Following the CrowdStrike outage, SentinelOne CEO Tomer Weingarten told CRN that the frequency of updates from the vendor “calls into question the entire premise of next-generation protection.”
An unprecedented IT outage caused by a faulty CrowdStrike update a week ago has raised questions about the frequency of updates for the company’s Falcon platform, SentinelOne CEO Tomer Weingarten told CRN.
Weingarten, who is also a co-founder of CrowdStrike’s biggest rival, SentinelOne, spoke to CRN on Thursday in his first interview since the July 19 outage.
[Related: CrowdStrike CEO Kurtz: 97 Percent Of Windows Sensors ‘Back Online’ After Outage]
In particular, the outage led to scrutiny of the frequency of updates that were being made. [with CrowdStrike] “This calls into question the whole premise of next-generation protections,” Weingarten said. “Why do we need to constantly update protections? Are they ineffective if we don’t update them constantly?”
Ultimately, he said, “you’re getting the promise of protection for future generations, but you’re actually getting something that comes with some pretty significant risks.”
The CrowdStrike update caused 8.5 million Windows devices to experience a “blue screen of death,” with significant impacts to air travel, healthcare and business. Experts are calling it the largest IT outage in history, with one estimate suggesting direct economic losses to Fortune 500 US companies could be as high as $5.4 billion.
Weingarten said the widely resonant case “raises questions about how we think about conservation.”
“For us, and we’ve said this for years, we believe the best systems are the ones that don’t require frequent updates,” he said. “The best systems are systems that have algorithms built into them — built-in AI that can evolve. [and] “You don’t have to update every time a new actor or a new variant comes along.”
In other words, security tools don’t need to receive updates if something changes in the threat landscape, Weingarten said.
“If a system is effective and generic enough and has real technology built inside it, you don’t need these updates,” he said. “I really believe the future of cybersecurity isn’t about giving you more and more updates. It’s about building more resilient systems that are built into the device.”
Responding to Weingarten’s comments, CrowdStrike said in a statement on Friday that its Falcon Platform leverages “advanced AI and machine learning algorithms” that provide “dynamic threat detection and response.”
“While these sophisticated algorithms provide strong protection even without constant updates, the rapidly evolving cybersecurity environment requires regular updates to our behavioral AI and threat intelligence,” CrowdStrike said in a statement provided to CRN. “Our regular updates are a proactive measure to ensure comprehensive security for all our customers. Content updates are routine in the cybersecurity industry.”
CrowdStrike clarified in a “Preliminary Post-Incident Review” post on Wednesday that the update that caused the outage included what it called “rapid response content” that is used as part of “behavioral pattern matching operations” to thwart future cyberattacks.
CrowdStrike said the flawed content in question was stored within a “proprietary” binary file and “was not part of the code or kernel drivers.”
The outage continued to cause chaos into this week as IT teams had to manually repair many of the affected Windows servers and PCs. In a preliminary review, CrowdStrike blamed the outage on a bug in the process for validating security configuration updates for its Falcon platform.
The company said 97 percent of Falcon’s Windows sensors were online as of Thursday.
