Reducing risk to university devices and data
The Office of the CIO and our campus IT partners have embarked on a multi-year effort to increase protection for our people, resources and data. Through endpoint management enrollment and security incident detection software (CrowdStrike), we are setting a baseline secure standard on university owned systems and enhancing overall security. The first phase began in fall 2023 with communications, gathering feedback from stakeholders, and implementing a pilot that became the model for unit engagements.
How is the effort progressing?
The team has worked closely with each unit’s IT leadership and staff to create individualized implementation plans that incorporate unit specific challenges, striving to ensure that resources needed for success are available.
Nearly all colleges and units have been onboarded and to date 35,000+ computers have been updated.
Read about the success already achieved by the University Library and College of Education.
Unit onboarding
| Units completed phase one | 2 |
| Units in progress | 32 |
| Units slated to begin | 6 |
Why is this needed now?
Colleges and universities remain frequent targets of cybercriminals. According to IBM’s Cost of a Data Breach Report, the average cost of a breach in higher education is $3.6 million. With your cooperation and the continued support of IT professionals, CII will help defend our campus from such threats. Together, we can build a safer digital environment for everyone.
Cyberattacks against higher education are growing increasingly sophisticated and federal and state agencies require us to meet stricter compliance targets. We must elevate our cybersecurity practices through endpoint management and CrowdStrike, which will provide:
- Visibility into the state and nature of systems on our network
- Better vulnerability management through prompt updates
- Robust protection against ransomware, malware and other attacks that can lead to costly and time-consuming data loss
- Streamlined required auditing
Granting agencies, especially governments, expect grantees to demonstrate the highest cybersecurity standards. Universities with less network visibility are at a disadvantage in the grant funding landscape and remain at greater risk of data loss or theft and data breaches.
Frequently asked questions
Staff/Faculty
| How will CrowdStrike affect my computer’s performance? | There should be minimal to no discernable effect on your system’s performance. |
| How will I know if CrowdStrike stopped a virus/malware on my machine? | In most cases CrowdStrike should present you with a pop-up notification when CrowdStrike blocks, stops, or quarantines a file or process. CrowdStrike sends the same notifications to your local IT pro. They will work with you to address the virus/malware. Additional information can be found in the Endpoint Security, CrowdStrike, Notification from Security answers article. https://answers.illinois.edu/illinois/97835 |
| What do I do if it prevents me from running legitimate software? | We don’t expect CrowdStrike to block the running of legitimate software. In the rare cases it does, your IT Pro can configure CrowdStrike to allow your software application to run. |
| Is my information being tracked? | CrowdStrike’s software records details about programs that are run and the names of files that are read or written. CrowdStrike software analyzes connections to and from the Internet to determine if there is malicious behavior. It may record websites visited on the Internet but will not log the contents of data transmitted. This data is used only for determining if malicious behavior is occurring. More details are available at: https://answers.illinois.edu/illinois/page.php?id=94539. |
| Why are these changes being required? | Every computer on our shared network that is not actively managed poses a cybersecurity risk to everyone else on our network. These changes are basic cybersecurity steps needed to help secure data and private information of all our faculty, students and staff. Computer management and incident detection software is also increasingly required by federal granting agencies. |
| How will this impact my research? | Federal granting agencies are increasingly requiring systems used for grant funded research to be actively managed. Having this software on your computer can help you with your grant compliance. |
| How will this impact the device/instruments connected to the computer with CrowdStrike installed? | CrowdStrike works by monitoring computer process executions, file read/writes, network activity and process relationships. We don’t anticipate it negatively impacting a device connected to a computer. However, we are happy to find solutions for any problems that might in rare cases arise. |
| Will this break my custom software I’m using? | We do not expect it to. Because CrowdStrike does not do point-in-time scans and does not request “hashes” of large data files, there should be no impact or interaction. IT Pros can work with you to allow software installation and execution in cases where CrowdStrike stops a legitimate application. |
IT Pros
| What support is there for those of us completing the work? | Technology Services has endpoint management and cybersecurity staff as well as data analysts and communication specialists dedicated to this initiative. We will work with every unit to help with any barriers to success. |
| How does this look in computer labs and other shared device environments? | This has been successfully deployed in many labs across campus and aligns well to existing lab management practices. |
| What does installing Endpoint Management look like/mean on Windows, Mac, Linux? | Technology Services Endpoint Services provides tools to IT Professionals to facilitate the delivery of software, operating system patches, and system configurations; automated collection of computer inventory information; and device setup. Most of the services have an agent that is installed locally on devices. See “What is Endpoint Services?” article. |
| Is CrowdStrike really fully supported for Linux now? | Linux features differ from Mac and Windows but is fully supported across dozens of Linux distributions. |