From my perspective as an experienced operational IT and Security worker, Crowdstrike is getting a raw deal from just about all sides.
Disclosures, before I start: I've met one Crowdstrike employee for ten minutes at BlackHat, and I'm a CS Falcon admin. That's it. (Also, opinions here are my own and not that of my employer.)
But I *am* a Crowdstrike Falcon administrator, and along with my direct operational experience in the IT trenches it provides a certain hands-on perspective that I have not seen represented in most commentary and reporting.
We see the results of single-platform monoculture "as a service." This certainly was a big miss by CS QA, and the lack of staged rollout procedures is a major misstep. But the lion's share of material out there laying all pain points almost exclusively in Crowdstrike's lap is extremely convenient for the folks doing it, especially Microsoft - who are a direct competitor to CS in the enterprise protection space, in addition to being keenly incentivized to move the infosec news cycle off of their repeated failures to keep threat actors out of material Microsoft argued only they could protect.
Let's talk about more pain points: the IT outsourcing industry is expected to hit $600 billion this year, and $800 billion by 2029. Firms with in-house IT continue to serially underfund IT as a principle; they don't generate deals, they don't generate products, so they're often whittled down to a bare minimum viable structure for operational purposes, completely unprepared for disaster recovery scenarios. Many of the pain points we see emerging from last weekend are a delayed consequence of these decisions.
The fix was available by 0600 Friday ET, when I logged in. An automated fix using WinPE and PXE emerged by about 1400ET Friday. Both require on-site teams with knowledge of the specific infrastructure, something simply absent from most outsourcing schemes, along with any kind of longitudinal responsibility. The other immediate confounder was Bitlocker - and again, underfunding IT teams or outsourcing them do not lend to a responsible program of Bitlocker key storage.
Crowdstrike made errors for sure, but the narrative pushed aggressively by competitor Microsoft and businesses eager to disclaim the consequences of their funding priorities falls squarely afoul of anything approaching even-handed. The quote parade from CIOs and CISOs rather than front-line IT workers betrays to me, as a longtime operational technologist, just how skin-deep the dominant narratives penetrate or seek to address the real problems at hand.
These events happen. Market and industry incentives convinced an entire generation of technology executives they were now someone else's problem. Short of in-depth reflection and work at this level by all of us, we will simply crash into these events over and over, with consequences most adversely affecting service end-users that rely on all of us to be better stewards of our part of the technology ecosystem.