←back to thread

CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes

(www.theregister.com)
158 points kenjackson | 1 comments | 22 Jul 24 02:22 UTC | HN request time: 0.209s | source
Show context
ykonstant ◴[22 Jul 24 06:05 UTC] No.41031312[source]
Sorry to hijack this post, but for affected admins reading this: how is the recovery process going? What is your estimated time to normalcy?

Also, for Linux and especially BSD admins: has this incident affected your perspective on EDR/XDR systems in the kernel? What would you suggest as an alternative to ensure regulatory compliance?

replies(2): >>41031360 #>>41041546 #
1. tguvot ◴[23 Jul 24 01:11 UTC] No.41041546[source]
not strictly sysadmin. working on fedramp certification of really big system.

we have crowdstrike in our usual production environment and i was always against it because i was always afraid of something like what happened. but security department pushed it through because this is something that they understand and can control. "security architecture of product" it's not concept that they understand.

but answering your question, fedramp does requires EDR to be present. according to our fedramp advisors clamav is sufficient for passing audit.