CrowdStrike Falcon provides advanced defensive capabilities against modern computer and network threats. It replaces traditional signature-based antivirus with a sophisticated set of behavioral models, enabling it to detect advanced and novel threats. It has the following features/characteristics:
- Low memory and performance impact.
- Combines hash-based signature detections with behavioral detections based on both specific heuristics and machine learning models.
- Includes multiple detections for and defenses against ransomware activity.
Note that CrowdStrike provides full Endpoint Detection and Response (EDR) capabilities. It uploads a transcript of system events like program launches and network connections to a cloud-based detection infrastructure, and those logs are used to detect threats. The CrowdStrike agent continues to protect systems even while they are off
May be used on systems that store Low, Moderate, and High Risk Data, as defined by the Information Security Office.
Current faculty, staff, School of Medicine students, and student-staff are eligible for CrowdStrike. Devices not used for Stanford work are not eligible for CrowdStrike. See the FAQ section for additional information and guidance.
Get help by submitting a Help request to the Information Security Office.
Supported Operating Systems:
- Mac: Mac OS X 10.14 or later
- Windows: Windows 10, Windows Server 2012/2016/2019
- Linux: Amazon Linux 2, Amazon Linux AMI, CentOS 6.7+, Debian 9.4,Oracle Linux 6/7,Red Hat 6.7+,SUSE Linux Enterprise 11.4+,Ubuntu 12.04+
- Faculty, staff, and students on a Stanford-owned computer or a personal computer used for official Stanford work
