In an interview, Kurtz also discusses the major opportunities for solution and service providers in working with GenAI-powered security.
Kurtz On The Record
For CrowdStrike co-founder and CEO George Kurtz, the massive IT outage caused by the cybersecurity vendor’s faulty update in July has revealed just how essential the solution and service provider community really can be for customers. “There’s no way we would’ve gotten through this without their support,” Kurtz said Tuesday at the 2024 XChange Best of Breed Conference in response to questions from CRN’s Jennifer Follett, vice president of U.S. content and executive editor, and Steve Burke, executive editor, news.
[Related: CrowdStrike Outage: A ‘Great Company’ That Was ‘Trying To Do The Right Thing’]
While the incident was not due to a cyberattack, the outage still immobilized millions of Microsoft Windows devices and resulted in several days of disruptions to global air travel, health care and business. In the days after the outage began, partners were pivotal in getting customers back up and running, Kurtz said during the conference, hosted by CRN parent The Channel Company in Atlanta.
“I’ve got incredible stories and pictures [from the partner response],” he said. “We’ve got pictures of partners on ladders plugging in USB drives and computers in the rafters—just crazy stuff. But I think it really underscores the level of trust that we have with the partner community and with our customers.”
CrowdStrike’s defective Falcon configuration update on July 19 led to the “blue screen of death” outage, which experts have described as the largest IT outage in history. The company has pledged to do additional testing and deploy staged rollouts of updates to prevent the recurrence of such incidents in the future.
On Tuesday, Kurtz also weighed in on the company’s increased collaboration with Microsoft in the wake of the outage. Notably, Microsoft Chairman and CEO Satya Nadella appeared by video during a keynote at CrowdStrike’s Fal.Con 2024 conference in September.
“I think two of the biggest companies in the space, working together for the benefit of the customers, is always a good thing,” Kurtz said of the relationship with Microsoft, a company that he had frequently criticized in the past including as recently as a month before the outage.
During the 45-minute interview Tuesday, Kurtz also discussed major opportunities for solution and service providers in working with identity protection and AI-powered security, as well as the risks posed by rising GenAI-fueled threats.
What follows is an edited and condensed portion of Kurtz’s comments from his appearance at XChange Best of Breed.
You’ve called the July 19 incident a transformative moment for you and the company. What do you feel like is the most important takeaway that channel partners need to know from that incident?
First, I have to thank all the channel partners. There’s no way we would’ve gotten through this without their support. When you look at an incident like this, nobody can ever predict something like this. Certainly, it was something that we had to work through with our customers and our partners. The partner community really came together. I’ve got incredible stories and pictures and just amazing events that came out of this. Obviously, it was a trying time, but we’ve got pictures of partners on ladders plugging in USB drives and computers in the rafters—just crazy stuff. But I think it really underscores the level of trust that we have with the partner community and with our customers. The big thing for us was to be open, honest, transparent—we own the issue. I think both partners and customers respect what we did coming out of this. Obviously, we’ve put it behind us and are moving forward. But it was an event that helped transform the company. I think we’ll possibly come out of it a stronger company. And I think even our relationships with our partners are stronger because of this. It has gone well for 13 years until we hit a bump here. But I think when you hit some adversity, that’s really when you see the level of partnership, the engagement and the commitment that partners and customers have with CrowdStrike.
What did it show you about the mechanisms you had in place for coordinating with partners and getting them mobilized? Were there any things you needed to change coming out of that process?
I think coming out of that process, you have to look at everything, including communication. There was a lot going on [after the outage began]. I think that’s an area where we’ll continue to strengthen. We got a hold of [partners], and they asked how they could help. They were mobilized within hours. We couldn’t get to every part of the globe. We had [the update] rolled back within an hour, and then we had to go through the process just to help recover things. But at the end of the day, partners were on the ground in every corner of the globe, just helping us get through it, helping customers. And I think customers are going to remember that.
What is the customer sentiment like now?
