Crowdstrike had been rock solid for the most part with updates for a LONG time. SentinelOne was more sketchy with updates to their agents, but it inherently noisy. I use Huntress and have it manage Windows Defender, and it's solid. I'd like to see it at a larger scale to compare it to both SentinelOne and Crowdstrike, but it's a solid solution. The "just move to Linux" argument I feel still needs a good look. A lot we do these days is web based, and I feel Microsoft is too big for it's own britches, they see vulnerabilities to their OS and don't patch them sometimes for months, and just assume...what are you going to do, move to another OS?! HAHAHAHA
The fact that this software digs its roots deep into kernel space is reason enough for a mass exodus from anyone competent who is capable of making a switch. Whether a Linux kernel panic or a Windows BSOD, I don't care--no software should attach itself to the kernel without *damn* good reason.
There is no real way to do EDR on windows without being in the kernel. The only reason you can do it on MacOS is because Apple engineered a robust enough API because they were determined to remove the need to anyone else kernel access. Given how much Microsoft is following Apple design it maybe the future, but, who knows.
The Clownstrike saga continues!
McAfee EPO had a DOD Contract back in 2010. Learned a lot on that system. It was functional but unnecessarily complex.
I would have to disagree with you there. ePO is complex, but the things you could accomplish with it was crazy. Sure it took me a good 6 months of using it and supporting it daily to really get it, but man...I could fully automate that thing and walk away for months and never worry. The problem with McAfee was they got waaay too comfortable on those government contracts that they forgot everything was going to cloud and EDR based endpoint protection, by the time they figured it out they were 10 years behind.
As the former Worldwide Expert for that product at McAfee, I can tell you it had a massive lead 10 years ago but it suffered from literal zero ($0) investment. I had to leave and move onward. After years of nothing, it was surpassed by everyone.
And complexity was useful only if you needed it. For 99% of users they needed automation rather every single button, switch and nerd knob.
I am not too skilled in this topic, but my business class PC has HP Surestart, which claims to heal any corruption at the boot level from its second encrypted copy right before booting the system. Couldn't companies have something similar on their servers or computers and only give user privileges to general staff?
You confirmed the 'rumor' that I heard about the update ignoring tiered deployments (N-1). Thanks
a rumor of a rumor isn't a confirmation
the biggest issue is that Crowstrike blindly pushes updates. any form of testing would have cought these issues.
I agree with this video
i agree with the person who said this video was irresponsible. russia would love it if people fled from the best line of defense
6:58 yes, more often then not it's an ID-10T error. 🤪
Just switch to Linux, love it!
what you said about not following n-1 is not factual. It was a rapid response content update not a software update that caused the issue so n-1 doesn't apply and would be real bad security if you tried to follow n-1 for zero day exploits. i'm more concerned with the fact so many critical systems run on windows
LOL who are the geniuses who think what you said was irresponsible. Thats hilarious.
I guess CrowdStrike isn't going to send you a gift card after this video...lol
A £7.75 voucher for Über Eats that doesn't even work.
Looking at Über eats, I've never used them; a pizza costs £11.19 + £4 delivery fee.
I have a stock of frozen pizzas in my freezer, they cost about £3 each at the supermarket, and I can do one of them in the oven quicker than it takes to get Über / Deliveroo / Just Eat to deliver one to me.
ThreatDown?
The CEO of Crowdstrike was the CTO at McAafee in 2010. Why anyone would do business is beyond me.
I do like using the PEBKAC helpdesk jargon :)
MS Defender for Linux!
Here is one hehehe
And no, it actually exists.
@@tablettablete186 ms defender for linux is junk tho
there's always some one that will stay with them after that f up... or! hell companies don't care... they will keep crowdstrike. but hey... maybe if they lose 4 trillion dollars, they will drop them. if I were a CEO, I would drop them on a heartbeat
Que vergonha, falta de consideração e respeito, 2000 pessoas assistiram ao vídeo e menos de 200 deram o like sabendo que esta é a remuneração do desenvolvedor do canal.
One other, less addressed, concern .... This outage may have been _deliberate_ ... a ticked off employee, external influences, making a point, whatever.
Nobody seems to want to ask the questions.
Words for the algorithm Gods:
"Utube is trying to train me to be reddit mod, only notifications I get are just the toxic ones. Someone trying to reply to me asking about my opinion on something doesn’t show up, unless I manually check from my history list."