View All Resources

CrowdStrike

CrowdStrike is a next-generation computer protection tool that uses pattern recognition to help Penn identify and respond quickly to modern cyber security threats.  While prior generations of antivirus software generally relied on looking for known bad programs, CrowdStrike improves on this approach by using pattern recognition techniques to identify viruses and other malicious activities even if they have not been previously seen or do not rely on malicious software.  

Support

The model for support for CrowdStrike is quite extensive and features a variety of avenues. Because the service is maintained through a partnership between ISC’s Desktop Engineering and the Office of Information Security, we suggest reaching out to ISC Client Care first with any inquiries and can be triaged as necessary. 

To submit a support request to Client Care please email help@isc.upenn.edu, call (215) 898-1000, or chat with an agent

CrowdStrike provides three main methods for becoming familiar with the product including but not limited to the CrowdStrike University Portal, the CrowdStrike Support Portal, and several onboarding webinars that you can gain access to once your organization gains access to your instance of CrowdStrike. 

  1. CrowdStrike University

    CrowdStrike provides three main methods for becoming familiar with the product including but not limited to the CrowdStrike University Portal, the CrowdStrike Support Portal, and several onboarding webinars that you can gain access to once your organization gains access to your instance of CrowdStrike.
     
  2. CrowdStrike Support Portal

The CrowdStrike Support portal includes access to a lot of information including Premium Support community forums, 180 videos, and FAQs.  

You’ll also have access to submit support cases but we ask that you work with ISC Client Care as much as possible to provide the highest level of support. Client Care can also assist in managing support cases if necessary. 

 As a CrowdStrike Administrator, you’ll receive an invitation to the CrowdStrike Support Portal with your username set as your Penn email address. 

Support Portal Links: 

  1. Onboarding Webinars

CrowdStrike also provides access to frequent onboarding webinars to help you get started with your deployment efforts. 

List of Onboarding Webinars 

  1. Additional training information

Additional detailed training information can be found in the Crowdstrike Training Introduction linked below:

Crowdstrike Training Introduction [PDF]

No, CrowdStrike does not access the content of emails.  As noted above, CrowdStrike monitors currently running programs at a technical level but does not look at content.  So, for example, if a PDF document attachment is downloaded from email and opened, CrowdStrike will know that the PDF reader was opened and the name of the PDF document, but will not access the content of the document.  If the PDF document has been modified to attack the computer, as is sometimes the case, CrowdStrike will attempt to detect this attack, but does not and will not use the content of the document to do this 

CrowdStrike has been reviewed and vetted prior to its use to ensure that it complies with the principles established in Penn’s Privacy in the Electronic Environment Policy and Guidelines on Open Expression. In order to function, CrowdStrike records and analyzes details about programs that are run, the logged-in user account, the name of the computer being used, how programs interact with other computers on the internet, and the names of files that are read or written.  The content of files, emails, instant messages, etc. is not accessed or recorded. For example, if Microsoft Word is used to edit a file called project.docx, CrowdStrike will record technical data about Microsoft Word and the name of the file, “project.docx.”  The content of the document will not be reviewed or recorded. 

CrowdStrike is designed to have a very low impact on computer performance.  CrowdStrike can be much more efficient than previous generations of antivirus style software because it does not scan the whole computer for virus files and because it does not access the content of files.  Instead, CrowdStrike monitors current computer activity for indicators that it is malicious. Because of this, CrowdStrike is very efficient regardless of the size of files in use and should generally not have any noticeable impact on computer performance. 

For a standard user computer, CrowdStrike only transmits about 1MB of data over the course of 24 hours.  For context, this is less than the amount of data transmitted to load a single normal web page.  For computer servers running CrowdStrike, about 5MB of data would be transmitted in the course of a day, still on the order of magnitude of loading a single web page over the internet.