Skip to content

Delta Lawsuit Over CrowdStrike Outage Moves Forward: A Cautionary Tale for Endpoint Security

The July 2024 Global BSOD: Background

On July 19, 2024, a flawed software update from CrowdStrike's Falcon platform caused a catastrophic global IT outage. The update led to the crash of over 8 million Windows-based systems worldwide, affecting various industries, including airlines, hospitals, and financial institutions.

Delta Air Lines was among the hardest hit, canceling over 7,000 flights and disrupting travel for approximately 1.4 million passengers. The airline estimated losses of $550 million due to the outage.

In the aftermath, Delta filed a lawsuit against CrowdStrike, alleging gross negligence and computer trespass. The airline claims that CrowdStrike bypassed Microsoft's certification process and pushed the faulty update without proper authorization, despite Delta's system configurations explicitly prohibiting automatic updates.

A Georgia state judge recently ruled that Delta can proceed with key claims in its lawsuit, including gross negligence and computer trespass. The judge noted that even minimal testing could have detected the programming error before deployment.

Why White Cloud Security Is Always Up-to-Date
Without Risky Kernel Patches

At White Cloud Security, we purposefully designed our protection to avoid high-frequency kernel driver updates and always ensure our kernel drivers are tested and signed by Microsoft. Thanks to our Zero-Trust Default-Deny architecture, protection is always current and inherently blocks all unknown malware and unauthorized software — without requiring frequent kernel updates.

We never perform automatic updates to endpoints for two key reasons:

  1. IT should be in control of what runs on their systems.
  2. Our protection is designed so frequent updates are never required.

This approach ensures stability and security, preventing incidents like the CrowdStrike-induced outage. By maintaining simplicity, we provide our clients with reliable protection without compromising system integrity.

Our Commitment to Secure and Controlled Updates

Our software architecture is designed to minimize the need for frequent updates. When updates are necessary, we follow a strict process:

  • Controlled Deployment: Updates are never pushed automatically. IT administrators have full control over when and how updates are applied.
  • Microsoft Certification: All kernel drivers are thoroughly tested and signed by Microsoft, ensuring compatibility and stability.
  • Minimal Disruption: Our protection mechanisms are designed to function effectively without the need for constant updates, reducing the risk of introducing new issues.

This methodology aligns with our core belief that IT departments should have complete control over their systems, and that stability should never be sacrificed for the sake of rapid updates.

Our design philosophy not only avoids risk — it ensures long-term security resilience, simplicity, and peace of mind for IT administrators.

Further Reading

For a detailed analysis of the CrowdStrike global BSOD event, refer to our previous blog post:

How and Why the CrowdStrike Global BSOD Occurred

Published on May 21, 2025