Do we need CrowdStrike Falcon?
It has been over a week since an update to CrowdStrike Falcon brought down many Windows server, causing a global outage that affected flights and informational displays in Vegas.
We have to ask ourselves — do we even need agent-based security today? The most common solution I think of when it comes to security in this form is Symantec Endpoint Protection. I get that computer viruses, malware and worms are scary, but Windows has built-in protection for them already!
I bring up the threat of viruses, malware and worm because — at its core — that’s what CrowdStrike Falcon is also aiming to prevent. As much as these threats are a risk, we have to recognise that kernel-level drivers in CrowdStrike Falcon are also risks too.
I think agents are a relic of a time where operating systems did not come packaged with security capabilities. Instead of designing our software by looking backwards and adopting fear-driven practices, perhaps we should design forward and design software itself to be resilient.
