On Wednesday morning, thousands of cybersecurity professionals packed the halls of Las Vegas' Mandalay Bay Convention Center, home to the annual Black Hat cybersecurity conference, where dozens of companies were promoting their wares.
In the front row, and at one of the biggest booths, stood CrowdStrike, a company that's become pretty well-known these days — but not for its ability to thwart malicious hackers.
On July 19, CrowdStrike pushed a flawed software update that crashed at least 8.5 million computers worldwide, causing flight delays, disrupting hospital operations including some surgeries, disrupting the operations of multiple U.S. government agencies, and forcing many organizations to manually reboot computers and servers to return them to normal.
CrowdStrike has since continued to share updates on its own investigation into the outage. The company also offered $10 Uber Eats gift cards to partners who took hours to recover from the incident as a way of expressing its “sincere gratitude and apologies for any inconvenience caused.”
A CrowdStrike spokesperson said several people who received vouchers — some of whom felt the gifts were outdated — were unable to cash in the gift cards before Uber marked them as fraudulent due to “high usage rates.”
Less than three weeks later, a handful of CrowdStrike employees had the tough job of pitching the company's product at the company's conference booth. As soon as the doors opened, dozens of attendees began lining up. They weren't there to ask tough questions, but to get T-shirts and action figures representing some of the nation states and cybercrime groups the company tracks, including Scattered Spider, the blackmail ring allegedly behind last year's cyberattacks on MGM Resorts and Okta, and Aquatic Panda, a China-linked espionage group.
“We're here to give you guys free stuff,” a Crowdstrike employee told the crowd gathered around a large screen where a demo would be held later.
The conference attendees seemed visibly surprised: “Honestly, I thought it was over by now. I thought it would be slower over there. But apparently there are fans out there, right?”
CrowdStrike conducted business as usual at Black Hat, despite widespread disruptions and delays caused by a global IT outage that lasted for days and, for some customers, weeks. The conference came at the same time that CrowdStrike released a root cause analysis that explained what happened on the day of the outage. In essence, CrowdStrike acknowledged that it had failed, but said it had taken steps to prevent the same incident from happening again. And some cybersecurity experts at Black Hat seemed willing to give the company another chance.
A message from CrowdStrike to attendees at the Black Hat cybersecurity conference in Las Vegas on August 7, 2024. Image by Lorenzo Franceschi-Bicchierai / TechCrunch
Stacked and constantly restocked boxes of action figures at the company's booth bore messages from Crowdstrike addressing failure: “The enemy doesn't stop. Neither do we,” the message read. “Resilience starts with us. Our focus is on you.”
The company projected the same message on a large screen in the hallway leading from the Mandalay Bay Casino to the convention center.
“This message conveys our thanks and gratitude to the Black Hat community and the support we received following the incident,” Kevin Benacci, CrowdStrike's senior director of corporate communications, told TechCrunch.
Benatti added that the company had “members of its technical team in the booth responding to the incident.”
When TechCrunch visited the booth on Thursday, several sales engineers were demonstrating the product, but the company's technical role, Chris Khachigian, vice president of global solutions architecture, was also on hand.
CrowdStrike CEO George Kurtz was also at the Black Hat Innovators & Investors Summit, a conference-based event that requires a separate fee and is not open to all attendees. Kurtz appeared on a panel and two conference attendees contributed to the event, according to the company.
To get a sense of how the cybersecurity industry's frontline defenders reacted to this massive outage, TechCrunch spoke to more than a dozen conference attendees who visited CrowdStrike's booth, and more than half of those spoken to expressed a positive view of the company following the outage.
“Does it diminish my reputation as a cutting-edge security company? I don't think so,” said a U.S. government official who uses CrowdStrike daily and requested anonymity because he was not authorized to speak to the press.
Brian Wilson, another U.S. government employee who also uses CrowdStrike as part of his job, said he plans to continue using the company's products and has not lost faith in the company.
A security engineer who gave his name only as Eric L. told TechCrunch that parts of his company were affected by the outage but were able to restore it within 24 hours. “CrowdStrike was really good about providing remediation guidance and doing everything they could to remedy the situation,” he said, adding that his opinion of CrowdStrike hasn't changed and he “definitely” wouldn't consider switching to another provider.
“They're best in class and at the top of their game,” he said.
CrowdStrike action figure statue representing the cybercrime group Scattered Spider. Image credit: Lorenzo Franceschi-Bicchierai / TechCrunch
Others didn't feel the same way.
Seth Fader, an engineer at ClearChoice Dental Implants Centers, said his company wasn't affected because it uses Sophos, a CrowdStrike competitor. But its parent company uses CrowdStrike, and Fader and his team had to help get affected workstations back online, “which wasn't a lot of fun.”
“It definitely made people think more negatively about the company,” Fader told TechCrunch. “Ultimately, [his colleagues] Then you might actually want to check out Sophos.”
A cybersecurity expert, who requested anonymity because he was not authorized to speak to the press, told TechCrunch that his company is a CrowdStrike customer and was affected by the outage.
“We need to look at alternatives, because we need a backup plan,” he told TechCrunch. “We want to avoid this issue, but to completely move away from them, I'm honestly not sure that's possible, because they're still the leader in the industry.”
Ebenezer Chunduru, a security analyst at CapMetro who was affected by the outage, told TechCrunch that the incident exposes vulnerabilities in cybersecurity tools.
“Can you trust any tool now?” he says. “You shouldn't rely on them, but at the same time, they're doing a pretty good job.”
A sticker made by a Black Hat attendee poking fun at CrowdStrike. Image credit: Lorenzo Franceschi-Bicchierai / TechCrunch
Ever since the global outage began, cybersecurity experts, always keen for a joke, have been posting an endless stream of CrowdStrike-themed memes online.
The fun spilled over into the real world in Las Vegas, where conference-goers showed up to Black Hat's speakers-only event on Tuesday wearing T-shirts that read “Crowdstruck.” Another attendee gave TechCrunch a sticker poking fun at the company's flagship product, CrowdStrike Falcon, replacing the logo with a cartoon-style bird and the fake company name, “Fowlstrike.” Researchers at Def Con, the hacking conference that follows Black Hat, created fake CrowdStrike-themed Uber Eats gift cards.
It's unclear whether the outage has hurt CrowdStrike's reputation after two days at Black Hat. In fact, it may have done the opposite. Hours before the conference ended, a CrowdStrike employee told TechCrunch that the company printed more than 1,500 T-shirts over the two days. Last year, conference organizers said about 20,000 people attended.
When asked how many action figures they gave out, another employee shook his head and simply said, “I have no idea.”