CrowdStrike Outage Updates
,
Endpoint Security
CEO George Kurtz on New Recovery Techniques and Controls Implemented Post-Incident
CEO George Kurtz said CrowdStrike has blunted the business impact from the massive July 19 outage and is implementing safeguards to prevent a repeat occurrence.
The Austin, Texas-based endpoint security giant is boosting the resilience of its Falcon platform through improved content visibility and control, enhanced quality assurance, and external validation by third-party software security vendors, Kurtz said. CFO Burt Podbere said the outage delayed some sales and may lead to longer sales cycles and increased costs, but remains confident in its long-term forecast.
“The magnitude of the July 19 incident will never be lost on me and my commitment is to make sure this never happens again,” Kurtz told investors Wednesday. “The days following the incident were among the most challenging in my career because I deeply felt what our customers experienced. Our response to the July 19 incident was immediate, deliberate, and focused.”
CrowdStrike’s stock fell $7.10 – or 2.69% – to $257.10 per share in after-hours trading Wednesday, which is the lowest the company’s stock has traded since Aug. 14. A faulty CrowdStrike software update on July 19 sent 8.5 million Windows hosts into a tailspin of crashing and rebooting, disrupting numerous organizations globally, including hospitals, stock markets, banks and airlines, most notably Delta (see: Delta Versus CrowdStrike and Microsoft: Accusations Fly).
How CrowdStrike Responded to the Outage
Following the outage, he said CrowdStrike developed new automated response techniques to accelerate the company’s response and restore impacted devices, with many clients experiencing recovery within hours. Once the dust settled, Kurtz said CrowdStrike implemented a number of measure to enhance the resilience of the platform, including giving customers control over when and where content is deployed.
In addition, Kurtz said CrowdStrike refactored its content validator and interpreter earlier this month to stop the shipping of erroneous content. CrowdStrike also engaged with third-party vendors to review the Falcon sensor code and quality control process. Finally, he said CrowdStrike revamped the content release process to mirror the sensor release regimen, including testing phases to ensure stability.
“The July 19 incident starts a new chapter for CrowdStrike, one focused on ensuring that cybersecurity’s best AI platform for SOC operations, protection, visibility, response, and automation is also cybersecurity’s most resilient platform,” Kurtz said.
The outage caused a delay in closing deals, particularly in the final weeks of CrowdStrike’s fiscal quarter, though most of those deals remain in the pipeline. In hundreds of post-outage interactions, Kurtz said clients expressed a need to understand the incident and the steps taken to prevent recurrence but recognized CrowdStrike’s historical reliability and reaffirmed their trust in the firm going forward.
“While deals can push in any given quarter, this quarter we experienced elevated levels, with more than $60 million in deals that we had line of sight for the quarter remaining open as of Monday,” Podbere told investors Wednesday. “We expect these deals to close in future quarters.”
CrowdStrike Outage by the Numbers
Podbere said it’s early to estimate the potential legal exposure from the outage, but said CrowdStrike’s strong cash position, insurance policies, and liability limitations in customer agreements are designed to mitigate potential impacts. CrowdStrike delayed outbound pipeline generation activities following the incident but has since resumed them, with increased scrutiny at the CEO and board level anticipated.
CrowdStrike will shift some planned investments in the coming months from sales and marketing to further research and development, quality assurance and customer support, but will maintain its growth plan for the fiscal year ending Jan. 31. Kurtz said the outage stemmed from a configuration rather than a kernel update, and said CrowdStrike’s architecture and performance compares favorably to competitors.
“We didn’t become number one in the market by having a poor architecture,” Kurtz said. “We became number one by having a great architecture. We talked about what we’ve changed here in terms of our configuration updates, and we feel confident about that going forward.”
Podbere expects business challenges related to the outage will persist for about a year, with growth returning to pre-outage levels in the back half of 2025. Despite the outage, Kurtz said customers remain interested in consolidating their wallet share and product footprint around CrowdStrike’s Falcon platform.
“Customers’ comments back to me are, ‘They don’t want to go backwards,'” Kurtz said. “They don’t want a bunch of disparate products. They don’t want a bunch of different consoles. And they specifically told me that the adversary lives in the gaps between products.”