News
At Microsoft's Post-CrowdStrike Summit, Security Vendors Promise To Be Better
- By Gladys Rama
- September 16, 2024
The dust hasn't settled on July's massive CrowdStrike outage that took down millions of Windows systems worldwide.
At an invitation-only summit last week, Microsoft convened with executives from some of its biggest security partners, including CrowdStrike, to "discuss strategies for improving resiliency and protecting our mutual customers' critical infrastructure," as the company put it in a subsequent blog post.
"Together with our Microsoft Virus Initiative (MVI) partners -- companies who develop endpoint protection and additional security products for Windows, covering client, server and IoT -- we discussed the complexities of the modern security landscape, acknowledging there are no simple solutions," Microsoft said.
The meeting was a direct response to this summer's CrowdStrike incident, which Microsoft said "underscored the responsibility security vendors have to drive both resiliency and agile, adaptive protection."
Besides CrowdStrike, represented companies included Trend Micro, ESET, Sophos, Broadcom, Trellix and SentinelOne.
Microsoft emphasized that the meeting was not focused on decision-making, though attendees appeared to reach a provisional agreement to explore ways to improve Windows 11 security outside the kernel. Microsoft has long touted Windows 11's security protections in kernel mode, but the CrowdStrike incident has exposed the need for "a new platform which can meet the needs of security vendors," Microsoft said.
Such a platform will need to address the following factors:
- Performance needs and challenges outside of kernel mode
- Anti-tampering protection for security products
- Security sensor requirements
- Development and collaboration principles between Microsoft and the ecosystem
- Secure-by-design goals for future platform
Microsoft said it intends to develop a platform with these capabilities, though it did not give further specifics.
The meeting attendees also discussed best practices for deploying Windows updates en masse, "from deciding how to do measured rollouts with a diverse set of endpoints to being able to pause or rollback if needed." Pointedly, Microsoft noted that gradual update rollouts are a longstanding best practice.
Microsoft foresees these discussions resulting in more information-sharing between security vendors, improved component and compatibility testing, and more effective vendor coordination in recovery situations.
Collaboration is all, the meeting attendees concluded.
"We're competitors, we're not adversaries," said Microsoft. "The adversaries are the ones we need to protect the world from."
End users can help themselves, too, Microsoft pointed out. For instance, businesses should develop plans for business continuity and incident response, as well as schedule frequent backups.