Windows users around the world woke up to a “blue screen of death” (BSOD) Friday morning due to a flawed software update from CrowdStrike. The bug caused outages worldwide, completely shutting down airlines, boats, hospitals, and banks. But some see opportunity in the rubble.
The global blackout is a stark reminder of how much the world relies on its technological infrastructure. In the midst of the disaster, some venture capitalists see an opportunity to use new technologies to ensure that such a thing never happens again. It would be unacceptable for one buggy software update to take down so many of the most important computer systems on the planet in 2024. Some would say that this is what startups and venture capital exist for: to innovate in the face of widespread problems.
The CrowdStrike outage has drawn attention to cybersecurity firms, but Reid Christian, general partner at CRV, says this is not a cybersecurity incident. The real issue is that large vendors have deployed software that has not been properly tested, debugged, or rolled out in phases. CRV is investing in a cybersecurity and IT management startup called Fleet that monitors vendor instances on endpoints.
It’s unclear how well additional mobile device management type software, like Fleet, would have worked with this particular CrowdStrike issue. The issue appears to have been caused by a bug in a Windows kernel-level driver, the software installed at the deepest level of a computer. (Companies that use MDM software other than CloudStrike have still experienced BSODs.) But Christian points out that more protections are needed when giving that level of access and trust to a software vendor.
“You need people to watch the watchers in the cyber world,” Christian said. “You can have primary suppliers, but you also need secondary suppliers. People who sit on the sidelines and provide support.”
Fleet co-founder and CTO Zach Wasserman told TechCrunch that the security software runs outside the kernel to avoid compromising the stability of the system.
While this wasn’t a cybersecurity incident caused by malicious hackers, Friday’s outage may have been significant because of CrowdStrike’s unique access to the kernel, the core of the operating system. Guru Chahal of Lightspeed Venture Partners suspects that cybersecurity applications that are outside the kernel, like Wiz, could become more popular in the wake of this disaster.
“Giving access to the kernel (as in this case) makes it difficult to stop these issues,” Chahal told TechCrunch in an email. “However, it is certainly possible to circumvent them using non-invasive approaches, and companies like Wiz (cloud security) and Oligo Security (runtime security) take these alternative approaches for this very reason.”
Oligo Security is a security observation software for open source software that uses sandboxing without direct access to the kernel. Since this was a Windows issue, it would not have been possible to prevent this issue. However, the point of sandboxing systems is something that the Windows security industry would like to pursue better.
Meanwhile, Wiz hasn’t quite taken its victory lap yet. While rumors are circulating around the cybersecurity company that Google is negotiating a $23 billion acquisition deal, Wiz board member Gili Raanan says Friday’s event has added pressure to everyone. He expects the entire security ecosystem to come under greater scrutiny over its products and deployments.
“It’s a bad day, not just for CrowdStrike, but for everyone involved in cybersecurity,” Raanan said. “There are no winners or losers. There are only losers.”
Logan Allin, founder of Fin Capital, which invests in B2B financial services companies, sees the need for cloud observation companies as greater in light of Friday’s outage. He says that in addition to cybersecurity, companies are increasingly relying on external APIs as they integrate more AI solutions, which are vulnerable to buggy software updates like this one.
“We have companies in our portfolio that are working on cybersecurity, cloud orchestration, and ensuring that API integration between all the moving data packets within your architecture is seamless,” Allin said.
Friday’s outage was shocking, but VCs like Allin and Chahal predict that it’s just the beginning of a long and crumbling layer of infrastructure. Especially in older sectors like finance and healthcare, the outages highlight the need for updated technology.
“Going forward, we expect to see multiple startups providing runtime security while avoiding the issues of sitting in the kernel,” Chahal said.
Marina Temkin contributed reporting.
