|
|
|
|
|
|
by joe_the_user
702 days ago
|
|
|
The statement "Security is a process, not a product" refers to no _product_ can be a security strategy. That's the negative part. The positive part is that security considerations have to run through an entire organization because every part of the organization is an "attack surface". The whole concept of CrowdStrike is that it's there to prevent individual users from doing bad things. But that leaves the problem of CrowdStrike doing bad things. The aim of security as process is avoiding the "what-a-mole" situation that this kind of thinking produces. |
|
|