Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders.<\/em> Subscribe Now<\/em><\/p>\n\n\n\n As we wrote in our initial analysis of the CrowdStrike incident, the July 19, 2024, outage served as a stark reminder of the importance of cyber resilience. Now, one year later, both CrowdStrike and the industry have undergone significant transformation, with the catalyst being driven by 78 minutes that changed everything.<\/p>\n\n\n\n \u201cThe first anniversary of July 19 marks a moment that deeply impacted our customers and partners and became one of the most defining chapters in CrowdStrike\u2019s history,\u201d CrowdStrike\u2019s President Mike Sentonas wrote in a blog detailing the company\u2019s year-long journey toward enhanced resilience.<\/p>\n\n\n\n The numbers remain sobering: A faulty Channel File 291 update, deployed at 04:09 UTC and reverted just 78 minutes later, crashed 8.5 million Windows systems worldwide. Insurance estimates put losses at $5.4 billion for the top 500 U.S. companies alone, with aviation particularly hard hit with 5,078 flights canceled globally.<\/p>\n\n\n\n Steffen Schreier, senior vice president of product and portfolio at Telesign, a Proximus Global company, captures why this incident resonates a year later: \u201cOne year later, the CrowdStrike incident isn\u2019t just remembered, it\u2019s impossible to forget. A routine software update, deployed with no malicious intent and rolled back in just 78 minutes, still managed to take down critical infrastructure worldwide. No breach. No attack. Just one internal failure with global consequences.\u201d<\/p>\n\n\n\n The AI Impact Series Returns to San Francisco – August 5<\/strong><\/p>\n\n\n\n The next phase of AI is here – are you ready? Join leaders from Block, GSK, and SAP for an exclusive look at how autonomous agents are reshaping enterprise workflows – from real-time decision-making to end-to-end automation.<\/p>\n\n\n\n Secure your spot now – space is limited: https:\/\/bit.ly\/3GuuPLF<\/p>\n\n\n\n His technical analysis reveals uncomfortable truths about modern infrastructure: \u201cThat\u2019s the real wake-up call: even companies with strong practices, a staged rollout, fast rollback, can\u2019t outpace the risks introduced by the very infrastructure that enables rapid, cloud-native delivery. The same velocity that empowers us to ship faster also accelerates the blast radius when something goes wrong.\u201d<\/p>\n\n\n\n CrowdStrike\u2019s root cause analysis revealed a cascade of technical failures: a mismatch between input fields in their IPC Template Type, missing runtime array bounds checks and a logic error in their Content Validator. These weren\u2019t edge cases but fundamental quality control gaps.<\/p>\n\n\n\n Merritt Baer, incoming Chief Security Officer at Enkrypt AI and advisor to companies including Andesite, provides crucial context: \u201cCrowdStrike\u2019s outage was humbling; it reminded us that even really big, mature shops get processes wrong sometimes. This particular outcome was a coincidence on some level, but it should have never been possible. It demonstrated that they failed to instate some basic CI\/CD protocols.\u201d<\/p>\n\n\n\n Her assessment is direct but fair: \u201cHad CrowdStrike rolled out the update in sandboxes and only sent it in production in increments as is best practice, it would have been less catastrophic, if at all.\u201d<\/p>\n\n\n\n Yet Baer also recognizes CrowdStrike\u2019s response: \u201cCrowdStrike\u2019s comms strategy demonstrated good executive ownership. Execs should always take ownership\u2014it\u2019s not the intern\u2019s fault. If your junior operator can get it wrong, it\u2019s my fault. It\u2019s our fault as a company.\u201d<\/p>\n\n\n\n George Kurtz, CrowdStrike\u2019s founder and CEO, exemplified this ownership principle. In a LinkedIn post reflecting on the anniversary, Kurtz wrote: \u201cOne year ago, we faced a moment that tested everything: our technology, our operations, and the trust others placed in us. As founder and CEO, I took that responsibility personally. I always have and always will.\u201d<\/p>\n\n\n\n His perspective reveals how the company channeled crisis into transformation: \u201cWhat defined us wasn\u2019t that moment; it was everything that came next. From the start, our focus was clear: build an even stronger CrowdStrike, grounded in resilience, transparency, and relentless execution. Our North Star has always been our customers.\u201d<\/p>\n\n\n\n CrowdStrike\u2019s response centered on their Resilient by Design framework, which Sentonas describes as going beyond \u201cquick fixes or surface-level improvements.\u201d The framework\u2019s three pillars, including Foundational, Adaptive and Continuous components, represent a comprehensive rethinking of how security platforms should operate.<\/p>\n\n\n\n Key implementations include:<\/p>\n\n\n\n \u201cWe didn\u2019t just add a few content configuration options,\u201d Sentonas emphasized in his blog. \u201cWe fundamentally rethought how customers could interact with and control enterprise security platforms.