All computing devices (which includes servers as well as end-user devices like laptops, tablets, and smart phones) connected to the Rensselaer network must implement a suitable form of endpoint protection. For Institute-owned equipment, Rensselaer may prescribe the specific endpoint protection products to be used.
What is “endpoint protection”?
Endpoint protection refers to software running on a computing device (e.g., laptop, tablet, or smart phone) that stops malicious software from invading the device. The term, antivirus software, has been in common usage for a while, but the protection technology has advanced quite a bit over time. Many vendors call their products “next-generation antivirus” to emphasis the new methods for dealing with would-be attackers.
What must I use for my Institute-owned device?
Rensselaer requires CrowdStrike Falcon be used on Institute-owned devices. Falcon is a next-generation antivirus product. In addition to traditional virus protection, it reports detected threats centrally and provides an ability to respond when threats are detected. Traditional antivirus software does not provide adequate protection against the new cyber threats Rensselaer now faces.
Rensselaer has chosen Falcon as its next generation antivirus product because of the product’s features and the position the vendor, CrowdStrike, has as an industry leader.
Does CrowdStrike Falcon fill-in-the-blank?
There are many sub-products, features, and customizations available under the Falcon brand. The usage of Falcon at Rensselaer may or may not do fill-in-the-blank. Special care was taken to deploy Falcon in a manner to maximize threat prevention while still minimizing privacy concerns. Other sections of this FAQ attempt to clarify how Falcon behaves at Rensselaer.
Will I receive a notification if Falcon intervenes in some way?
Falcon will notify you, the end-user, via a pop-up message on your device when it identifies a threat or performs a prevention action.
What data does Falcon share with RPI?
During normal operation Falcon shares inventory information such as computer name, its make and model, your username, and IP address. This is very similar to the type of information any website you visit might collect. Falcon does not collect any data about your files, the programs you are running, or your network activity.
In the event a threat is detected, Falcon sends information on the software processes and network traffic that triggered the threat detection. In some cases, this may contain snippets of the actual executable code causing the intervention.
What happens if Falcon detects a threat?
When a threat is detected, Falcon will display a message on your computer, and it will log the details of the detected threat to our cloud portal. Falcon may also take automated preventative action, ranging from blocking the execution of the software up to blocking all network traffic from your computer. This “containment” functionality is rare used, and it is used only to address major issues and to prevent the theft of data by threat actors.
In the event of a higher level detection, you will be contacted by a DotCIO staff member to assist with investigation or remediation actions that may be necessary and to answer any questions you may have.
The Falcon software does allow security administrators to remotely connect to your computer, but (1) this capability will not be used without notifying you first, and (2) it will only be used in response to a detected threat.
What assurance do I have that DotCIO staff are following RPI Policy?
Falcon logs all actions taken by the administrators. These records are reviewed on a periodic basis by separate staff.
Am I required to install CrowdStrike Falcon on my computer?
For Institute-owned devices, yes. Typically, this will be handled by the IT support staff that regularly assist you. No additional action is necessary at this time if your computer is managed by DotCIO IT staff.
Can I install CrowdStrike Falcon on my personal device?
No, CrowdStrike Falcon is only available to Institute-owned devices. However, all personal devices are still required to have an appropriate endpoint protection product installed.
How can I tell if Crowd Strike Falcon is installed on my device?
On Windows you can check in the Control Panel under Programs and Features. If it is installed, you will see “CrowdStrike Windows Sensor” listed.