>they just know it’s something they can invest their cybersecurity budget into and have an easy way to fullfill their ”implement cybersecurity” kpi:s

To be fair. This is what companies like Crowdstrike are selling to these managers. Emphasis on the world "SELLING"

Exactly, and this is why I've heard the take that the companies who integrate this software need to be held responsible by not having proper redundancy, and while its a fine take, we need to keep absolutely assailing blame at Crowdstrike and even Microsoft. They're the companies that drum the beat of war every chance they get, scaring otherwise reasonable people into thinking that the Cyberworld is ending and only their software can save them, who push stupid compliance and security frameworks, and straight-up lie to their prospects about the capabilities and stability of their product. Microsoft sets the absolutely dog water standard of "you get updates, you cant turn them off, you can't stagger them, you can't delay them, you get no control, fuck you".

Exactly.

Perhaps true in some cases but in regulated insustries (example fed regulated banks) a tool like crowdstrike addresses several controls that if uncontrolled result in regulatory fines. Regulated companies rarely employ home grown tools due to maintainance risk. But now as we see these rootkit or even agent based security tools bring their own risks.

I’m not arguing against the need to follow regulations. I’m not familiar what specifically is required by banks. All I’m saying Crowdstrike sucks as a specific offering. I’m sure there are worse ways to check the boxes (there always is) but that’s not a much of a praise.

My rant is from a perspective in an org that most certainly was not a bank (b2b software/hardware) and there was enough of ruckus to tell it was not mandated there by any specific regulation (hence incompetence).

The point is that CrowdStrike is only useful for compliance, not for security.

I think a lot about software that is fundamentally flawed but gets propelled up in value due to great sales and marketing. It makes me question the industry.

It's interesting that this is being referred to as a black swan event in the markets. If you look at the SolarWinds fiasco from a few years ago, there are some differences, but it boils down to problems with shitty software having too many privileges being deployed all over the place. It's a weak mono culture and eventually a plague will cause devastation. I think a screw up for these sorts of software models shouldn't really be thought of as a black swan event, but instead an inevitability.

But most managers get to their positions by passing the buck and not being present when inevitability happens or being able to blame the other guy.

> have an easy way to fullfill their ”implement cybersecurity”

There's a typo in there. "Do cyber" is how the said managers would phrase it.

That kind of phrasing lends itself to some wild misunderstandings...

That is how all of these tools are. I have always told people that third-party virus scanners are just viruses that we are ok with having. They slow down our computers, reduce our security, many of them have keyloggers in them (to detect other keyloggers). We just trust them more than we trust unknown ones so we give it over to them.

CloudStrike is a little broader of course. But yeah, its a rootkit that we trust to protect us from other rootkits. Its like fighting fire with fire.

This is the same argument as saying the government is just the biggest gang — a mafia with uniforms.

The government metaphor is apt. Someone has overall authority over your compute and data on your PC. In general I would view the OS as the government.

Which is... true?

100%

It's like when you are using Wiz. You give your most secret files to former Israeli intelligence officers, and hope for the best.

It doesn't really make your data "more secure" or "private".

This is an interesting response. I'm curious why you specifically believe "it’s a half-baked rootkit sold as a figleaf for incompetent it managers."

That’s my experience as an unfortunate user of a PC as a software engineer in an org where every PC was mandated to install crowdstrike. Fortune 1000.

It ran amok of every PC it was installed to. Nobody could tell exactly what it did, or why.

Engineering management attempted to argue against it. This resulted in quite public discourse which made the incompetence of the relevant parties in it-management related to it’s implementation obvious.

Not _negligently_ incompetent. Just incompetent enough that it was obvious they did not understand the system they administered from any set of core principles.

It was also obvious it was implemented only because ”it was a product you could buy to implement cybersecurity”. What this actually meant from systems architecture point of view was apparently irrelevant.

One could argue the only task of IT management is to act as a dumb middleman between the budget and service providers. So if it’s acceptable it managers don’t actually need to know anything of computers, then the claim of incompetence can of course be dropped.

Because a security software shouldn't be able to cause a kernel panic, but if it can, then the kernel component should be rock solid.

because it took down half the world?

and it shows that the deployment process was not under control and that something malicious could have happened as well

Which part seems dubious to you?

Very well put. Compliance over actual ops or security.