If you are reading this, you experienced the epic Crowdstrike fiasco in July 2024.
Remember this blue screen?
And perhaps your team is looking for a Crowdstrike alternative.
But before you look into the alternatives, let’s look at why this disaster happened.
- Crowdstrike did not have proper testing procedures in place. Regardless of what they say, they deployed an update to more than a million Windows devices without proper testing.
- Microsoft agreed to give all antivirus vendors the same unrestricted level of access to the Windows kernel as its own Defender product, in 2009, due to European pressure.
Bureaucrats!
What can I say? Bureaucracy does not care about the technical consequences, only for its own illogical purposes. We see that a million critical devices, mostly corporate devices, at airports, hospitals, and even military devices, went completely offline until a technician could physically reboot each machine into Safe mode and fix it with their hands.
The problem was NOT fixable remotely unless your desktops or servers were on Microsoft 365’s virtual desktop infrastructure (or some other kind of VDI).
And now you’re looking for a Crowdstrike replacement…
But the same thing has happened with other security products before. McAfee did the same in 2010. Then, their CTO founded Crowdstrike a year later. (No comment here.)
Until Microsoft gets its act together and makes such ‘mistakes’ impossible, just like Apple did years ago, any security product similar to Crowdstrike would be a potential disaster.
Lessons learned
It’s not about the security product. You don’t have to replace Crowdstrike. Instead, think about your security team’s capabilities, your IT team’s capabilities, and your security architecture.
What should you do next?
- Stop relying on some piece of software to defend your company. It will fail. It will miss incidents.
- Start relying on proper security configuration of all your software and devices. Implement security hardening on all laptops and desktops, on all servers and network devices. If you don’t know the best ways to implement security hardening, contact us and we will help you.