Weird - I've got a newer Dell XPS and am making this post with WDE enabled and have had 0 problems. Anecdotal I know, but I've ran pretty much every major Linux distro (Ubuntu/Fedora/Manjaro) and am currently running Regolith linux.
I've not noticed any hiccups or problems at all around encryption.
Yeah, I'm not saying that there aren't exceptions. But if you want to do business with Walmart or Target, unless you're a major player, you can expect them to have a requirement of not using AWS.
Just noting what I've seen from projects that I've actively worked on first hand.
(Also Walmart and Target are far from the only ones that do this, just using them as examples.)
I actually think the OP is right, but not for the example they listed and not in a way that I directly care about or that impacts me (but would be better for Amazon).
The fact that Amazon is also a retail shopping site / now owns whole foods causes a lot of high end/large retail giants to NOT use AWS and actively have in their contracts that they will not do business with a company if AWS is their cloud provider.
There are exceptions, like if you stand up infrastructure specifically for the retail client that's against using AWS in another cloud instance (And I'm sure there are other exceptions out there).
But this is something that negatively impacts Amazon / AWS. I think ultimately though that's a business decision that they are welcome to make for themselves and I don't think really impacts the end AWS user.
To add on to his points, there are often times corporate policies (You can argue the legitimacy of them or not) that absolutely mandate that you cannot run beta/non-fully released software in production.
One of the last places I worked last ensured that all of our firewall's (and other appliances I'm assuming, they were not my areas though) were an update or two behind (assuming no security vulnerabilities were identified) to ensure stability.
Genuine question - when I use slack - I'm able to see messages going back to when the channel was created for my organization as well as all files shared by date. I'm not sure how slack doesn't do this well?
The problem with this strategy is that IP Address/Domains/Hashes that are publicly available for free are typically dated and are rarely useful for catching anything other than mass scanning / ssh brute forcing or for doing retroactive searching and analysis.
You're also assuming that the linux server is the initial attack vector.
It is not uncommon for an org to be breached, and for the adversary to pivot to an admin box, and for the adversary to then gain control of a server using the admins legitimate credentials. All the while dropping persistence mechanisms along the way. Secure configurations and setups are always recommended and the above information is great advice. BUT it is also dated advice.
If you're not actively monitoring these servers and the activity on these servers they will eventually be popped. Logging all process/CLI activity is an awesome way to get started on monitoring, but if you're going that route, deploying Wazuh or an EDR tool can only add extra value by allowing you to create alerts off of specific values.
I work as a detection engineer for a Security vendor and I'm going to go against the grain and say that there ARE tools you should run to monitor your linux infrastructure that are similar to AV but are NOT AV. I write detection's for these tools all day long for Linux systems and there's a BUNCH you can detect and alert on that's abnormal activity that should be investigated and having tools in place such as an EDR tool can make those investigations easier.
Looking at the original post - some of those would be monitoring the the bash history environment variables. This is commonly modified by threat actors as a defense evasion technique. (I see it a bunch with insider threats to)
There's a bunch of others - but having just that one alert trigger would have likely been enough to start an investigation and catch this malware should the protective controls others have recommended fail.
That said the tools to do the more necessary modern monitoring do typically require more maintenance and configuration and it's not typically a set and forget type of solution.
Options I'd recommend:
LimaCharlie - https://limacharlie.io - Cloud based EDR tool, it has a cost, but is not expensive ($1 per endpoint monitored, supports all Linux flavors). It's a lot easier to deploy and manage, but you'll have to write your own rules. This though will also allow you to remotely look at all processes/pull files off of a machine remotely/isolate hosts on the network etc
There are a bunch of other EDR tools out there like Carbon Black or CrowdStrikes/FireEye's tooling, but they run a high premium ($20-40 per end point, and typically only support Ubuntu or Redhat or both)
Wazuh - https://wazuh.com/ - It's a better maintained fork of OSSEC that makes mass deployments easier/has more default rules etc. It'll give you FIM/Notify you of insecure configurations etc - This one will require the most work to setup
Security Onion - https://securityonion.net/ - this one is probably a little overkill, but modern versions include Wazuh (as seen above) as well as OSQuery/Network IDS's (which are it's core feature)
I've not noticed any hiccups or problems at all around encryption.