The CrowdStrike Falcon Agent (or just “CrowdStrike”) is designed for use in managed environments, providing security for both servers and workstations running Microsoft Windows, Apple macOS, and several popular Linux distributions. The software is centrally licensed by Duke OIT for use on all university-owned computers. CrowdStrike is not to be installed on personally-owned computers. Installing this software on a personally-owned computer will place the device under Duke policies and under Duke control. Users wishing to protect their personally-owned computers should look to the recommendations on the IT Security Office website.
CrowdStrike provides the following functionality:
- Protects your endpoints against all threat types — known and unknown, malware and malware-free
- Combines machine learning malware protection, Indicator of Attack (IOA) behavioral blocking, and exploit blocking for ultimate protection
- Eliminates ransomware
- Requires no signature updates
- Delivers full protection even when offline
Currently, the CrowdStrike enterprise console is only accessible by members of the university IT Security Office and health system Information Security Office. Information form the console may be imported and displayed in other systems at some point in the future.
Join
To begin using CrowdStrike on an unmanaged, Duke-owned device, please download the client from the OIT Software site. To begin using CrowdStrike in a managed environment, please email security@duke.edu or create a request via ServiceNow (asking for the request to be assigned to “Security-University”) for more information on using Duke endpoint management tools to install the software.
Start
After installing the CrowdStrike software, there’s nothing else to do. Blocked activity will be reported to the user and other security concerns discovered by the software will be reported to the user (or the user’s support group) by the IT Security Office.
Learn
As the product is largely hands-off (even for the IT Security Office), there’s not much to learn. Installation and troubleshooting documentation can be found by searching the Duke OIT web site. Feel free to contact security@duke.edu with any questions.
