vegeta to TechnologyEnglish · 2 years agoCrowdStrike unhappy with “shady commentary” from competitors after outagearstechnica.comexternal-linkmessage-square96linkfedilinkarrow-up1558arrow-down18cross-posted to: [email protected]
arrow-up1550arrow-down1external-linkCrowdStrike unhappy with “shady commentary” from competitors after outagearstechnica.comvegeta to TechnologyEnglish · 2 years agomessage-square96linkfedilinkcross-posted to: [email protected]
minus-squarePasserby6497linkfedilinkEnglisharrow-up21·2 years agoI appreciated the RiskyBiz episode with the Sentinel one guys where they go over all the ways this could have been prevented if they did real testing Crowdstrike absolutely deserves the shit they’re getting.
minus-squareozymandias117linkfedilinkEnglisharrow-up4·2 years agoOh god. Sentinel one is horrible. If they’re taking issue with your testing, you’ve really screwed the pooch
minus-square𝕸𝖔𝖘𝖘@infosec.publinkfedilinkEnglisharrow-up1·2 years agoHorrible how? I’ve always thought they were pretty solid in the arena.
minus-squareozymandias117linkfedilinkEnglisharrow-up3·2 years agoTheir ftrace hooks caused all disk usage to be serialized, making your multi-core processor single-core when doing anything I/O bound We saw between 500% - 800% increases in build times with their software installed
minus-square𝕸𝖔𝖘𝖘@infosec.publinkfedilinkEnglisharrow-up2·2 years agoWell, that’s spectacular. What do you guys use now?
minus-squareozymandias117linkfedilinkEnglisharrow-up3·2 years agoWe’re still using them on machines where performance doesn’t matter On build machines, they’re on a special VLAN and don’t have endpoint protection, but they only download from a protected mirror
minus-square𝕸𝖔𝖘𝖘@infosec.publinkfedilinkEnglisharrow-up1·2 years agoWe have a similar issue with defender, but those machines are internet connected, so we must have EDR on them.
I appreciated the RiskyBiz episode with the Sentinel one guys where they go over all the ways this could have been prevented if they did real testing
Crowdstrike absolutely deserves the shit they’re getting.
Oh god. Sentinel one is horrible. If they’re taking issue with your testing, you’ve really screwed the pooch
Horrible how? I’ve always thought they were pretty solid in the arena.
Their ftrace hooks caused all disk usage to be serialized, making your multi-core processor single-core when doing anything I/O bound
We saw between 500% - 800% increases in build times with their software installed
Well, that’s spectacular. What do you guys use now?
We’re still using them on machines where performance doesn’t matter
On build machines, they’re on a special VLAN and don’t have endpoint protection, but they only download from a protected mirror
We have a similar issue with defender, but those machines are internet connected, so we must have EDR on them.