On Wednesday morning, thousands of cybersecurity professionals filled the halls of the Mandalay Bay Convention Center in Las Vegas, the epicenter of the annual Black Hat cybersecurity conference, where dozens of companies were touting their wares.
In the front row, with one of the largest booths, was CrowdStrike, a company that has recently become a household name, but not for its ability to stop malicious hackers.
On July 19, CrowdStrike released a faulty software update that crashed at least 8.5 million computers worldwide, causing flight delays, disrupting hospital operations including some surgeries, and paralyzing several U.S. government agencies, among many other organizations that had to manually reboot computers and servers to return to normal operation.
CrowdStrike has since shared updates on its investigation into the outage. The company also offered $10 Uber Eats gift cards to partners, some of whom had to spend hours recovering from the incident, as a way to express its “heartfelt thanks and apologies for the inconvenience.”
Several people who received the voucher, some of whom felt the gift was insensitive, were unable to cash in the gift card before Uber flagged it as fraud, “due to high redemption rates,” according to a CrowdStrike spokesperson.
Less than three weeks later, CrowdStrike employees had the tough job of showcasing the company’s products at its conference booth. As soon as the doors opened, dozens of attendees began lining up. They weren’t all there to ask tough questions, but to pick up T-shirts and action figures the company had made to represent some of the nation-state and cybercrime groups it monitors, including Scattered Spider, an extortion racket allegedly behind last year’s cyberattacks on MGM Resorts and Okta; and Aquatic Panda, a China-linked spy group.
“We’re here to give you free stuff,” a CrowdStrike employee told people gathered around a large screen, where employees would later demonstrate.
One attendee at the conference looked visibly surprised. “I just thought it was going to die, honestly. I thought it was going to be slower there. But obviously, people are still fans, right?”
For CrowdStrike at Black Hat, there was an element of business as usual, despite its global IT outage that caused widespread disruptions and delays for days, and even weeks for some customers. The conference came at the same time that CrowdStrike released its root cause analysis explaining what happened the day of the outage. In short, CrowdStrike admitted it was wrong, but said it had taken steps to prevent the same incident from happening again. And some cybersecurity professionals at Black Hat seemed ready to give the company a second chance.
On the action figure boxes stacked at the company’s booth, which were constantly being replenished, CrowdStrike wrapped a message addressing the disruption. “Adversaries don’t stop. And neither do we,” the message read. “Resilience starts with us. Our focus remains on you.”
The company projected the same message on a large screen in the hallway leading from the Mandalay Bay casino to the convention center.
Kevin Benacci, senior director of corporate communications at CrowdStrike, told TechCrunch that “the message expresses our gratitude and appreciation for the Black Hat community, as well as the support we have received since the incident.”
Benacci added that the company had “technical team members in the cabin addressing the incident.”
When TechCrunch visited the booth on Thursday, we saw several sales engineers demonstrating the product, as well as Chris Kachigian, CrowdStrike’s vice president of global solutions architecture, who holds a technical role within the company.
CrowdStrike CEO George Kurtz was also at the Black Hat Innovators & Investors Summit, an event within the conference that requires separate payment, meaning it is not open to all attendees. Kurtz appeared on one panel, according to the company, as well as in posts by two conference attendees.
To gauge how frontline cybersecurity advocates have responded to the massive outage, TechCrunch spoke with more than a dozen conference attendees who visited CrowdStrike’s booth. More than half of the attendees we spoke to expressed a positive view of the company following the outage.
“Does it lower my opinion of their ability to be a cutting-edge security company? I don’t think so,” said one U.S. government employee, who said he uses CrowdStrike every day. The employee asked not to be identified because he was not authorized to speak to the press.
Brian Wilson, another U.S. government employee who said he uses CrowdStrike as part of his job, said he will continue to use the company’s products and that he has no loss of confidence in the company.
A security engineer identified only as Eric L. told TechCrunch that part of his company was affected by the outage, but was able to recover within 24 hours. “CrowdStrike has been really good about providing recovery guidance and doing everything they can to fix things,” he said, adding that his opinion of CrowdStrike hasn’t changed and that he’s “absolutely not” considering switching to another vendor.
“They are the best in class, they are at the top,” he said.
Others did not think the same way.
Seth Faeder, an engineer at ClearChoice Dental Implants Centers, said his company wasn’t affected because it uses Sophos, a competitor to CrowdStrike. But his parent company, he said, uses CrowdStrike, so he and his team had to help get affected workstations back online, which “wasn’t a lot of fun.”
“It definitely gave me a more negative view of the company, for sure,” Faeder told TechCrunch. “We actually ended up saying [his colleagues] who might actually want to take a look at Sophos next.”
A cybersecurity expert, who asked not to be identified because he is not permitted to speak to the press, told TechCrunch that his company is a CrowdStrike customer and was affected by the outage.
“We need to look at alternatives, because we need a backup plan,” he told TechCrunch. “We can’t have this problem, but to completely walk away from them, I’m not entirely sure that’s possible, to be honest, because they’re still a big player in the industry.”
Ebenezer Chunduru, a security analyst at CapMetro, a firm that said it was affected by the outage, told TechCrunch that the incident was an eye-opener to the fragility of cybersecurity tools.
“Can we trust any tool right now?” he said. “We shouldn’t depend on a tool. But at the same time, they’re doing a good job.”
In the wake of the global outage, cybersecurity professionals, always happy to crack a joke, flooded the Internet with a seemingly endless stream of CrowdStrike-themed memes.
The fun has spilled over into real life in Las Vegas. A conference attendee showed up to a Black Hat speaker-only event on Tuesday wearing a “Crowdstruck” T-shirt. Another attendee gave TechCrunch a bumper sticker mocking the company’s flagship product, CrowdStrike Falcon, by replacing its logo with a cartoon bird and the fake company name, “Fowlstrike.” A researcher attending Def Con, a hacking conference that follows Black Hat, created fake CrowdStrike-themed Uber Eats gift cards.
After two days at Black Hat, it’s hard to say whether the outage has damaged CrowdStrike’s reputation. Maybe it’s even the opposite. A few hours before the conference ended, a CrowdStrike employee told TechCrunch that the company had printed more than 1,500 T-shirts in two days. Last year, conference organizers said nearly 20,000 people attended.
When asked how many action figures they had given out, another employee shook his head and simply said, “I have no idea.”