Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Perhaps true in some cases but in regulated insustries (example fed regulated banks) a tool like crowdstrike addresses several controls that if uncontrolled result in regulatory fines. Regulated companies rarely employ home grown tools due to maintainance risk. But now as we see these rootkit or even agent based security tools bring their own risks.


I’m not arguing against the need to follow regulations. I’m not familiar what specifically is required by banks. All I’m saying Crowdstrike sucks as a specific offering. I’m sure there are worse ways to check the boxes (there always is) but that’s not a much of a praise.

My rant is from a perspective in an org that most certainly was not a bank (b2b software/hardware) and there was enough of ruckus to tell it was not mandated there by any specific regulation (hence incompetence).


The point is that CrowdStrike is only useful for compliance, not for security.


A properly used endpoint protection system is a powerful tool for security.

It's just that you can gamble compliance by claiming you have certain controls handled by purchasing crowdstrike... then leave it not properly deployed and without actual real security team in control of it (maybe there will be few underpaid and overworked people getting pestered by BS from management)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: