Play the hand you're dealt:
Jason's point, he later added, is that while CrowdStrike is considered a threat intelligence vendor, the intelligence their products provide to his organization is of little value. But it's what they have, so they'll take what they can get.
Again, considering what we learned during the demo, even if automated blocking isn't enabled, Falcon Host will still spot most known attacks and raise the proper alerts. However, it was abundantly clear from the demo that Falcon Host's power comes from its automation, which could be a problem if organizations don't trust it.
Do you have a different experience with CrowdStrike? If so, feel free to comment below with your thoughts or email them.
The issue with false positives, too many alerts, and a lack of clear context will come up several times this week. It's one of the largest sources of pain for practitioners working with threat intelligence feeds and platforms.
Sign up for Computerworld eNewsletters.