CrowdStrike Falcon

ITS deploys CrowdStrike Falcon to all NCSSM-owned devices, such as those issued to employees, loaner laptops, servers, and devices used in classrooms and conference rooms.

CrowdStrike Falcon is a powerful antivirus, anti-malware and security incident response tool, which we deploy to ensure the greatest possible security for the NCSSM network and the institution’s data.

ITS takes many precautions to protect the privacy and security of NCSSM students, faculty, and staff, and to ensure that the data collected by CrowdStrike Falcon is used appropriately.

What CrowdStrike Falcon Monitors and Records

CrowdStrike Falcon looks for suspicious processes and programs. To do this, it records details about who has logged in on a machine, what programs are run, and the names of files that are read or written.

For example, if you log in and open a Microsoft Word document called “example.doc,” CrowdStrike Falcon will:

  • Record the computer name and logged-in user name.

  • Record that Word was run and gather some details about the Word program itself.

  • Record the file name “example.doc,” but will not access or provide any information about the contents of that file.

CrowdStrike records information about running processes, details about programs that are run, and the names of files that are read or written as a way of catching potentially malicious actions. Executable files identified as malicious may be uploaded to CrowdStrike servers. Documents and data files are never uploaded.

What CrowdStrike Falcon Does Not Record

The software does not access the contents of:

  • Documents

  • Email messages

  • Chat communications

  • Websites

CrowdStrike Falcon and Internet Access

CrowdStrike Falcon analyzes connections to and from the internet to determine if there is malicious behavior happening on a device. It may record the IP addresses of websites visited but will not log the contents of the pages transmitted. This data is used to help detect and prevent malicious actions involving websites.

Where is CrowdStrike Falcon Data Stored

CrowdStrike provides secure storage on its cloud servers for the data it collects, and NCSSM retains ownership of the data. In some cases, ITS staff members may store data collected for the purpose of investigating potential and actual IT security incidents; in this event, the data is stored securely, and is accessed only for the purposes of investigating and dealing with security incidents.

Access to Data Collected by CrowdStrike Falcon

CrowdStrike extracts anonymized data about computer processes and malicious techniques to identify new patterns of malicious behaviors, so that customers may be protected from new and emerging threats. CrowdStrike limits its own employees’ access to customer data to those with a business need. (More detail can be found in the CrowdStrike Privacy Notice.)

ITS limits the information available in Enhanced Endpoint Protection to only what is needed to identify and halt malicious activity, and access is granted only to those who need it for their work. Administrators are given training and reminded to use Enhanced Endpoint Protection only for its intended purpose in accordance with NCSSM policies.

For more information about the CrowdStrike Falcon platform, please check out this FAQ.

Access to the data is governed primarily by ITS' regulations, standards, and SOPs. Additional policies, laws, & regulations may apply.