Imagine you have some secure compound, like a military base. It has good thick walls and fences all around, and also internally between areas, and there are checkpoints where guards check everyone's credentials, and only allow people into areas where they have any business being. This would be good security.
Unfortunately, Windows and lots of other software is not like that, since it was developed before the internet, when you actually needed physical access to mess with a computer. So most company's networks and computers are more like a university campus where people can just wander around as they please. So you could try to rebuild and retrofit everything to be more like the above mentioned military base, but that is hard, expensive and very disruptive.
So here comes Crowdstrike, with their sales pitch: We'll send a couple of security guards over, and they will look out for anyone suspicious and if they see something, they sound an alarm and maybe detain the person. Of course they need access to everything in order to do their job. You need to trust them to not fuck up and cause some damage or even to not hire infiltrators which would have full security clearance.
Well in this case, they got a faulty order from Crowdstrike to shut the whole thing down, not let anyone in, and no communication in and out. So now someone with some actual authority has to go down there, and tell them to stand down. And this happened probably to some double-digit percentage of bigger companies and institutions everywhere except in China, all at the same time.
I just thought of a metaphor for this stuff.
Imagine you have some secure compound, like a military base. It has good thick walls and fences all around, and also internally between areas, and there are checkpoints where guards check everyone's credentials, and only allow people into areas where they have any business being. This would be good security.
Unfortunately, Windows and lots of other software is not like that, since it was developed before the internet, when you actually needed physical access to mess with a computer. So most company's networks and computers are more like a university campus where people can just wander around as they please. So you could try to rebuild and retrofit everything to be more like the above mentioned military base, but that is hard, expensive and very disruptive.
So here comes Crowdstrike, with their sales pitch: We'll send a couple of security guards over, and they will look out for anyone suspicious and if they see something, they sound an alarm and maybe detain the person. Of course they need access to everything in order to do their job. You need to trust them to not fuck up and cause some damage or even to not hire infiltrators which would have full security clearance.
Well in this case, they got a faulty order from Crowdstrike to shut the whole thing down, not let anyone in, and no communication in and out. So now someone with some actual authority has to go down there, and tell them to stand down. And this happened probably to some double-digit percentage of bigger companies and institutions everywhere except in China, all at the same time.