Dive Brief:

• Microsoft plans to boost collaboration on deployment practices, testing and other related issues with its security ecosystem partners following the historic July outage that crashed 8.5 million Windows devices, the company said in a Thursday blog post. 
• The plan follows a summit the company held Tuesday with U.S. and European endpoint security partners and government officials to address ways to prevent another widespread outage, which was the result of a faulty software update on the CrowdStrike Falcon platform. 
• Microsoft said it will make additional investments in Windows, building on security features in Windows 11. Microsoft and its partners raised additional changes designed to boost security capabilities outside of the kernel mode, including anti-tampering protection and security sensor requirements. 

Dive Insight:

The summit represents an acknowledgement by Microsoft that additional changes are necessary to allow for greater control over software updates in Windows. The company’s diverse set of endpoint security partners will need to coordinate efforts to prevent another episode like the July event that disrupted critical business operations across the globe. 

“We face a common set of challenges in safely rolling out updates to the large Windows ecosystem, from deciding how to do measured rollouts with a diverse set of endpoints to being able to pause or rollback if needed,” David Weston, VP of enterprise and OS security at Microsoft, said in the blog. “A core [safe deployment practice] is gradual and staged deployment of updates sent to customers.”

A mismatch in the CrowdStrike Falcon sensor led to the July 19 outage, causing millions of Windows devices to go offline with a blue screen of death. Delta Air Lines had to cancel thousands of flights, multiple hospitals were forced to cancel procedures and financial services companies were disrupted.

CrowdStrike CEO George Kurtz, speaking at a Goldman Sachs technology conference Wednesday, said he has held numerous discussions on the issue with Microsoft CEO Satya Nadella and the goal is to get the large ecosystem engaged. 

“But really, the conversation was how do you extend the architectures to provide additional resiliency, things that the security vendors can take advantage of and others to make it more resilient,” Kurtz said. 

The Cybersecurity and Infrastructure Security Agency was among participants at the summit, which also included Broadcom, SentinelOne, Trend Micro and Trellix. The security firms expressed the need for greater cooperation with each other to create more resilience for the entire ecosystem.

“We need to take this moment to level the playing field and collectively reset how the industry raises the standards for holding cybersecurity vendors accountable with best practices like transparent disclosures on public trust centers,” Sophos CEO Joe Levy said through a spokesperson.

Beyond work to operate outside of the kernel mode, Microsoft plans to address: 

• Anti-tampering protection for security products
• Security sensor requirements
• Building development and collaboration principles between Microsoft and ecosystem partners
• Secure-by-design goals for a future platform