What is Crowdstrike? The $80bn company linked to largest IT outage in history

Before this week, CrowdStrike was known for finding the cause of problems, rather than causing them. The company – headquartered in Austin, Texas, but with a reach across the world – was most famous for having investigated large-scale hacks, such as those on Sony Pictures and breaches at the Democratic National Committee that it blamed on Russian spies.

It has built a huge business out of that and other work. It was worth $80bn (£62bn) when trading on the Nasdaq closed on Thursday – though its share price has since fallen by 20 per cent. It reported revenues of $3bn in the last year.

CrowdStrike was founded in 2011 – by a team that included George Kurtz, the CEO that has been representing the company as it recovers from the problems – and immediately caught the interest of investors. The year after, it launched with a $26m investment round, and it has gathered more investment since.

Over the years, it has taken funding from companies including Google and many of Silicon Valley’s biggest venture capital firms. In June 2019, it listed on the Nasdaq, finishing its first day of trading at a valuation of $11bn despite making a loss.

Since then, its stock market performance has only continued. Benefiting from a general interest in cybersecurity stocks, it has surged recently, gaining 118 per cent in the last year.

CrowdStrike has now become one of the most highly valued and widely used cybersecurity companies. But as with many of its competitors, it is known primarily to IT professionals and investors – until the chaos of the outage on Friday, perhaps the most prominent place that CrowdStrike appears is its sponsorship of the “halo” that protects Lewis Hamilton in the event of a crash during Formula One races.

CrowdStrike sponsors Formula One driver Lewis Hamilton (Getty)
CrowdStrike sponsors Formula One driver Lewis Hamilton (Getty)

After this week, however, it may forever be known as the company linked to what might be the “largest IT outage in history”, according to one cybersecurity expert. The fallout from a bug seemingly caused by an update it released is “unprecedented” in its scale, said another, and has taken down everything from banks to airlines and hospitals.

On Friday, as the problems began, it was not initially clear what had caused them. But it was clear that there was a big issue: computers across the world, relied on for some of our most central infrastructure, would not turn on properly and instead showed the “blue screen of death” that indicates something drastic has gone wrong.

However, as the hours passed it became clear that the problem was linked to CrowdStrike. Specifically, all of the computers suffering issues had been running its “Falcon” software, a product that is intended to keep computers safe.

Falcon provides “endpoint detection and response” technology that spots attacks on users. It is intended to keep computers safe by running on them so that it can spot threats and block them.

To do so, however, it requires two very powerful things. Firstly it must be updated regularly, so that it is ready to respond to new threats as they arrive; secondly, it needs wide-ranging and “privileged” access to a device, so that its protection can run even in the most central and sensitive parts of the computer.

Those two things appear to be behind CrowdStrike and the world’s problems on Friday. A new update brought with it a “defect”, the company has said – and because the software has such wide-ranging access, that single update was enough to disable the computer.

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted,” wrote George Kurtz, CrowdStrike’s president and chief executive.

“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.

“We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organisations ensure they’re communicating with CrowdStrike representatives through official channels.

“Our team is fully mobilised to ensure the security and stability of CrowdStrike customers.”