What’s next for CrowdStrike on the road to repair its reputation?

CrowdStrike is entering the final months of 2024 a very different company than it was heading into the summer. Its products, underlying business and addressable market are unchanged, but after it caused one of the largest IT outages in history, CrowdStrike finds itself operating from a vulnerable position.

“CrowdStrike remains one of the most respected names in cybersecurity, but this incident has undeniably tarnished its reputation,” said Mauricio Sanchez, senior director of enterprise security and networking research at Dell’Oro Group.

The company generated goodwill in the wake of its defective software update by quickly accepting responsibility and apologizing for the faulty configuration update. CrowdStrike is taking steps to contain some of the fallout and earn back trust, but company leaders acknowledge that effort is a long game.

“For a firm known for its reliability, this stumble has left customers watching closely to see if trust can be fully restored,” Sanchez said.

CrowdStrike has a plan to repair its reputation by putting its new “resilient by design” framework into practice, and proving that the faulty update it shipped in July was a one-time mistake.

“We recommend customers track the systemic changes CrowdStrike must make, and the long tail of those changes, to ensure an incident like this does not happen down the road,” Allie Mellen, principal analyst at Forrester, said via email.

“Fixing what went wrong is a no-brainer," she said. "Making sure the conditions do not exist for it to happen again is a different story.”

CrowdStrike initiates series of changes at once

Turning talk and plans into action remains a crucial part of CrowdStrike’s efforts to recover its reputation. Some of those changes are already underway, such as the company’s decision to treat all updates as code, which means all content configuration updates for its sensors now go through more rigorous internal testing before they’re distributed.

CrowdStrike content updates are now operating under an opt-in model, a phased approach that gives customers the ability to choose when and how their systems receive content configuration updates.

These changes show CrowdStrike is serious about avoiding a repeat, “however, the real test will be how these changes perform in action,” Sanchez said.

Another companywide adjustment, the recently introduced resilient by design framework, which is designed to catch errors early and mitigate the fragility of systems, is still high level and largely conceptual.

CrowdStrike hasn’t shared many details about the framework and how it will be implemented, Mellen said.

Outstanding issues in broader endpoint ecosystem

Some of these changes, such as enhancing the resiliency of interconnected systems and fostering consistent learning and improvements, require buy-in and support from the cybersecurity industry at large.

The July outage directly impacted Microsoft Windows systems because of CrowdStrike’s reliance on deep control and access to the Windows kernel, the central-most part of the Windows operating system. CrowdStrike’s defective software update caused 8.5 million Windows devices to crash worldwide.

Microsoft organized a one-day summit at its headquarters last month to address resiliency challenges with its endpoint security application partners, including CrowdStrike, and make changes to how security tools can boost capabilities outside of the kernel.

“This collaboration could lead to industrywide standards for testing and deployment that reduce the risk of single points of failure,” Sanchez said. “Microsoft, as the platform provider, has a unique role in enabling these changes, and together they could set a precedent that goes beyond individual vendors and improves overall security practices.”

Addressing common challenges in deploying updates to the Windows ecosystem and developing new modes of operating outside of the kernel will be difficult.