How does Linux it self or some other software on Linux address what Crowd Strike is doing for Windows?
E: thanks for the answers :)
CrowdStrike’s Falcon Sensor agent can be and is installed on bare metal, VMs and inside Kubernetes clusters. All running Linux.
is there a use case … on Linux
It’s already installed on Linux, in massive companies all around the globe. Leadership sure thinks so.
Like it or not, most cyber insurance policies require all endpoints and hosts be secured with industry approved edr solution. Crowdstrike is a very popular multi platform player in that space. 🤷♂️
If someone starts transferring a bunch of files to an external drive, heuristics will detect that and alert. Source: I worked at crowdstrike six years ago.
Is there a use case for CrowdStrike on any platform? No, there isn’t. Anything that messes with the kernel at that level should be considered a security threat on the basis of potential service disruption / threat to business continuity. Do you really want to run a closed source piece of malware as a kernel module?
They completely fuck over their customers in the business continuity aspect, they become the problem and I bet that most companies would never suffer any catastrophic failure this bad if they didn’t run their software at all. No hacker would be able to take down so many systems so fast and so hard.
As if taking down the systems is the biggest cybersecurity threat a company might have.
