Microsoft has called together cybersecurity firms and government representatives for its Windows Endpoint Security Ecosystem Summit.
Microsoft has convened endpoint security firms and government representatives for discussions on improving security and resilience following the highly disruptive CrowdStrike incident that occurred last month.
The tech giant will host the Windows Endpoint Security Ecosystem Summit on September 10, 2024, at its Redmond, Washington, headquarters.
Microsoft has invited CrowdStrike and other key endpoint security partners in hopes of outlining short- and long-term actions and initiatives for ensuring that users are provided proper protection while minimizing the risk of disruptive incidents.
“Our objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers,” Aidan Marcuss, Corporate Vice President, Microsoft Windows and Devices, said in a blog post.
“The CrowdStrike outage in July 2024 presents important lessons for us to apply as an ecosystem. Our discussions will focus on improving security and safe deployment practices, designing systems for resiliency and working together as a thriving community of partners to best serve customers now, and in the future,” Marcuss added.
Following the CrowdStrike incident, which caused significant disruptions and losses for many organizations after an improperly tested update was delivered to customers, a lot of discussions focused on endpoint security products having kernel access.
Kernel access gives security solutions deeper visibility and enables them to detect threats such as bootkits and rootkits. It also has performance benefits and makes products tamper resistant. On the other hand, malfunctioning software that has kernel access can have a more serious impact on a system compared to products that have less privileged access.
Following the CrowdStrike incident, Microsoft published a blog post describing why and how third-party vendors are given kernel access. CrowdStrike has published its own blog post explaining that it has been trying to “minimize kernel-invasive approaches”.
While a lot of the focus following the global outage has been on kernel mode, a Microsoft executive who wanted to remain anonymous told CNBC in an interview that removing kernel access in Windows would only solve a small percentage of potential problems.