CrowdStrike’s Post

Sysadmins after reading this post: 🤨

Main questions and how / why failed. 1. How did this past the testing / QA processes, check the checker and so much more before being released? 2. How / why were/are so many hit simultaneously? Where are the companies validations / testing / QA processes before deployment? Something just not adding up.....needs to be clear explicit transparency of how / what failed.

Why do I trust the incident response team at CrowdStrike more now than ever before? After spending my life in incident response, I’ve seen firsthand that it’s not always about security incidents—sometimes, it’s about business disaster recovery too. In this situation, it was an outage and seeing CrowdStrike’s team respond so quickly and effectively was truly reassuring. They brought our #msp #mssp partner’s systems that ran falcon sensor back online quickly and efficiently. If there’s one company I trust to handle large-scale incidents, it’s CrowdStrike. I count on them to get us through tough times. And let’s face it, as a security professional we all know that incidents are inevitable, how you handle them is everything!

Y’all need to figure out how this got past QA. This isn’t an obscure bug that affected a few customers. It affected everyone regardless of environment. A junior QA team/person would have found this if they actually tested it. Your process failed and if you don’t address it, my guess is that your customers are going to find another vendor. Did someone sabotage this intentionally? If so, this was indeed a cyberattack. I recommend you be as transparent as possible moving forward. If you try and hide this and your customers find out, that trust is gone.

Lets go #engineers at CrowdStrike. I couldn't buy the dip in CrowdStrike because of CrowdStrike $CRWD

My wife sat in an airport for 8 hours, the restaurants were down, banks and atms failing, then sat on runway for two hours to deplane, rental cars are not available, hotels solid and people sleeping on side of road in cars. This paralysis of America is because we put trust in you. It is broken and so is America. As much as we want to say nice things there is no apology that will make up for the hardship, the lack of trust, the blind trust you have instilled in IT professionals and the economic impact of this. All of us are paying because you did not follow the basic principles of testing. Now we get to watch as cyber insurers come after your company and Congress eats you alive. Nothing more than an Epic shit show.

No software product is bug free. But integration testing and QA is more important than ever. Look at the hysteria and impact that we are all seeing. Now, think about the national impact of an orchestrated cyber attack on our critical infrastructure by global adversaries. An orchestrated attack would bring our life to a stop! Question is how long and deep. It is clear to me that teamwork and resiliency is mandatory across commercial and governments to address and mitigate national risks to the common american and our war fighters.

Who takes the real accountability here is the question? Was the released update not even tested on one server and released to the world? And the deep integration with OS layer allows such tools to break the OS. So many productive hours and business got lost to cover this. Then there were other complications servers in cloud, db clusters on MS stack.. just to name a few..

Bro's company just trashed half of the world's servers and he calls it "an incident" 😎