Reducing risk to university devices and data
The Office of the CIO and our campus IT partners are embarking on a multi-year effort to increase protection for our people, resources, and data. Through endpoint management enrollment and security incident detection software (CrowdStrike), we will set a baseline secure standard on university owned systems and enhance overall security.
The team will work closely with each unit’s IT leadership and staff to create an individualized implementation plan that incorporates unit specific challenges. We will strive to ensure that the resources needed for success are available.
Why is this needed now?
Cyberattacks against higher education are growing increasingly sophisticated and federal and state agencies require us to meet stricter compliance targets. We must elevate our cybersecurity practices through endpoint management and CrowdStrike, which will provide:
- Visibility into the state and nature of systems on our network
- Better vulnerability management through prompt updates
- Robust protection against ransomware, malware and other attacks that can lead to costly and time-consuming data loss
- Streamlined required auditing
Granting agencies, especially governments, expect grantees to demonstrate the highest cybersecurity standards. Universities with less network visibility are at a disadvantage in the grant funding landscape and remain at greater risk of data loss or theft and data breaches.
When will this take place?
The first phase begins in fall 2023 with communications, gathering feedback from stakeholders, and implementing a pilot that will become a model for future unit engagements. Any unit interested in being added to the list early in the effort is encouraged to contact securitysupport@illinois.edu
Full implementation is expected to take two to three years.
How will my unit know when it is our turn?
Technology Services endpoint management and cybersecurity professionals will collaborate with unit leaders and IT Professionals on a specific implementation plan that meets staffing and budget needs. Your unit leadership will provide notice to staff regarding staffing, expectations, and timelines as your unit comes up for installation.
Additional Information
Staff/Faculty
| How will CrowdStrike affect my computer’s performance? | There should be minimal to no discernable effect on your system’s performance. |
| How will I know if CrowdStrike stopped a virus/malware on my machine? | In most cases CrowdStrike should present you with a pop-up notification when CrowdStrike blocks, stops, or quarantines a file or process. CrowdStrike sends the same notifications to your local IT pro. They will work with you to address the virus/malware. Additional information can be found in the Endpoint Security, CrowdStrike, Notification from Security answers article. https://answers.illinois.edu/illinois/97835 |
| What do I do if it prevents me from running legitimate software? | We don’t expect CrowdStrike to block the running of legitimate software. In the rare cases it does, your IT Pro can configure CrowdStrike to allow your software application to run. |
| Is my information being tracked? | CrowdStrike’s software records details about programs that are run and the names of files that are read or written. CrowdStrike software analyzes connections to and from the Internet to determine if there is malicious behavior. It may record websites visited on the Internet but will not log the contents of data transmitted. This data is used only for determining if malicious behavior is occurring. More details are available at: https://answers.illinois.edu/illinois/page.php?id=94539. |
| Why are these changes being required? | Every computer on our shared network that is not actively managed poses a cybersecurity risk to everyone else on our network. These changes are basic cybersecurity steps needed to help secure data and private information of all our faculty, students and staff. Computer management and incident detection software is also increasingly required by federal granting agencies. |
| How will this impact my research? | Federal granting agencies are increasingly requiring systems used for grant funded research to be actively managed. Having this software on your computer can help you with your grant compliance. |
| How will this impact the device/instruments connected to the computer with CrowdStrike installed? | CrowdStrike works by monitoring computer process executions, file read/writes, network activity and process relationships. We don’t anticipate it negatively impacting a device connected to a computer. However, we are happy to find solutions for any problems that might in rare cases arise. |
| Will this break my custom software I’m using? | We do not expect it to. Because CrowdStrike does not do point-in-time scans and does not request “hashes” of large data files, there should be no impact or interaction. IT Pros can work with you to allow software installation and execution in cases where CrowdStrike stops a legitimate application. |
| I didn’t have to do this in my other unit. | The Cybersecurity Improvement Initiative is campus wide. If a unit is currently not requiring computer management and incident response software, they will in the near future. We understand that your work depends on your computer functioning. Your computer is a university owned device, and we have an obligation to do everything we can to protect your data and the data of everyone using our network. Computer management is a basic cybersecurity requirement and what we are installing will protect your work not impede it. |
IT Pros
| What support is there for those of us completing the work? | Technology Services has endpoint management and cybersecurity staff as well as data analysts and communication specialists dedicated to this initiative. We will work with every unit to help with any barriers to success. |
| How does this look in computer labs and other shared device environments? | This has been successfully deployed in many labs across campus and aligns well to existing lab management practices. |
| How do we deal with customers who won’t allow us to install CrowdStrike/Endpoint Management? | This initiative has the support of the Chancellor, Provost, Deans, CIO and CISO. Nearly all university-owned devices will be fitted with Endpoint Management and CrowdStrike for the safety and security of our university network. |
| What does installing Endpoint Management look like/mean on Windows, Mac, Linux? | Technology Services Endpoint Services provides tools to IT Professionals to facilitate the delivery of software, operating system patches, and system configurations; automated collection of computer inventory information; and device setup. Most of the services have an agent that is installed locally on devices. See “What is Endpoint Services?” KB: https://answers.illinois.edu/89030 |
| Is CrowdStrike really fully supported for Linux now? | Linux features differ from Mac and Windows but is fully supported across dozens of Linux distributions. |