Windows users around the globe woke up on Friday morning to “blue screens of death” (BSOD) thanks to a faulty software update from CrowdStrike. The bug caused outages around the world, bringing airlines, boats, hospitals, and banks to a grinding halt. But some see opportunity in the rubble.
The global outage is a perfect reminder how much of the world relies on technological infrastructure. In the midst of disaster, some venture capitalists see a chance for new technologies to prevent this from ever happening again. In 2024, one buggy software update should probably not be allowed to take down so many of the globe’s most important computer systems. Some would say this is exactly why startups, and venture capital, exist: to innovate in the face of a widespread issue.
The CrowdStrike outage is drawing attention to cybersecurity companies, but CRV general partner Reid Christian says this wasn’t a cybersecurity event; the real problem is that a massive vendor deployed software that wasn’t properly tested, debugged or deployed in a staged rollout. CRV is investing in a cybersecurity and IT management startup called Fleet that monitors vendor instances on your endpoint.
It’s not clear how well additional mobile device management-type software, like Fleet, would have worked with this particular CrowdStrike issue. The problem appeared to be caused by a faulty Windows kernel-level driver, which is software installed at the deepest levels of a computer. (Companies that had MDM software in addition to CloudStrike still experienced the BSOD.) But Christian points out that when granting that level of access and trust to a software vendor, more protections are necessary.
“We need to have people watching the watchers in the cyber world,” Christian said. “You can have your main vendors, but you must have ancillary vendors as well, people who are sitting alongside and are there to support.”
Fleet co-founder and CTO Zach Wasserman tells TechCrunch his security software operates outside the kernel to not compromise the stability of the system.
Though this wasn’t a cybersecurity incident caused by a malicious hacker, Friday’s outage may have been so severe due to CrowdStrike’s unique access to kernels, the core of the operating system. Lightspeed Venture Partners’ Guru Chahal suspects cybersecurity applications, such as Wiz, that sit outside the kernel may become more popular after this disaster.
“Once you give access to the kernel (as in this case), it’s hard to stop these issues,” Chahal said in an email to TechCrunch. “But avoiding by using non-invasive approaches is definitely possible and companies such as Wiz (Cloud Security) and Oligo Security (run time security) take these alternative approaches for this reason.”
Oligo Security is security observability software for open source software that uses sandboxing, not direct access to the kernel. Given that this was a Windows problem, it couldn’t have prevented this issue. But the point of a sandboxed system is something the Windows security industry may want to better pursue.
Meanwhile, Wiz is not doing a victory lap just yet. Despite all the buzz around the cybersecurity company now that Google is negotiating a $23 billion acquisition deal, Wiz board member Gili Raanan says Friday’s event upped the pressure on everyone. He expects that the entire security ecosystem will face greater scrutiny around products and deployment due to this event.
“It’s a bad day not just for CrowdStrike. It’s a bad day for everyone involved in cybersecurity,” Raanan said. “There are no winners and losers, there are only losers.”
Fin Capital founder Logan Allin, who invests in B2B financial services companies, sees a greater need for cloud observability companies in light of Friday’s outage. Outside of cybersecurity, he says companies are becoming increasingly dependent on external APIs as they integrate more AI solutions, which are prone to buggy software updates like this.
“There’s companies in our portfolio, like Middleware, that ensure API integrations between your cybersecurity, your cloud orchestration, and all the moving packets of data within the architecture don’t break,” Allin said.
Though Friday’s outage was jarring, VCs like Allin and Chahal predict this is only the beginning of an outdated, crumbling infrastructure layer. Especially in older sectors, such as finance or healthcare, these outages highlight the need for updated technology.
“Going forward, I suspect there’ll be a number of startups that avoid this issue of sitting in the kernel while still providing runtime security,” Chahal said.
Reporting contributed by Marina Temkin.