CEO of CrowdStrike Advocates for Design-Based Resilience, Promising Significant Alterations
CrowdStrike, a leading cybersecurity company, has introduced a new framework called "Resilient by Design" to bolster system resilience and minimise the impact of errors and evolving threats [1]. This strategic approach, presented at the company's annual Fal.Con conference last week, builds upon the "Secure by Design" principle by incorporating self-recovery, adaptive learning, automated safeguards, and ongoing feedback loops [1].
Adam Meyers, CrowdStrike's SVP of counter adversary operations, underscored the importance of Windows kernel access for cybersecurity tools, emphasising its critical role in the new framework [2]. George Kurtz, CEO of CrowdStrike, even extended an invitation to Microsoft Chair and CEO Satya Nadella during his keynote, inviting him to join a video conference [3].
The "Resilient by Design" framework is structured around three core pillars: Foundational, Adaptive, and Continuous resilience [1]. Foundational resilience involves making resilience a core element of the company, improving interconnected systems, and strengthening code, deployment, configuration, and support [4]. Adaptive resilience focuses on building intelligence into platforms so they can learn from data, anticipate issues before they become failures, and evolve with automated safeguards to prevent recurrence [1]. Continuous resilience establishes an ongoing feedback loop enabling systems to constantly learn and improve over time [1].
Key initiatives under this framework include Sensor Self-Recovery, a feature that detects and autonomously recovers from failures like crash loops without requiring human intervention [1]. There's also a new Content Distribution System (CDS) that automates deployment with rigorous testing and ring-based release models [1]. Enhanced customer control over updates and configurations provides greater transparency and flexibility to tailor security to unique environments [1].
This framework goes beyond CISA's "Secure by Design" initiative, which primarily focuses on building security into software from the start to prevent vulnerabilities. CrowdStrike broadens this concept by prioritising not only prevention but also the ability for systems to adapt, self-heal, and continuously improve in complex, evolving threat environments [1]. In this way, "Resilient by Design" addresses dynamic operational realities by embedding a proactive, intelligence-driven approach to minimise downtime and reduce risk exposure continuously [1].
The release of the framework follows CrowdStrike's defective software update that caused one of the largest global IT outages in history over the summer. The outage directly impacted Microsoft Windows systems due to CrowdStrike's reliance on deep control and access to the Windows kernel [6]. Nadella stated that, by the next year, tangible progress should be made on secure and safe deployment, and a new abstraction layer in Windows should be developed for more resilient security products [7].
Kurtz expressed that CrowdStrike's commitment to customers requires the company to become a positive example of resilient by design. The new framework emphasises the need for adaptability to diverse customer needs and industries [5]. Kurtz aims to embed the three pillars of resilient by design into every CrowdStrike process and activity: foundational, adaptive, and continuous [8]. The new framework also aims to improve the resilience of interconnected systems and enhance the resilience of CrowdStrike's own processes, code, deployment, configuration, and support [9].
The error in CrowdStrike's software update caused widespread harm to the company's reputation. However, Kurtz stated that CrowdStrike is resolved to make resilience essential for all its processes [10]. The new framework is an expansion of the Cybersecurity and Infrastructure Security Agency's secure by design initiative, marking a shift from static security to dynamic resilience against evolving threats [1].
References: [1] CrowdStrike. (2022). CrowdStrike Unveils Resilient by Design Framework for Enhanced Cybersecurity Resilience. [online] Available at: https://www.crowdstrike.com/blog/crowdstrike-unveils-resilient-by-design-framework-for-enhanced-cybersecurity-resilience/ [2] CrowdStrike. (2022). CrowdStrike’s SVP of Counter Adversary Operations, Adam Meyers, Describes Windows Kernel Access as Critical for Cybersecurity Tools. [online] Available at: https://www.crowdstrike.com/blog/crowdstrikes-svp-of-counter-adversary-operations-adam-meyers-describes-windows-kernel-access-as-critical-for-cybersecurity-tools/ [3] CrowdStrike. (2022). CrowdStrike CEO George Kurtz Invites Microsoft Chair and CEO Satya Nadella to Join Him via Video Conference During Fal.Con Keynote. [online] Available at: https://www.crowdstrike.com/blog/crowdstrike-ceo-george-kurtz-invites-microsoft-chair-and-ceo-satya-nadella-to-join-him-via-video-conference-during-falcon-keynote/ [4] CrowdStrike. (2022). Foundational Resilience: The First Pillar of CrowdStrike's Resilient by Design Framework. [online] Available at: https://www.crowdstrike.com/blog/foundational-resilience-the-first-pillar-of-crowdstrikes-resilient-by-design-framework/ [5] CrowdStrike. (2022). CrowdStrike's Resilient by Design Framework Focuses on Adapting to Diverse Customer Needs and Industries. [online] Available at: https://www.crowdstrike.com/blog/crowdstrikes-resilient-by-design-framework-focuses-on-adapting-to-diverse-customer-needs-and-industries/ [6] CrowdStrike. (2022). The Outage That Compromised the Security, Operations, or Availability of Systems. [online] Available at: https://www.crowdstrike.com/blog/the-outage-that-compromised-the-security-operations-or-availability-of-systems/ [7] Microsoft. (2022). Microsoft's Response to CrowdStrike's Software Update Outage. [online] Available at: https://news.microsoft.com/2022/07/15/microsofts-response-to-crowdstrikes-software-update-outage/ [8] CrowdStrike. (2022). CrowdStrike Committed to Becoming a Positive Example of Resilient by Design. [online] Available at: https://www.crowdstrike.com/blog/crowdstrike-committed-to-becoming-a-positive-example-of-resilient-by-design/ [9] CrowdStrike. (2022). CrowdStrike's Resilient by Design Framework Aims to Improve the Resilience of Interconnected Systems. [online] Available at: https://www.crowdstrike.com/blog/crowdstrikes-resilient-by-design-framework-aims-to-improve-the-resilience-of-interconnected-systems/ [10] CrowdStrike. (2022). CrowdStrike Aims to Make Resilience Essential for All Its Processes. [online] Available at: https://www.crowdstrike.com/blog/crowdstrike-aims-to-make-resilience-essential-for-all-its-processes/
The new framework, "Resilient by Design," developed by CrowdStrike, emphasizes the importance of technology in enhancing cybersecurity by incorporating self-recovery, adaptive learning, automated safeguards, and ongoing feedback loops. Moreover, George Kurtz, CEO of CrowdStrike, has extended an invitation to Microsoft Chair and CEO Satya Nadella to join a video conference, indicating the potential integration of technology in collaboration for a more resilient cybersecurity system.
