I'd be shocked if some regulation or massive fallout didn't happen from this.
But at the same time, its most likely multiple failures that compounded to reach this. How cloudstrike handles this will be showing. On one hand you can understand that cybersecurity is a fast paced enviorment and sometimes that means rapidly tweaking and updating your signature methodology and constantly creating new methods to identify threats. But on the other hand if those updated filters and identification techniques generate false positives you lose trust. Like someone said on YouTube its surprising they don't do slow rollout, but then when you consider how important some clients are.....I'd bet clients don't want to be stuck as an A/B tester when the new configs could be stopping potential threats.
I'm newer to the security industry so please give me feedback on what my thought process is here, and any comments related to how you protect critical infrastructure in a rapidly changing threat environment.
It hurt itself in its confusion! Serves them right for mandating RAT trash to begin with. Surprise surprise, it turns out centralized control can end up being harmful.
"Are you going to indemnify me for the damage it causes" should be the reflexive response to anybody pushing checkbox security.
I don't see why the two are mutually exclusive, apart from the simplistic good versus evil narrative of marketing departments. Sysadmins didn't install the update that caused the problem, rather it was done by remote access. And it sure looks like the people who installed it got something much different than they were expecting. Is that stretching a little? Sure. But as the word 'rat' is a longstanding synonym for a snitch and as this type of software is often installed by organizational mandates against user/administrator wishes, I smell a RAT.
Personally, I wish more insecure-relative-to-a-trusted-third-party software would fail in such spectacular ways. Then maybe people would stop trusting it.
> with ring-0 access and auto-update one could become the other
I'd say that this means they aren't differentiated by capabilities. So we're down to intent. And well, Crowdstroke didn't intend to brick all those computers either.
But at the same time, its most likely multiple failures that compounded to reach this. How cloudstrike handles this will be showing. On one hand you can understand that cybersecurity is a fast paced enviorment and sometimes that means rapidly tweaking and updating your signature methodology and constantly creating new methods to identify threats. But on the other hand if those updated filters and identification techniques generate false positives you lose trust. Like someone said on YouTube its surprising they don't do slow rollout, but then when you consider how important some clients are.....I'd bet clients don't want to be stuck as an A/B tester when the new configs could be stopping potential threats.
I'm newer to the security industry so please give me feedback on what my thought process is here, and any comments related to how you protect critical infrastructure in a rapidly changing threat environment.