\u201d<\/p>\n\n\n\n The incident forced a broader reckoning about vendor dependencies. Baer frames the lesson starkly: \u201cOne huge practical lesson was just that your vendors are part of your supply chain. So, as a CISO, you should test the risk to be aware of it, but simply speaking, this issue fell on the provider side of the shared responsibility model. A customer wouldn\u2019t have controlled it.\u201d<\/p>\n\n\n\n CrowdStrike\u2019s outage has permanently altered vendor evaluation: \u201cI see effective CISOs and CSOs taking lessons from this, around the companies they want to work with and the security they receive as a product of doing business together. I will only ever work with companies that I respect from a security posture lens. They don\u2019t need to be perfect, but I want to know that they are doing the right processes, over time.\u201d<\/p>\n\n\n\n Sam Curry, CISO at Zscaler, added, \u201cWhat happened to CrowdStrike was unfortunate, but it could have happened to many, so perhaps we don\u2019t put the blame on them with the benefit of hindsight. What I will say is that the world has used this to refocus and has placed more attention to resilience as a result, and that\u2019s a win for everyone, as our collective goal is to make the internet safer and more secure for all.\u201d<\/p>\n\n\n\n Schreier\u2019s analysis extends beyond CrowdStrike to fundamental security architecture: \u201cSpeed at scale comes at a cost. Every routine update now carries the weight of potential systemic failure. That means more than testing, it means safeguards built for resilience: layered defenses, automatic rollback paths and fail-safes that assume telemetry might disappear exactly when you need it most.\u201d<\/p>\n\n\n\n His most critical insight addresses a scenario many hadn\u2019t considered: \u201cAnd when telemetry goes dark, you need fail-safes that assume visibility might vanish.\u201d<\/p>\n\n\n\n This represents a paradigm shift. As Schreier concludes: \u201cBecause security today isn\u2019t just about keeping attackers out\u2014it\u2019s about making absolutely sure your own systems never become the single point of failure.\u201d<\/p>\n\n\n\n Baer sees the next evolution already emerging: \u201cEver since cloud has enabled us to build using infrastructure as code, but especially now that AI is enabling us to do security differently, I am looking at how infrastructure decisions are layered with autonomy from humans and AI. We can and should layer on reasoning as well as effective risk mitigation for processes like forced updates, especially at high levels of privilege.\u201d<\/p>\n\n\n\n CrowdStrike\u2019s forward-looking initiatives include:<\/p>\n\n\n\n One year later, the transformation is evident. Kurtz reflects: \u201cWe\u2019re a stronger company today than we were a year ago. The work continues. The mission endures. And we\u2019re moving forward: stronger, smarter, and even more committed than ever.\u201d<\/p>\n\n\n\n To his credit, Kurtz also acknowledges those who stood by the company: \u201cTo every customer who stayed with us, even when it was hard, thank you for your enduring trust. To our incredible partners who stood by us and rolled up their sleeves, thank you for being our extended family.\u201d<\/p>\n\n\n\n The incident\u2019s legacy extends far beyond CrowdStrike. Organizations now implement staged rollouts, maintain manual override capabilities and\u2014crucially\u2014plan for when security tools themselves might fail. Vendor relationships are evaluated with new rigor, recognizing that in our interconnected infrastructure, every component is critical.<\/p>\n\n\n\n As Sentonas acknowledges: \u201cThis work isn\u2019t finished and never will be. Resilience isn\u2019t a milestone; it\u2019s a discipline that requires continuous commitment and evolution.\u201d The CrowdStrike incident of July 19, 2024, will be remembered not just for the disruption it caused but for catalyzing an industry-wide evolution toward true resilience.<\/p>\n\n\n\n In facing their greatest challenge, CrowdStrike and the broader security ecosystem have emerged with a deeper understanding: protecting against threats means ensuring the protectors themselves can do no harm. That lesson, learned through 78 difficult minutes and a year of transformation, may prove to be the incident\u2019s most valuable legacy.<\/p>\n Daily insights on business use cases with VB Daily<\/strong><\/p>\n If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.<\/p>\n \n\t\t\t\t\tThanks for subscribing. Check out more VB newsletters here.\n\t\t\t\t<\/p>\n An error occured.<\/p>\n<\/p><\/div>\n
\n<\/div>The incident that shook global infrastructure<\/strong><\/h2>\n\n\n\n
\n\n\n\n
\n<\/div>Understanding what went wrong<\/strong><\/h2>\n\n\n\n
Leadership\u2019s accountability<\/strong><\/h2>\n\n\n\n
CrowdStrike goes all-in on a new Resilient by Design framework<\/strong><\/h2>\n\n\n\n
\n
Industry-wide supply chain awakening<\/strong><\/h2>\n\n\n\n
Underscores the need for a new security paradigm<\/strong><\/h2>\n\n\n\n
Looking forward: AI and future challenges<\/strong><\/h2>\n\n\n\n
\n
A stronger ecosystem<\/strong><\/h2>\n\n\n\n
![\"\"\/](\"https:\/\/venturebeat.com\/wp-content\/themes\/vb-news\/brand\/img\/vb-daily-phone.png\")
\n\t\t\t\t<\/div>\n<\/p><\/div>\n<\/div>\t\t\t<\/div>\r\n