Hacker News new | past | comments | ask | show | jobs | submit login

Awesome. Is the box there because of government regulation or someone in corporate deciding it's necessary?



Corporation and consultants mostly, judging from my experience. If asked about precise law or regulation they just wave hands.


In my case it was a pci-dss (payment card industry data security standard) audit.


The thing is, you read regulations, and they pretty much always tell you to do something, but it’s always heavily principle based. Companies are left with extraordinary leeway as to how these regulations are actually implemented.


You’re right, which I also used in my argument, but I was shot down by our own people, because their success metrics were based on passing the audit with the least amount of fuss.

We kept our other controls, we just added edr as well, because just having it appeased auditors. If you try to explain to an auditor your other controls, it could change a part of the audit from five minutes to multiple days.

We don’t use crowdstrike, but this was years ago.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: