CrowdStrike Falcon EPDR

Owned by Chad Ziccardi
Last updated: Oct 12, 2023 by Matthew Kurpiewski
2 min read

Intro

CrowdStrike Falcon is CMU’s Endpoint Protection, Detection, and Response (EPDR) solution. 

ECE ITS, along with many other IT groups across campus, is partnering with Information Security Office (ISO) to deploy the Falcon software to University devices to protect, monitor, and respond to security incidents.

As of August 31, 2023, CrowdStrike is mandatory for all servers used for university business, research, and education unless contracts, consent forms, or other agreements prohibit it. This mandate reflects the current tolerance for security risk by university leadership.

Beginning November 1, 2023, CrowdStrike is mandatory for university-owned workstations (desktops and laptops) that have access to University Restricted Data and/or support university operations.

Installation

ECE ITS Managed Servers and Workstations

ECE ITS is deploying the CrowdStrike Falcon sensor across ECE’s managed servers and workstations. Users with devices managed by ECE ITS do not need to take any further action.

Self Managed Servers and Workstations

Members of the ECE Community who self manage their own servers and workstations can find installation packages and instructions at

CrowdStrike Falcon for ECE Unmanaged Systems

Overview and FAQ

We encourage you to review the University’s Overview and FAQ at

https://www.cmu.edu/computing/services/security/secure/epdr.html

Key points

  • The Information Security Office (ISO) collaborates with the campus community to safeguard Carnegie Mellon University's computing and networking infrastructure against threats to our information resources.

  • CrowdStrike is designed to prevent behavior it determines to be malicious. If the sensor blocks an application or network connection, you will receive a pop-up notification that malicious behavior was detected. These notifications are simultaneously reported to the Information Security Office (ISO) for analysis. If further investigation or remediation is necessary, an ISO staff member or your local departmental security administrator will contact you. If the issue is causing a work stoppage, please contact the ISO or iso-ir@andrew.cmu.edu immediately.

  • Any data collected by CrowdStrike may be viewed by authorized personnel within the ISO and independent security units (i.e. ECE ITS) only when necessary to perform their job duties in accordance with the University Computing Policy.

  • IT personnel with authorization may view a subset of CrowdStrike data for systems they support directly as part of their system management duties. This data includes installation status, sensor health, vulnerabilities, detections, and automated prevention.

  • CrowdStrike looks for suspicious processes and applications. To monitor computer activity, the system records login information, application usage, and file access.

  • The software does NOT record keystrokes or the contents of documents, email messages, or chat communications.

Questions/Concerns/Exemptions

If you have any questions, concerns, or need to request an exemption due to an existing contract, consent form, or other agreement which prohibits it use, contact us at help+epdr@ece.cmu.edu or ISO at iso-crowdstrike@andrew.cmu.edu.