Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident

Microsoft has called together cybersecurity firms and government representatives for its Windows Endpoint Security Ecosystem Summit.

Microsoft has convened endpoint security firms and government representatives for discussions on improving security and resilience following the highly disruptive CrowdStrike incident that occurred last month. 

The tech giant will host the Windows Endpoint Security Ecosystem Summit on September 10, 2024, at its Redmond, Washington, headquarters.

Microsoft has invited CrowdStrike and other key endpoint security partners in hopes of outlining short- and long-term actions and initiatives for ensuring that users are provided proper protection while minimizing the risk of disruptive incidents.

“Our objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers,” Aidan Marcuss, Corporate Vice President, Microsoft Windows and Devices, said in a blog post

“The CrowdStrike outage in July 2024 presents important lessons for us to apply as an ecosystem. Our discussions will focus on improving security and safe deployment practices, designing systems for resiliency and working together as a thriving community of partners to best serve customers now, and in the future,” Marcuss added.

Following the CrowdStrike incident, which caused significant disruptions and losses for many organizations after an improperly tested update was delivered to customers, a lot of discussions focused on endpoint security products having kernel access. 

Kernel access gives security solutions deeper visibility and enables them to detect threats such as bootkits and rootkits. It also has performance benefits and makes products tamper resistant. On the other hand, malfunctioning software that has kernel access can have a more serious impact on a system compared to products that have less privileged access. 

Following the CrowdStrike incident, Microsoft published a blog post describing why and how third-party vendors are given kernel access. CrowdStrike has published its own blog post explaining that it has been trying to “minimize kernel-invasive approaches”.

Advertisement. Scroll to continue reading.

While a lot of the focus following the global outage has been on kernel mode, a Microsoft executive who wanted to remain anonymous told CNBC in an interview that removing kernel access in Windows would only solve a small percentage of potential problems.

Related: CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash

Related: CrowdStrike Dismisses Claims of Exploitability in Falcon Sensor Bug

Related: Degraded Performance Issue Sparks Concern Among CrowdStrike Customers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights