CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes

Sorry to hijack this post, but for affected admins reading this: how is the recovery process going? What is your estimated time to normalcy?

Also, for Linux and especially BSD admins: has this incident affected your perspective on EDR/XDR systems in the kernel? What would you suggest as an alternative to ensure regulatory compliance?

I do manage a few Linux machines (firewall passes only http and https -> nginx -> custom backend), but I'd never heard of Crowdstrike before. I don't even know what their product is supposed to do. As far as I can see, kernel level protection could only help prevent someone bypassing the firewall and trigger an exploit in nginx. But if Crowdstrike knows about such exploits, everyone does, and the firewall or nginx gets patched.

What am I missing?

Edit: I know it is supposed to implement "EDR", but it's always explained in the vaguest of terms.

> But if Crowdstrike knows about such exploits, everyone does

This is actually the most important thing happening with EDR as a concept, it handles novel cases that have never been seen before, with a human review very quickly. Our csirt has an SLA of 3 minutes.

It's right there in the name acronym. Detection and Response.

That's just marketing bullshit.

"We have magic code that watches everyone's computer and sends it all back to our system, where we apply magic to detect malware and then send the code back to all of your systems and until we can say we have AI, we're going to lie that a human will be able to review this information in 3 minutes.