Navigating EDR Challenges in Windows Security

Three Buddy Problem - Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike’s preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel.

Other topics on the show include Mandiant's attribution capabilities, North Korea’s gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit.

Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

Links:

• Episode transcript (Unedited, AI-generated)
• Official CrowdStrike preliminary post-mortem
• Microsoft VP David Weston on CrowdStrike outage
• Microsoft VP John Cable on the path forward
• Matt Suiche: Bob and Alice in Kernel-land
• Re-learning Lessons from the CrowdStrike Outage
• Ep5: CrowdStrike's faulty update
• Mandiant Report on North Korea's APT45
• CISA Advisory on North Korea APT45
• KnowBe4 Hires North Korean Fake IT Worker
• Israel’s attempt to sway NSO/WhatsApp spyware case