Home » The Global Wake-Up Call

The Global Wake-Up Call

by delta

Windows users around the globe woke up on Friday morning to “blue screens of death” (BSOD) thanks to a faulty software update from CrowdStrike. The bug caused outages worldwide, bringing airlines, boats, hospitals, and banks to a grinding halt. But some see opportunity in the rubble.

The global outage is a stark reminder of how much the world relies on technological infrastructure. Amid the disaster, some venture capitalists see a chance for new technologies to prevent such events in the future. In 2024, one buggy software update should probably not be allowed to take down so many of the globe’s most important computer systems. Some would say this is exactly why startups and venture capital exist: to innovate in the face of widespread issues.

Analyzing the CrowdStrike Outage

The CrowdStrike outage is drawing attention to cybersecurity companies, but CRV general partner Reid Christian says this wasn’t a cybersecurity event. The real problem is that a massive vendor deployed software that wasn’t properly tested, debugged, or deployed in a staged rollout. CRV is investing in a cybersecurity and IT management startup called Fleet that monitors vendor instances on your endpoint.

The Challenge of Kernel-Level Drivers

It’s not clear how well additional mobile device management-type software, like Fleet, would have worked with this particular CrowdStrike issue. The problem appeared to be caused by a faulty Windows kernel-level driver, which is software installed at the deepest levels of a computer. (Companies that had MDM software in addition to CloudStrike still experienced the BSOD.) But Christian points out that when granting that level of access and trust to a software vendor, more protections are necessary.

The Need for Ancillary Vendors

“We need to have people watching the watchers in the cyber world,” Christian said. “You can have your main vendors, but you must have ancillary vendors as well, people who are sitting alongside and are there to support.”

Fleet co-founder and CTO Zach Wasserman tells TechCrunch his security software operates outside the kernel to not compromise the stability of the system.

Though this wasn’t a cybersecurity incident caused by a malicious hacker, Friday’s outage may have been so severe due to CrowdStrike’s unique access to kernels, the core of the operating system. Lightspeed Venture Partners’ Guru Chahal suspects cybersecurity applications, such as Wiz, that sit outside the kernel may become more popular after this disaster.

“Once you give access to the kernel (as in this case), it’s hard to stop these issues,” Chahal said in an email to TechCrunch. “But avoiding by using non-invasive approaches is definitely possible and companies such as Wiz (Cloud Security) and Oligo Security (runtime security) take these alternative approaches for this reason.”

Oligo Security is security observability software for open source software that uses sandboxing, not direct access to the kernel. Given that this was a Windows problem, it couldn’t have prevented this issue. But the point of a sandboxed system is something the Windows security industry may want to better pursue.

Increased Scrutiny for Security Products

Meanwhile, Wiz is not doing a victory lap just yet. Despite all the buzz around the cybersecurity company now that Google is negotiating a $23 billion acquisition deal, Wiz board member Gili Raanan says Friday’s event upped the pressure on everyone. He expects that the entire security ecosystem will face greater scrutiny around products and deployment due to this event.

“It’s a bad day not just for CrowdStrike. It’s a bad day for everyone involved in cybersecurity,” Raanan said. “There are no winners and losers, there are only losers.”

The Growing Need for Cloud Observability

Fin Capital founder Logan Allin, who invests in B2B financial services companies, sees a greater need for cloud observability companies in light of Friday’s outage. Outside of cybersecurity, he says companies are becoming increasingly dependent on external APIs as they integrate more AI solutions, which are prone to buggy software updates like this.

“There’s companies in our portfolio, like Middleware, that ensure API integrations between your cybersecurity, your cloud orchestration, and all the moving packets of data within the architecture don’t break,” Allin said.

The Call for Updated Technology

Though Friday’s outage was jarring, VCs like Allin and Chahal predict this is only the beginning of an outdated, crumbling infrastructure layer. Especially in older sectors, such as finance or healthcare, these outages highlight the need for updated technology.

“Going forward, I suspect there’ll be a number of startups that avoid this issue of sitting in the kernel while still providing runtime security,” Chahal said.


You may also like

Delta-Compliance.com is a premier news website that provides in-depth coverage of the latest developments in finance, startups, compliance, business, science, and job markets.

Editors' Picks

Latest Posts

This Website is operated by the Company DELTA Data Protection & Compliance, Inc., located in Lewes, DE 19958, Delaware, USA.
All feedback, comments, notices of copyright infringement claims or requests for technical support, and other communications relating to this website should be directed to: info@delta-compliance.com. The imprint also applies to the social media profiles of DELTA Data Protection & Compliance.

Copyright ©️ 2023  Delta Compliance. All Rights Reserved