Here’s the good thing. We had the best product on July 18. We still have the best product on July 20. I think customers have really recognized, in the conversations I’ve had, how much trust that we’ve built up over the last decade-plus—how many times we’ve saved them. I think everyone that I’ve interacted with has been very supportive and realized what we’ve built, how we’ve helped them, and obviously, how we responded. … I think customers recognize that and love the technology, and they love what we’ve done for them for so many years. And they’re excited about all the new innovations that we’re bringing to the market.
Do you expect any changes to come out of this, as far as the way your Falcon platform interacts with the Windows kernel or the number of times you’re interacting with the kernel?
No—I think there’s a lot of misinformation on this topic. The issue is every security provider works with the kernel. Microsoft works with the kernel, as do others. This wasn’t a kernel update. It was a configuration change that hit a bug. So from our perspective, we’ve got the best architecture. It’s proven by having the No. 1 product in the market. There’s a lot of noise, and I think candidly, a lot of competitors trying to take advantage of a situation that we had. But I think customers see through a lot of the misinformation and it has backfired in many cases.
Prior to this, you’ve been a pretty outspoken critic of Microsoft and its security stance. So it was pretty surprising when, at your Fal.Con event, Microsoft CEO Satya Nadella joined you via videoconference on stage. Can you talk a bit about that collaboration that you expect to see now going forward? And is this a detente in your criticisms of Microsoft?
I think at the end of the day, what happened is you had Microsoft and us coming together. And let’s not forget, they had their own issue on the same day, the Azure issue. So we were all trying to deconflict, what was our issue, what was their issue. Obviously ,we know what ours was. We took responsibility for it. But they were very good in working with us. The technical teams worked together very closely. It was really all about how do you focus on the customer? Obviously, this was an issue that we started, but at the end of the day, it’s on the Windows platform. So they have a vested interest in making sure that all the customers are up and running. We spent a lot of time, Satya and I together, working through it. And I think there’s always good that comes out of these situations. He was gracious enough to pop out of a board meeting that he had and spend 10 minutes with our audience at Fal.con. It was really well-received. So I think two of the biggest companies in the space, working together for the benefit of the customers, is always a good thing.
Do you think this partnership with Microsoft, going forward, will make Windows more resilient and safer?
I think that’s the goal. When you look at the reasons that all security products have to run in the kernel, there’s four main reasons. No. 1 is detection, No. 2 is prevention, No. 3 is anti-tamper and No. 4 is performance. So if there are other ways to be able to do that—extensions and platform advancements that they have—we’re part of the conversation. I was up at Redmond with Microsoft, as well as probably 10 other security companies going through this. I think part of the ecosystem challenge really is that Microsoft is open. You’ve got literally thousands and thousands of drivers and companies that work in this protected mode. This isn’t just a security discussion. This is how they advance the platform. We’re a part of providing input, as we have for last 13 years of working from Windows 7 all the way up to Windows 11.
When you had him there on video, you asked him what he thought success would look like for this partnership over the next two years. The same question to you—what would success look like to you for this partnership?
I think success really focuses on the customer. Is the customer in a better spot? Do they have more resiliency in their architecture? Are there things that Microsoft and its platform can provide with security providers that allow us to do what we need to do? Because you can’t just run in user mode. If you run a user mode, you’ll just be disabled. If we have and the rest of the community have additional capabilities that the Windows operating system is giving us, [we will] always take advantage of that. So I think just advancing the platform, making it more resilient and making it have features that we need—but also resilient if there is a failure in any component of the system, whether it’s the application or whether it’s the operating system, just to ensure that the reliability and the resiliency is there for customers.
How are partners going to make money with Charlotte AI?
Specific to us—Charlotte AI does set up a lot of the other things that we do. So when we think about SOC transformation—there isn’t a customer that any of these folks in the room work with that doesn’t want to do things better, faster and cheaper, and make things easier. AI has the ability to do that. The real benefit for partners is to be able to work with their customers and go through the SOC transformation process. When you look at what’s being done [in the SOC], it’s still kind of the old way of doing things. We’ve got a legacy SIEM, we’ve got a legacy SOAR. We’re looking at a bunch of screens. We’re trying to figure out what happened. With Charlotte, you can do that in 10 minutes and have the report written. So it’s working with the customer, transforming not only their technology stack, but also the processes around it, to really create these AI-powered, next-gen SOCs.
