IT security is a shared responsibility and a never-ending journey of incremental improvement, but some improvements are larger and come faster than others. In October 2020, ITS announced that Enhanced Endpoint Protection powered by CrowdStrike Falcon would be rolled out to university-owned computers (desktops, laptops, and servers). About six months later, as of early March 2021, Falcon has been deployed to almost 35,000 machines across all three campuses.
As you all, hopefully, are aware by now, CrowdStrike Falcon is state-of-the-art endpoint security that identifies malware, detects zero-day threats, pinpoints advanced adversaries, and prevents or mitigates damage from attacks in real-time.
Over the course of U-M deployment, ITS Information Assurance (IA) provided the tools, documentation, training, and regular forums for unit IT staff to install Falcon on endpoints. Sol Bermann, chief information security officer and executive director of ITS IA, applauded unit efforts, saying that the rollout was a model for efforts at this scale.
“Falcon was installed more quickly and more widely than I expected, which is amazing given the trying times,” said Bermann. CrowdStrike team members agreed with this assessment!
ITS and unit IT staff alike have found that CrowdStrike just works, allowing both ease of monitoring and little disruption to users. Matthew New, IT planning manager in Mechanical Engineering, is one of CoE’s Crowdstrike administrators. “Any time I hear any concerns about Falcon in our IT meetings, I just say ‘we have it on over 500 machines, and there are no problems,’ and then mute myself again.” Kevin Cheek, university incident response lead, concurs, saying, “From the very beginning, Falcon and our partnership with CrowdStrike have provided the university with significantly improved IT security capabilities, and over time we know Falcon and CrowdStrike will only do more to help protect U-M.”
Bermann cites the tenant/sub-tenant feature as being one of the most important aspects of Falcon, allowing units to monitor activity themselves: “ITS Information Assurance can’t be everywhere all the time, and we rely on units to assist in this shared responsibility. We all need to do our part to keep the university secure, and I can literally sleep better at night knowing how well the university community is protected.”
Ravi Pendse, vice president for information technology and chief information officer, expressed gratitude to everyone who helped roll out Falcon, acknowledging that teamwork is the key to success.
“Working remotely offers safety and flexibility, but at the same time, the university’s entire security perimeter is now much larger, thereby increasing risk. Falcon has been a huge resource for managing this risk. I am grateful to everyone who worked so quickly to implement Falcon and protect the university,” said Pendse.
Now that all academic campuses (Ann Arbor, Flint, Dearborn) are on the same Falcon platform, the university is better protected against cyber threats. The University of Michigan is CrowdStrike’s single largest higher ed partner, setting a strong example throughout the Big 10.
Refer to the Enhanced Endpoint Protection powered by CrowedStrike webpage on the Safe Computing site.
Questions about Falcon on ITS-managed computers and servers can be directed to ITS IA via the ITS Service Center. Questions about Falcon for unit-managed machines can be directed to the Security Unit Liaison for your unit.