Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have to say, it saved our ass a few months ago. Some hacker got access to one of multiple brands server infrastructure, started running PowerShell to weed through the rest and CrowdStrike notified us (the owning brand) that something was off about the PowerShell being ran. Turns out this small brand was running a remote in tool that had an exploit. Had Crowdstrike not been on that server we wouldn't have known until someone manually got in there to look at it.


Happy to know it works when needed!

But the implementation (when running on user PC:s) is still half-baked.

My experience is using PC with Crowdstrike for daily software development. In that setting it’s quite terrible.

The server setting sounds a much more reasonable use.


I've had CrowdStrike completely delete a debug binary I ran from Visual Studio. Its injected module in every single process shows up in all of our logging.


Yep. Exactly this and more.


I assume if you weren't running crowdstrike, you would have still had logging/alerting systems set up, no?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: