Advanced Endpoint Defense with CrowdStrike Falcon is a crucial step towards a vision for a broader service called Cardinal Protect. Cardinal Protect systems will be highly secured and monitored endpoints designed to defend both the device and user against advanced cyber threats. This service will be released for macOS soon, with development to follow for Windows.
CrowdStrike Falcon provides advanced defensive capabilities against modern computer and network threats. It replaces traditional signature-based antivirus with a sophisticated set of behavioral models, enabling it to detect advanced and novel threats. It has the following features/characteristics:
- Low memory and performance impact.
- Combines hash-based signature detections with behavioral detections based on both specific heuristics and machine learning models.
- Includes multiple detections for and defenses against ransomware activity.
Note that CrowdStrike provides full Endpoint Detection and Response (EDR) capabilities. It uploads a transcript of system events like program launches and network connections to a cloud-based detection infrastructure, and those logs are used to detect threats. The CrowdStrike agent continues to protect systems even while they are offline.
Current Faculty, Staff, School of Medicine Students, and Student-Staff. Devices not used for Stanford work are not eligible for CrowdStrike. See the FAQ for additional information.
- Mac: Mac OS X 10.14 or later
- Windows: Windows 10, Windows Server 2012/2016/2019
- Linux: Amazon Linux 2, Amazon Linux AMI, CentOS 6.7+, Debian 9.4,Oracle Linux 6/7,Red Hat 6.7+,SUSE Linux Enterprise 11.4+,Ubuntu 12.04+
May be used on systems that store Low, Moderate, and High Risk Data, as defined by the Information Security Office.
Free of charge
Windows - Centrally deployed to BigFix managed systems.
Connect with us on the Stanford-UIT Slack instance at #iso-crowdstrike.
Submit a Help request to ISO Security Operations.