There was an additional auto update function that wasn’t disclosed. Delta had disabled the auto update because, like many large companies, they prefer to deploy changes incrementally so that an issue doesn’t blow-up all their systems at once.
So…
Isn’t autoupdating software by definition an authorized backdoor by virtue of enabling it?
Yes. Which is why they contend disabling it makes it unauthorized.
That’s not how that works. CS didn’t have at the time, an option to disable channel file updates. It’s how their edr works. Delta’s mssp or secops group, %100 knew this as it’s in CS own documentation. They really don’t have a foot to stand on here, but CS will pay it to make it go away.
There was an additional auto update function that wasn’t disclosed. Delta had disabled the auto update because, like many large companies, they prefer to deploy changes incrementally so that an issue doesn’t blow-up all their systems at once.
So…
Yes. Which is why they contend disabling it makes it unauthorized.
That’s not how that works. CS didn’t have at the time, an option to disable channel file updates. It’s how their edr works. Delta’s mssp or secops group, %100 knew this as it’s in CS own documentation. They really don’t have a foot to stand on here, but CS will pay it to make it go away.