Skip to main content

Posts

Showing posts from July, 2024

CrowdStrike Falcon was ALWAYS a bad idea

On Friday, July 19, 2024, a single piece of software ground a good chunk of the planet to a screeching halt when someone at CrowdStrike deployed a system driver file filled with zeroes. Threat and state level actors can only dream of having backdoor, kernel level access to the OS of the hundreds of thousands, if not millions, of machines that CrowdStrike Falcon has been installed on. If you are a top level IT manager and use Microsoft Defender, SentinelOne, Huntress, or other Enterprise Endpoint Detection & Response (EDR) remote management solutions, you are probably patting yourself on the back and thinking to yourself, "Whew! We just dodged a bullet!" No. You are still someone who doesn't actually understand the fundamentals of system and network security. True system and network security isn't dependent upon a single piece of magical software that solves all of your problems. It is a combination of first hardening of the mind to trust nothing and trust