Adrian Sanabria on Nostr: The Crowdstrike incident revealed an interesting insight. It seems that many folks ...
The Crowdstrike incident revealed an interesting insight. It seems that many folks now conflate EDR with anti-virus/EPP.
I did a bit of research to see if EDR/AV/EPP products had been merged while I wasn't paying attention, but it doesn't appear they did.
I believe the Crowdstrike incident was caused by the company's anti-virus product, not their EDR product.
This makes sense, as EDR doesn't need to deeply hook into the kernel at boot time to do what it does. Since AV is designed to prevent and remove threats, it needs much deeper access into the kernel/OS.
I did a bit of research to see if EDR/AV/EPP products had been merged while I wasn't paying attention, but it doesn't appear they did.
I believe the Crowdstrike incident was caused by the company's anti-virus product, not their EDR product.
This makes sense, as EDR doesn't need to deeply hook into the kernel at boot time to do what it does. Since AV is designed to prevent and remove threats, it needs much deeper access into the kernel/OS.