Ironically, the answer on updates is in large part because many enterprises have historically found CrowdStrike’s quality to be quite high. “We trusted them too far because they have been really good for too long,” Zalewski said, stressing that the decision was also made because enterprise IT was cutting back extensively.

“We didn’t have the resources or the time so we had to trust the vendor,” he said. Many IT operations considered halting the patches and doing their own testing before allowing them to be deployed, but they concluded that “in our minds, the latency of delaying was great. It was higher risk for us to do the testing.”

‘Prove to me that you can test’ or risk defection

Charles Blauner, former CISO for both JPMorgan Chase and Deutsche Bank, and former head of information security for Citi, disagreed with Zalewski regarding the ROI of testing patches before deploying them.