Lakeside vs. the Competition: A Closer Look at Why Lakeside SysTrack Cannot Cause a BSOD Outage

Deep visibility, enabled by robust and high-quality data, is the next thing — really the only thing

Lakeside’s Founder Mike Schumacher recently explained why our SysTrack endpoint monitoring platform will never crash your systems. In short, Mike chose an agent design that would run in user mode instead of kernel mode. As he explains, “That means it essentially is running in the sandboxed and safe area provided by the operating system.” I like to think that this astute and cautious approach to agent design is one of the reasons Forrester gave SysTrack a 5 out of 5 for agent footprint in its latest The Forrester Wave™: End-User Experience Management Solutions, Q3 2024.
 
As Lakeside’s Solutions Architect Lead for EMEA, I would like to take a closer look at the technical reasons why you can trust that SysTrack will never cause a Blue Screen of Death (BSOD) incident. Let me explain, too, why SysTrack provides the best visibility for reporting on and recovering from BSOD outage like this, as well as other similar critical incidents.

Simply put, SysTrack cannot crash your environment and cause a BSOD outage.

Why is SysTrack’s architecture so inherently safe for IT operations? It’s simple. SysTrack does not utilise any kernel mode drivers; therefore, it cannot crash systems as the world unfortunately witnessed during the CrowdStrike outage. SysTrack’s agent runs in the user application space, so if it crashes, has a bug, or has any other problems, that issue will affect only SysTrack — not other applications. These protective layers assure that SysTrack cannot cause any BSODs as seen with CrowdStrike.

Why we opted for an agent design that is different from our competitors’ choice of kernel mode drivers

Microsoft Windows architecture is designed with processor protection rings to guard against critical failures and limit an application’s problems from affecting the operating system or other applications. In this context, because SysTrack’s agent runs in the user application protection ring, SysTrack not only cannot crash the whole system (because it does not have enough privilege to do so), but it also is completely transparent of its own resource consumption — unlike most of Lakeside’s competitors, which use kernel mode drivers. That means they have the most privilege and potential power to do harm — not to mention hiding their resource footprint, which can be significant but invisible.

As a Solutions Architect who works hand in hand with our customers, this major difference is something I like our customers to be aware of, especially during technical conversations about the potential risk. This major SysTrack differentiator bears repeating: Any kernel mode drivers have the potential to cause BSODs, as running in kernel mode bypasses most of the Windows operating system protection again critical failures.

Lakeside SysTrack provides the best data and visibility to help with recovering from a BSOD outage.

To help our customers affected by the CrowdStrike outside, Lakeside quickly developed and released a CrowdStrike dashboard, presenting critical insights from data that SysTrack already had. How could we respond so fast? Our data. Lakeside SysTrack collects approximately 10,000 x datapoints, every 15 seconds, from every endpoint device, all of the time, even if disconnected from the network.

Let’s unpack what this means. Because SysTrack collects all the data, all the time, even if a system is not connected to the network, there is a complete audit trail of all the updates and events leading up to a critical incident like the CrowdStrike issue. Having such depth, breadth, and history of data enabled us to create a dashboard to present invaluable insights to help with scoping the scale of the issue, who could be affected, what updates or BSODs had recently occurred, and more. The data already had been collected in SysTrack, so we gave customers a way to bring it to light in the context of the CrowdStrike outage.

The dashboard simply presents that data in a relevant and consumable format for this use case. Obviously if a system received the CrowdStrike update and immediately experienced a BSOD, then SysTrack or any tool would have no visibility of that as the system cannot report any data back. But fast recovery is paramount for business continuity. Most of Lakeside’s competitors collect only a tiny fraction of the data that SysTrack does.

Just how much more robust is Lakeside’s data compared to our competitors’ data?

In fact, the nearest competitor has 20x LESS data since it collects data only every 5 MINUTES, compared to SysTrack’s 10,000 x datapoints every 15 SECONDS. Not even close. SysTrack can identify systems with CrowdStrike installed, with detailed version, when the updates or any changes were applied, to help quantify the scope across an organization. 

As a result of this less frequent and trimmed-down data collection, this competitor’s product leaves huge gaps in the quality, quantity, and frequency of data, often completely missing events and other relevant insights leading up to a problem. Lakeside is committed to building the complete picture. Indeed, SysTrack’s forensic level of data granularity, which is regularly used in regulated industries for detailed audit trails and investigations, is simply unmatched.

This deep visibility, enabled by robust and high-quality data, is the next thing — really the only thing — for enterprise customers who want to get back to normal operations as fast as possible should another BSOD outage occur.