Hi Fifth.
Ultimately I didn’t see any statement to the effect that Falcon could or did stop this attack before it happened. Among the many organisations that were breached over many months, weren’t there at least a few of them with Crowdstrike products installed? I would guess that there were some, but they were happy enough to get the new SolarWinds Vulnerability Dashboard to help them patch things up. And if Falcon did stop an attack, why didn’t CRWD trace it back to the software patch?
I think these are all great questions to ask CRWD IR. The way I am thinking of this is until I see proof that Crowdstrike was hacked than I have to assume they weren’t. It is spelled out very succinctly exactly who was hacked. The question I have is if Crowdstrike was hacked where is your proof? I haven’t seen a single article yet that they have been.
Also, I haven’t seen anything on Okta either. I find that interesting only because Okta manages identity. Maybe Okta is really doing a great job also.
Andy