The CrowdStrike Falcon Agent (or just “CrowdStrike”) is designed for use in managed environments, providing security for both servers and workstations running Microsoft Windows, Mac OS X, and several popular Linux distributions. The software is centrally licensed by Duke OIT for use on all university-owned computers. CrowdStrike is not to be installed on personally-owned computers: there is no local UI and the software can only be configured and monitored from the central enterprise console. Users wishing to protect their personally owned computers should look to the recommendations on the IT Security Office website.
CrowdStrike provides the following functionality:
- Protects your endpoints against all threat types — known and unknown, malware and malware-free
- Combines machine learning malware protection, Indicator of Attack (IOA) behavioral blocking, and exploit blocking for ultimate protection
- Eliminates ransomware
- Requires no signature updates
- Delivers full protection even when offline
Currently, the CrowdStrike enterprise console is only accessible by members of the university IT Security Office and health system Information Security Office. Information form the console may be imported and displayed in other systems at some point in the future.
To begin using CrowdStrike on an unmanaged, Duke-owned device, please download the client from the OIT Software site. To begin using CrowdStrike in a managed environment, please email firstname.lastname@example.org or create a request via ServiceNow (asking for the request to be assigned to “Security-University”) for more information on using Duke endpoint management tools to install the software.
After installing the CrowdStrike software, there’s nothing else to do. Blocked activity will be reported to the user and other security concerns discovered by the software will be reported to the user (or the user’s support group) by the IT Security Office.
As the product is largely hands-off (even for the IT Security Office), there’s not much to learn. Installation documentation and answers to frequently asked questions are currently under development. Feel free to contact email@example.com with any questions.