You will still see security teams pushing endpoint protection with kernel level observability onto air-gapped systems, so this issue still exists
From my own limited experience, those air gapped systems are often no more well managed than anything else. Perhaps having one more hop between the update channel and the secure network is enough to catch crowdstrike, but don’t be surprised if it isn’t.
> You will still see security teams pushing endpoint protection with kernel level observability onto air-gapped systems
Why though? Is it just "because we do it on every other machine", scared to fail audit, or what? Obviously the regulatory environment is a problem but IT incompetence is also another.
From my own limited experience, those air gapped systems are often no more well managed than anything else. Perhaps having one more hop between the update channel and the secure network is enough to catch crowdstrike, but don’t be surprised if it isn’t.