Friday morning last week, windows users across the globe woke up to “blue screens of death” (BSOD) as a result of a flawed software update from CrowdStrike. This bug led to power cuts worldwide and brought airlines, ships, hospitals, and banks to a standstill. Others see opportunities in the debris.
Opportunity After Tragedy (CrowdStrike)
The global outage is another example of how much technology underpins life. There are some venture capitalists who view this as an opening for new technologies that could prevent this from ever happening again. Some buggy software update in 2024 should probably not have been able to crash so many of the world’s most important computers. This is exactly why startups and venture capital exist: they exist so that they can come up with something new when there are serious problems.
Beyond Cybersecurity
However, according to CRV general partner Reid Christian, this was not just a cybersecurity event; it is that a major vendor released untested or debugged software without rolling it out in stages. While Fleet is investing in cybersecurity and IT management start-up, it monitors your endpoints’ supplier instances.
The Role Played by Additional Software
In such situations it is not certain if more mobile device management types of applications like Fleet would have worked better with each other in relation to CrowdStrike problem in question? The issue seemed caused by a defective Windows kernel-level driver through which computer programs are installed at their very depths. Even those organizations with MDM software other than CrowdStrike were still affected by the BSODs. According to Christian any time you give access to a vendor at that level with full-trust there needs to be more security.
Watching the Watchers
Christian said “we need people watching the watchers in cyber space.” He added: “You can have your main vendors but you must have ancillary vendors as well because they sit alongside us and support.” Nonetheless, Fleet co-founder and CTO Zach Wasserman tells TechCrunch that their security software does not interfere with the system’s stability.
Non-Invasive Methods
However, it was not a cyber attack by a malicious hacker that resulted in this outage on Friday; rather, it was CrowdStrike’s ability to access the kernels that caused such severe consequences.
Different Approaches
Chahal said “once you give access to the kernel (as in this case), it’s hard to stop these issues.” In an email to TechCrunch he added, “but avoiding by using non-invasive approaches is definitely possible and companies such as Wiz (Cloud Security) and Oligo Security (runtime security) take these alternative approaches for this reason.” Oligo Security uses sandboxing thereby making its position as a security observability software for open source software different from any direct kernel use. Because it is only limited to Windows, which would have made no difference regarding this problem. However, sandboxes seem like something the Windows security industry may want to pursue further.
Impact on the Security Ecosystem CrowdStrike
At this time, Wiz is not yet running around with excitement. However, Wiz board member Gili Raanan said that it was Friday’s event that increased pressure on all people involved because of the noise in cybersecurity circles about a $23 billion Google (CrowdStrike) acquisition deal. As a result, he assumes that this occurrence will lead to greater scrutiny across entire security ecosystem as far as products and deployment are concerned.
No Winners, Only Losers
According to Raanan, “This is a sad day for CrowdStrike, but also for anyone who works in cyber security. But there were no winners today and we were all losers.”
Need for Cloud Observability (CrowdStrike)
Following Friday’s outage, Logan Allin (B2B financial services investor) believes that there is a need for cloud observability companies even more so than before. Other than cybersecurity; then again they are integrating more AI solutions which have software updates like this one and depend on external APIs the most.
Outdated Infrastructure (CrowdStrike)
We have companies in our portfolio like Middleware whose middle technology ensures they don’t break your API integrations among your cybersecurity and cloud orchestration or anywhere else along your architecture where you have moving packets of data,” Allin explained. Moreover, though Friday’s shutdown was shocking enough for venture capitalists including Chahal and Allin who suggest that it represents just the beginning of an outdated crumbling infrastructure layer. For instance, finance or healthcare fall under very old sectors where such outages point to inefficient technology requirements.
