top | item 41010129

(no title)

They could even have done slow rollouts. Roll it out to a geographical region and wait an hour or so before deploying elsewhere.

discuss

saati|1 year ago

In theory CrowdStrike protects you from threats, leaving regions unprotected for an hour would be an issue.

Thaxll|1 year ago

Not really, even for security updates are not needed by the minute. Do you think Microsoft rollout world wide updates to everyone?

easterncalculus|1 year ago

This is definitely their sales pitch, and most orgs (evidently) don't follow the guidance of doing EDR rollouts in staging environments first. That being said, if your security posture is at the point where not getting the latest updates from CrowdStrike quick enough is why you're getting breached, you are frankly screwed already.

xyst|1 year ago

Or test in local environments first. Slow rollouts like this tend to make deployments very very painful.

koliber|1 year ago

Slow rollouts can be quite quick. We used to do 3-day rollouts. Day one was a tiny fraction. Day two was about 20%. Day three was a full rollout.

It was ages ago, but from what I remember, the first day rollout did occasionally catch issues. It only affected a small number of users and the risk was within the tolerance window.

We also tested locally before the first rollout.

daseiner1|1 year ago

You say even (emphasis mine). Is this not industry standard?