Skip to content Skip to site navigation

CrowdStrike Falcon

Advanced Endpoint Protection

Advanced Endpoint Defense with CrowdStrike Falcon is a crucial step towards a vision for a broader service called Cardinal Protect. Cardinal Protect systems will be highly secured and monitored endpoints designed to defend both the device and user against advanced cyber threats. This service is available now for macOS, Windows is in active development.


CrowdStrike Falcon provides advanced defensive capabilities against modern computer and network threats. It replaces traditional signature-based antivirus with a sophisticated set of behavioral models, enabling it to detect advanced and novel threats. It has the following features/characteristics:

  • Low memory and performance impact.
  • Combines hash-based signature detections with behavioral detections based on both specific heuristics and machine learning models.
  • Includes multiple detections for and defenses against ransomware activity.

Note that CrowdStrike provides full Endpoint Detection and Response (EDR) capabilities. It uploads a transcript of system events like program launches and network connections to a cloud-based detection infrastructure, and those logs are used to detect threats. The CrowdStrike agent continues to protect systems even while they are offline.

Designed for

Current Faculty, Staff, School of Medicine Students, and Student-Staff that are managed by BigFix and/or Jamf. Devices not used for Stanford work are not eligible for CrowdStrike. See the FAQ for additional information.


  • Mac: Mac OS X 10.14 or later
  • Windows:  Windows 10, Windows Server 2012/2016/2019
  • Linux: Amazon Linux 2, Amazon Linux AMI, CentOS 6.7+, Debian 9.4,Oracle Linux 6/7,Red Hat 6.7+,SUSE Linux Enterprise 11.4+,Ubuntu 12.04+

Data security

May be used on systems that store Low, Moderate, and High Risk Data, as defined by the Information Security Office.


Free of charge


Get started

Windows - Centrally deployed to BigFix managed systems. 

MacOS - Centrally deployed to Jamf managed systems.

Get help

Connect with us on the Stanford-UIT Slack instance at #iso-crowdstrike

Submit a Help request to ISO Security Operations.

Learn more

FAQ - Frequently Asked Questions

Last modified November 1, 2022