CrowdStrike Outage Updates , Endpoint Security
CrowdStrike Debuts Safeguards, Seeks to Blunt Outage Impact
CEO George Kurtz on New Recovery Techniques and Controls Implemented Post-IncidentCEO George Kurtz said CrowdStrike has blunted the business impact from the massive July 19 outage and is implementing safeguards to prevent a repeat occurrence.
The Austin, Texas-based endpoint security giant is boosting the resilience of its Falcon platform through improved content visibility and control, enhanced quality assurance, and external validation by third-party software security vendors, Kurtz said. CFO Burt Podbere said the outage delayed some sales and may lead to longer sales cycles and increased costs, but he remains confident in its long-term forecast.
"The magnitude of the July 19 incident will never be lost on me and my commitment is to make sure this never happens again," Kurtz told investors Wednesday. "The days following the incident were among the most challenging in my career because I deeply felt what our customers experienced. Our response to the July 19 incident was immediate, deliberate, and focused."
CrowdStrike's stock fell $7.10 - or 2.69% - to $257.10 per share in after-hours trading Wednesday, which is the lowest the company's stock has traded since Aug. 14. A faulty CrowdStrike software update on July 19 sent 8.5 million Windows hosts into a tailspin of crashing and rebooting, disrupting numerous organizations globally, including hospitals, stock markets, banks and airlines, most notably Delta (see: Delta Versus CrowdStrike and Microsoft: Accusations Fly).
How CrowdStrike Responded to the Outage
Following the outage, Kurtz said, CrowdStrike developed new automated response techniques to accelerate the company's response and restore affected devices, and many clients experienced recovery within hours. Once the dust settled, he said, CrowdStrike implemented a number of measures to enhance the resilience of the platform, including giving customers control over when and where content is deployed.
Kurtz said CrowdStrike refactored its content validator and interpreter earlier this month to stop the shipping of erroneous content. The company also engaged with third-party vendors to review the Falcon sensor code and quality control process. Finally, he said, CrowdStrike revamped the content release process to mirror the sensor release regimen, including testing phases to ensure stability.
"The July 19 incident starts a new chapter for CrowdStrike, one focused on ensuring that cybersecurity's best AI platform for SOC operations, protection, visibility, response, and automation is also cybersecurity's most resilient platform," Kurtz said.
The outage caused a delay in closing deals, particularly in the final weeks of CrowdStrike's fiscal quarter, though most of those deals remain in the pipeline. In hundreds of post-outage interactions, Kurtz said, clients expressed a need to understand the incident and the steps taken to prevent recurrence but recognized CrowdStrike's historical reliability and reaffirmed their trust in the firm going forward.
"While deals can push in any given quarter, this quarter we experienced elevated levels, with more than $60 million in deals that we had line of sight for the quarter remaining open as of Monday," Podbere told investors Wednesday. "We expect these deals to close in future quarters."
CrowdStrike Outage by the Numbers
Podbere said it's early to estimate the potential legal exposure from the outage but that CrowdStrike's strong cash position, insurance policies and liability limitations in customer agreements are designed to mitigate potential impacts. CrowdStrike delayed outbound pipeline generation activities following the incident but has since resumed them, and increased scrutiny at the CEO and board level is anticipated.
CrowdStrike will shift some planned investments in the coming months from sales and marketing to further research and development, quality assurance and customer support, but it will maintain its growth plan for the fiscal year ending Jan. 31. Kurtz said the outage stemmed from a configuration rather than a kernel update and that CrowdStrike's architecture and performance compare favorably to competitors.
"We didn't become number one in the market by having a poor architecture," Kurtz said. "We became number one by having a great architecture. We talked about what we've changed here in terms of our configuration updates, and we feel confident about that going forward."
Podbere expects business challenges related to the outage will persist for about a year and that growth will return to pre-outage levels in the back half of 2025. Despite the outage, Kurtz said, customers remain interested in consolidating their wallet share and product footprint around CrowdStrike's Falcon platform.
"Customers' comments back to me are, 'They don't want to go backward,'" Kurtz said. "They don't want a bunch of disparate products. They don't want a bunch of different consoles. And they specifically told me that the adversary lives in the gaps between products."