Our IT Security's solution is to just keep adding space to the filesystems.
(In Linux world, rebooting all of production is not an acceptable solution). The recommended solution was to downgrade to the previous version and reboot. along with upgrade issues, the most recent agent version 2.12.0-698755 was filling up filesystems with gigabytes of "data", causing after hours NOC calls to expand the filesystems or delete the data. (we deploy via salt, but even then the upgrade path is archaic with three separate packages/tar files) This is causing us to spend many man-hours upgrading it every time it has a new release. it is incapable of upgrading its self (even though it supposedly has the "function"). We had to add 2 CPUs to all our VMs after deploying it as it hogs resources.
Carbon Black very often comes up as the cause of an issue during our change control meetings. I speak only from the Linux side as that's what I handle, but our Windows guys haven't said anything nice about it either. It's $3-5m to get unf*cked from a cyber incident.NGAV is a LOT cheaper. You just need to put together a proper presentation that puts the risk onto your upper level mgmt if they don't buy it. You can get the money for proper EDR/XDR.Getting the EDR provider's 24x7 NOC support is critcal.Most important for everyone to understand IMHO Defender P1/P2 is also pretty decent console but the AV endpoint product is sh!t and I wouldn't run it unless my budget was zero and that's all I could get. We actually run Defender and S1 together (not my idea) and when doing certain actions like logon, file copy or software installations they take turns raping the CPU and disk, esp noticeable on VMs.ĬS is unnoticeable on CPU and updates are a breeze.īoth CS and S1 have great consoles for tracking forensics etc.
S1 is a CPU hog and a PITA re updates, often leaving multiple versions of itself on a computer etc. Good summary matching my persona experience with Crowdstrike (2yrs ago) and S1 (now).
0 kommentar(er)
