CrowdStrike, a prominent cybersecurity firm, recently faced criticism from its competitors following a major software update failure that led to a global IT outage. Michael Sentonas, CrowdStrike’s president, expressed his discontent with what he described as “shady” tactics employed by rival companies attempting to capitalize on the situation by instilling fear among CrowdStrike’s customers and capturing market share.
The disruption, which occurred on July 19, impacted 8.5 million Windows devices worldwide, causing significant operational challenges for many of CrowdStrike’s high-profile clients. Sentonas addressed these competitive maneuvers in an interview with the Financial Times, labeling them as “misguided” attempts to promote their own products at the expense of CrowdStrike’s reputation.
Despite facing criticism from companies like SentinelOne and Trellix, Sentonas emphasized that no cybersecurity vendor could “technically” ensure their software would never lead to a similar incident. He underscored the importance of trust in the cybersecurity industry and noted that exploiting such incidents for competitive advantage ultimately undermines the credibility of those companies engaging in such practices.
The fallout from the outage was substantial, with insurers estimating potential losses in the billions. Delta Air Lines, one of the affected companies, canceled over 6,000 flights and projected losses of $500 million, even threatening legal action against CrowdStrike. However, as part of the CrowdStrike response, their legal team has denied responsibility for the extent of Delta’s disruptions, arguing that their contractual liabilities are capped at “single-digit millions.”
In response to the outage, competitors like SentinelOne criticized CrowdStrike’s product design and testing processes, positioning themselves as safer alternatives. SentinelOne’s CEO, Tomer Weingarten, attributed the global shutdown to “bad design decisions” and “risky architecture” within CrowdStrike’s products. He further suggested that CrowdStrike’s extensive use of kernel-level code contributed to the widespread failures, as faulty software in this critical area can lead to system crashes, evidenced by the numerous “blue screens of death” experienced by users. Trellix, another competitor, reassured its clients of a different approach, with CEO Bryan Palma emphasizing a conservative philosophy that purportedly minimizes such risks. While the global shutdown may have been caused by a bad design decision and non-thorough testing of updates before they are globally deployed, the use of kernel-level code is nothing new in the anti-virus and cyber-security fields. Usage of kernel-level code is prominent in these products just like it has been prominent for the longest time in video game anti-cheat products. SentinelOne itself utilizes kernel level code in their own products to protect devices from threats.
This sentiment was echoed by other industry players, who criticized the opportunistic behavior of some vendors in leveraging the outages to market their own solutions. Forrester analyst Allie Mellen noted that while some vendors were using the incident to sell their products, the cybersecurity industry generally disapproves of such “ambulance chasing” tactics.
The market reaction to the incident saw shares in CrowdStrike’s publicly listed competitors rise, with SentinelOne’s stock climbing 19 percent and Palo Alto Networks seeing a 13 percent increase. Meanwhile, CrowdStrike’s market value dropped by nearly a quarter.
Despite this, CrowdStrike remains a key player in the enterprise endpoint security market, second only to Microsoft in revenue share, according to IT research firm Gartner. Palo Alto Networks’ CEO, Nikesh Arora, remarked during an earnings call that the incident had prompted some businesses to consider alternative options, creating opportunities for his company.
As part of their differentiation strategy, CrowdStrike’s smaller rivals have highlighted their approach to accessing an operating system’s core, or kernel, which controls the entire computer. By minimizing the amount of code placed in the kernel, they argue, the risk of catastrophic failures is reduced. While this is theoretically true, any amount of code placed in the kernel can cause catastrophic failures when coding errors occur.
In response to the criticism, CrowdStrike has pledged to implement new checks and staggered updates to prevent future disruptions. Sentonas defended the company’s strategy of operating within the kernel, stating that it provides essential visibility and speed, which are critical for effective cybersecurity measures. He emphasized that this approach is common across the industry and necessary for comprehensive protection. Most, if not all, cybersecurity solutions like CrowdStrike do indeed operate at the kernel level.
CrowdStrike has previously criticized Microsoft for its own cybersecurity challenges, but in the wake of the outage, Sentonas has sought to foster a more collaborative relationship. He acknowledged Microsoft’s support during the incident and praised Palo Alto Networks for engaging in constructive discussions about resilience. Despite the challenges, Sentonas remains optimistic about CrowdStrike’s future.
He recently accepted the Pwnie Award for Epic Fail at the 2024 Def Con security conference in Las Vegas, viewing the experience as an opportunity for growth. He expressed confidence that CrowdStrike would emerge stronger and more resilient, noting that many customers believe the company will become the most battle-tested security product in the industry.
ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.
Reach out today if you need any assistance with your business technology!