You just came out with your 10th anniversary global threat report, and one of the amazing findings was 75 percent of attacks used stolen identities and passwords. Can you talk a little bit about identity management and security, and what partners need to do to make money there?
We focus on the protection piece. And people always ask, ‘Do you compete with Okta?’ No, but they’re a really good partner because they’re aggregating all these [identities] and then we’re enforcing the protection mechanisms. We have a good view of what’s happening in directory services, as well as on the system. And identity protection is one of the fastest-growing businesses that we have at CrowdStrike. Just about every breach that we respond to has some element of identity credential theft. There’s a massive opportunity for partners in identity protection. It’s having a conversation with their customers about the threat landscape, and what really is driving a lot of these breaches—and how you put not just technology, but process and people and the technology, around actually stopping these.
The single-agent architecture that you’ve developed has been key in protecting against breaches. How are you looking at the architecture now in the AI era to continue to stop these threats?
A big part of our success [since the beginning] has been using data to solve security problems. And if you buy into the fact that having lots of data can help solve security use cases, then you buy into the model that we built. It was all about actually getting data at scale and speed into a common data architecture, and then having the ability to monetize those modules and create different use cases on top of that. We started with one module. We’ve got 28 today [which provides] the ability to look across that dataset to find these different signals. So if you have that data and you’re able to solve these problems, it then sets up your AI architecture. What we’ve been pioneering is generative AI around security, which we call Charlotte AI. And the whole idea with Charlotte AI is it isn’t just a chatbot. It has the collective wisdom of what CrowdStrike knows over the last 10 years, plus it has the ability to do work on behalf of our customers. It’s a foundational service within our product. So now the hard work begins with working with our partners and customers to show them all the things that we can do and show them how they can actually transform their SOC operation using something like Charlotte AI.
On generative AI, is it as helpful to the bad guys as it is to the good guys?
[For threat actors] it’s going to democratize very esoteric techniques and bring them down to the masses more than it is today. Today, the folks that can identify a vulnerability, can reverse- engineer a patch and can come out with an exploit—in the grand scheme of 8 billion people, it’s a very small number who can do it. So now what generative AI does is, it essentially unlocks this very esoteric topic and techniques, and it brings them down to the masses.
I think it’s going to make more of these techniques available to many more people. And it’s really going to compress the timeframe that organizations have to protect themselves as the threat environment continues to accelerate.
We’ve been talking a lot over the last day about how much heavier the lift is for channel partners to get into generative AI and build those solutions. Do you expect to have to give a little more care and feeding, as far as incentives and support around channel business models, to get this thing going in the channel?
I think there’s a whole new wave of metrics that you’re really going to have to capture. We’re going to try to capture some of them in our own products. But once you have that, then it becomes a business case, and you have business value drivers. And then that funds new projects. Are there a whole bunch of AI security projects that are funded out there? Probably not. So we have to create the business case. When we helped pioneer EDR, before it was even called EDR, there was no business case. There was no budget for it. It was like, you have to go build it. I think that’s the phase that we’re in. So there’s education, there’s the product, and there’s actually coming up with metrics that help drive value. And then I think collectively we need all our partners to look at, how are we taking all the good things that we can do, and then how are we communicating that back to the business? Because the business is not going to invest in it until they see some return. Really three things drive most businesses—time, money or compliance. And if you can show something around those, and a meaningful impact, then you’ve got a business around it.
If you were going to start a business in the channel space today, what would your focus be?
I do think something early on in AI can be really interesting. With AI security, I think it’s actually going to look similar to the CI/CD pipeline. There’s going to be a lot of solutions that are going to be focused on helping people secure the entire pipeline of AI—from data gathering to generation to using it. And I think there’s going to be a lot of consulting work around going in with a customer and saying, ‘OK, you now want to use AI. How are you going to use it securely? And how are you going to buy technologies that are going to help you use it securely, and put guardrails around it?’ If you have expertise from an AI solution provider perspective, I think that’s going to grow [into a major opportunity]. It may be slow in the beginning, but once everything takes off, and you have that knowledge, I think it’s going to be huge.