How CrowdStrike, the Company Behind the Global Tech Outage, Keeps the World Running
CrowdStrike and its co-founder, CEO George Kurtz, have a scarcely discussed meteoric rise to the helm of cybersecurity.
CrowdStrike outage" width="970" height="647" data-caption='On July 19, businesses and transport worldwide were affected by a global tech outage that was attributed to a software update issued by CrowdStrike. <span class="media-credit">Getty Images</span>'>
Earlier this month (July 19), a historic computer outage that crashed 8.5 million computer system worldwide made CrowdStrike, a Texas-based cybersecurity company, an overnight household name. The incident was caused by a software update on Crowdstrike’s Falcon platform, which, when used on a Windows device, resulted in “read-out-of-bounds” memory safety errors that forced the device to stop working. The $90 billion cybersecurity behemoth has shed nearly $30 billion of its market cap since. CrowdStrike and its founder have a scarcely discussed meteoric rise to the helm of cybersecurity, quietly becoming responsible for keeping much of our global digital infrastructure safe from attacks.
Who is behind CrowdStrike?
CrowdStrike was founded in 2011 by George Kurtz, currently the CEO, Dmitri Alperovitch and Gregg Marston. Kurtz was already a well-known leader in the space before founding the company, having written a book about hacking that sold more than 600,000 copies globally. In 1999, he founded Foundstone, one of the world’s first security consulting companies. In 2004, the cybersecurity giant McAfee acquired Foundstone for $86 million and Kurtz quickly rose up to the CTO role at McAfee by 2009.
The Crowdstrike incident is not Kurtz’s first encounter with his company accidentally disrupting global operations while holding a prominent role. In 2010, a McAfee software update caused Windows XP systems worldwide to stop operating.
In 2011, Kurtz recruited his former Foundstone CFO, Marston, and Alperovitch, then McAfee’s head of threat research, to launch CrowdStrike. The startup aimed to be faster at countering evolving threats from hackers. At the time, Kurtz was the entreprenuer-in-residence at Warburg Pincus, a prominent private equity firm, which secured him $25 million in early funding for his new startup. CrowdStrike achieved a billion-dollar valuation just six years after inception and went public in 2019 in what was the largest cybersecurity IPO in history at a valuation of $6.6 billion.
By 2021, CrowdStrike was a domineering presence in cybersecurity, with 40 independent reports, testing evaluations, and industry awards recognizing it as the industry’s leader. Earlier this month, before the massive outages, Crowdstrike reached a peak market cap of over $95 billion. Its incredible growth story is driven by what Kurtz describes as a “relentless pursuit of excellence.”
Is Microsoft to blame, too?
Because Microsoft (MSFT), controversially, allows third-party applications to have kernel-level access to the computer system, the highest level of access possible, issues caused by third-party systems can make an entire device unusable. Without Microsoft granting kernel-level access to outside vendors, the impact of CrowdStrike’s faulty software update could have been contained and avoided. Apple, in contrast, has not allowed third-party vendors to access the kernel on its computers since 2020.
Kurtz apologized for the outage, saying on NBC’s Today Show, “We’re deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this, including our company.”
While CrowdStrike and Microsoft collaborated to resolve last week’s IT outage, they are actually competitors in the cybersecurity space. In 2021, CrowdStrike publicly criticized Microsoft as experiencing a “crisis of trust,” after a survey found 63 percent of IT leaders were “losing trust” in it. Microsoft called CrowdStrike’s survey “self-serving” in response, arguing there was bias in the way questions were asked. CrowdStrike still maintains a dedicated page on its website criticizing Microsoft as “susceptible to breaches.”
It is unclear how Microsoft will move forward. The Verge reported Microsoft will be making changes to Windows to make it more resilient to third-party vendors looking to access the kernel, though concrete plans are yet to be announced. In 2006, when Microsoft last tried to restrict access to its kernel for third-party companies, it was met with fierce opposition from cybersecurity companies and European Union regulators.