Versions Compared

Version Old Version 6 New Version Current
Changes made by

John Alacce

Matthew Kurpiewski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

CMU has a writeup on what it is, and why it is being deployed across the University.

Taken directly from https://www.cmu.edu/computing/services/security/secure/epdr.html

“The endpoint prevention, detection, and response service combines a software solution, CrowdStrike, for detecting and stopping malware and malicious behavior with centralized alerting, monitoring, and response services. It allows Computing Services to identify and stop suspicious behavior, investigate it, contain damage, and return to normal operations.”

...

Intro

CrowdStrike Falcon is CMU’s Endpoint Protection, Detection, and Response (EPDR) solution. 

ECE ITS, along with many other IT groups across campus, is partnering with Information Security Office (ISO) to deploy the Falcon software to University devices to protect, monitor, and respond to security incidents.

As of August 31, 2023, CrowdStrike is mandatory for all servers used for university business, research, and education unless contracts, consent forms, or other agreements prohibit it. This mandate reflects the current tolerance for security risk by university leadership. As the university continues a risk-based deployment approach,

Beginning November 1, 2023, CrowdStrike is mandatory for university-owned workstations (desktops and laptops) may become mandatory for CrowdStrike installation.”

FAQ:

...

that have access to University Restricted Data and/or support university operations.

Installation

ECE ITS Managed Servers and Workstations

ECE ITS is deploying the CrowdStrike Falcon sensor across ECE’s managed servers and workstations. Users with devices managed by ECE ITS do not need to take any further action.

Self Managed Servers and Workstations

Members of the ECE Community who self manage their own servers and workstations can find installation packages and instructions at

CrowdStrike Falcon for ECE Unmanaged Systems

Overview and FAQ

We encourage you to review the University’s Overview and FAQ at

...

Key points

  • The Information Security Office (ISO) collaborates with the campus community to safeguard Carnegie Mellon University's computing and networking infrastructure against threats to our information resources.

  • CrowdStrike is designed to prevent behavior it determines to be malicious. If the sensor blocks an application or network connection, you will receive a pop-up notification that malicious behavior was detected. These notifications are simultaneously reported to the Information Security Office (ISO) for analysis. If further investigation or remediation is necessary, an ISO staff member or your local departmental security administrator will contact you. If the issue is causing a work stoppage, please contact the ISO or iso-ir@andrew.cmu.edu immediately.

FAQ for ECE community members:

  • If your device is managed by ECE ITS, we will be taking care of this for you in line with the University guidelines.

  • If you have unmanaged device within ECE space and wish to install for the ECE Unmanaged CID, see below.

  • For specific questions/concerns related to ECE Community contact us at mailto:

  • Any data collected by CrowdStrike may be viewed by authorized personnel within the ISO and independent security units (i.e. ECE ITS) only when necessary to perform their job duties in accordance with the University Computing Policy.

  • IT personnel with authorization may view a subset of CrowdStrike data for systems they support directly as part of their system management duties. This data includes installation status, sensor health, vulnerabilities, detections, and automated prevention.

  • CrowdStrike looks for suspicious processes and applications. To monitor computer activity, the system records login information, application usage, and file access.

  • The software does NOT record keystrokes or the contents of documents, email messages, or chat communications.

Questions/Concerns/Exemptions

If you have any questions, concerns, or need to request an exemption due to an existing contract, consent form, or other agreement which prohibits it use, contact us at help+epdr@ece.cmu.edu

...

or ISO at iso-crowdstrike@andrew.cmu.edu.