Endpoint Security, CrowdStrike, What is CrowdStrike?
What is CrowdStrike?
CrowdStrike—also known as "Falcon"—is a software tool designed to mitigate real-time cybersecurity threats and incidents, give visibility and security capability to the Cybersecurity team and local IT staff, protect systems against malware, and enable institutional measurement and understanding of security conditions and events. CrowdStrike utilizes machine learning and a lightweight agent, providing visibility into the entire threat lifecycle, allowing IT and security professionals to act quickly and effectively to critical security events on Linux, Mac and Windows devices. CrowdStrike is a component integral to Endpoint Security. It exists as a fundamental part of Cybersecurity's charge, obligations, provisions, and directives presented to it under the Campus Administrative Manual, Appropriate Use of Computers and Network Systems, and as authorized by the Chief Privacy & Security Officer.
How do I get this?
Option 1: Get and install in the Community Instance in your environment
- The Community instance agent is deployable by any IT Pro and is available for any Urbana-Champaign unit. EPS is available for assistance in deployment via MECM and Munki.
- Units wanting CrowdStrike console access may request access to the Endpoint Manger role in the Community instance. Information on the roles in CrowdStrike console: Endpoint Security, CrowdStrike, Roles
Option 2: Set up in a Named instance with advanced access.
- Named instance agents are deployable by IT Pros and are available for any Urbana-Champaign unit. Deployment may be done via MECM and Munki.
- Units wanting a Named instance may request consultation. See below.
Option 3: Deploy in a Self-Managed instance with additional advanced access.
- Consultation required, see below.
To request provisioning and/or consultation
Go to Endpoint Security, CrowdStrike, Getting Started with CrowdStrike to get started.
Who do I contact?
- For Endpoint provisioning or CrowdStrike packaging questions and support, use https://go.illinois.edu/EPSHelp.
- For all other CrowdStrike-specific or security concerns, email securitysupport@illinois.edu.
- For emergencies see https://go.illinois.edu/csoc.
What happens if there is a security issue?
- There are many tools within CrowdStrike to aid in detection, inspection, impact measurement, and mitigation.
- If there are indicators of compromise, critical event/incident response may be undertaken by the Security team to mitigate. Please see Endpoint Security, CrowdStrike, Notification from Security.