vegeta@lemmy.world to Technology@lemmy.worldEnglish · 3 months agoCrowdStrike unhappy with “shady commentary” from competitors after outagearstechnica.comexternal-linkmessage-square105fedilinkarrow-up1557
arrow-up1549external-linkCrowdStrike unhappy with “shady commentary” from competitors after outagearstechnica.comvegeta@lemmy.world to Technology@lemmy.worldEnglish · 3 months agomessage-square105fedilink
minus-squarePasserby6497@lemmy.worldlinkfedilinkEnglisharrow-up21·3 months agoI appreciated the RiskyBiz episode with the Sentinel one guys where they go over all the ways this could have been prevented if they did real testing Crowdstrike absolutely deserves the shit they’re getting.
minus-squareozymandias117@lemmy.worldlinkfedilinkEnglisharrow-up4·3 months agoOh god. Sentinel one is horrible. If they’re taking issue with your testing, you’ve really screwed the pooch
minus-square𝕸𝖔𝖘𝖘@infosec.publinkfedilinkEnglisharrow-up1·3 months agoHorrible how? I’ve always thought they were pretty solid in the arena.
minus-squareozymandias117@lemmy.worldlinkfedilinkEnglisharrow-up3·edit-23 months agoTheir ftrace hooks caused all disk usage to be serialized, making your multi-core processor single-core when doing anything I/O bound We saw between 500% - 800% increases in build times with their software installed
minus-square𝕸𝖔𝖘𝖘@infosec.publinkfedilinkEnglisharrow-up2·3 months agoWell, that’s spectacular. What do you guys use now?
minus-squareozymandias117@lemmy.worldlinkfedilinkEnglisharrow-up3·3 months agoWe’re still using them on machines where performance doesn’t matter On build machines, they’re on a special VLAN and don’t have endpoint protection, but they only download from a protected mirror
minus-square𝕸𝖔𝖘𝖘@infosec.publinkfedilinkEnglisharrow-up1·3 months agoWe have a similar issue with defender, but those machines are internet connected, so we must have EDR on them.
I appreciated the RiskyBiz episode with the Sentinel one guys where they go over all the ways this could have been prevented if they did real testing
Crowdstrike absolutely deserves the shit they’re getting.
Oh god. Sentinel one is horrible. If they’re taking issue with your testing, you’ve really screwed the pooch
Horrible how? I’ve always thought they were pretty solid in the arena.
Their ftrace hooks caused all disk usage to be serialized, making your multi-core processor single-core when doing anything I/O bound
We saw between 500% - 800% increases in build times with their software installed
Well, that’s spectacular. What do you guys use now?
We’re still using them on machines where performance doesn’t matter
On build machines, they’re on a special VLAN and don’t have endpoint protection, but they only download from a protected mirror
We have a similar issue with defender, but those machines are internet connected, so we must have EDR on them.