Skip to main content
Visit Remote Work Tools & Guidelines and Student Remote IT Support for details on working remotely under the University's Coronavirus (COVID-19) recommendations
Penn Information Systems & Computing Systems Home

Search form

  • Find my LSP
  • Penn
System Status
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • — Services A to Z —
    • Accounts, Access & Security
      • Access Management Services
      • Active Directory
      • Identity Management Services
      • Information Security Services
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Backup for Desktop & Laptop
      • Cloud Solutions
      • Data Center Services
      • Database & Middleware Services
      • Endpoint Management
      • Recovery Services
      • Storage
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • Desktop Engineering
      • IT Community Events
      • Knowledge Link
      • LinkedIn Learning
      • Provider Support Services
      • Tech Center
    • Consulting & Professional Services
      • Brokered Products
      • HireIT
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Penn Email Routing
      • Penn+Box
      • PennNet Mailing Lists
      • PennO365
      • PennZoom
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • Network Design & Installation
      • Network Names & Numbers
      • PennNet
        • MAGPI (Penn's Internet2 Regional Optical Network)
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Broadcasting Studio
      • Contact Center
      • Live Video Streaming
      • Penn Video Network
      • PennFlex Phone
      • PennNet Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Services
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
  • Collaborations
    • Engaging Penn’s IT Community
    • Identity & Access Management
    • Cloud First
    • Next Generation Unified Communications
    • IT Advisory Groups
      • Common Solutions
      • IT Roundtable
      • Network Policy Committee
      • Penn Technology Investment Committee
        • About PTIC
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
  • News
  • Events
  • About
    • Overview
    • Leadership & Groups
    • Purpose & Values
    • Strategic Goals
    • Recognition
    • Tech Jobs @ Penn
    • Contact Us
  • Hot Topics
  • Get Help
    • Support Center
    • Contact ISC Client Care
    • Rates for All Services

You are here

Home » CrowdStrike

CrowdStrike

CrowdStrike is a computer security program being used by Penn to offer enhanced protection to some Penn owned and managed computers.

Please see the FAQ below for additional details.

What is CrowdStrike?

CrowdStrike is a next-generation computer protection tool that uses pattern recognition to help Penn identify and respond quickly to modern cyber security threats.  While prior generations of antivirus software generally relied on looking for known bad programs, CrowdStrike improves on this approach by using pattern recognition techniques to identify viruses and other malicious activities even if they have not been previously seen or do not rely on malicious software.  For example, CrowdStrike can help identify when a user’s password has been stolen or if a cyber-attack is being attempted by sending malicious commands to a computer.

What information does CrowdStrike have access to?

CrowdStrike has been reviewed and vetted prior to its use to ensure that it complies with the principles established in Penn’s Privacy in the Electronic Environment Policy and Guidelines on Open Expression. 

In order to function, CrowdStrike records and analyzes details about programs that are run, the logged-in user account, the name of the computer being used, how programs interact with other computers on the internet, and the names of files that are read or written.  The content of files, emails, instant messages, etc. is not accessed or recorded. 

For example, if Microsoft Word is used to edit a file called project.docx, CrowdStrike will record technical data about Microsoft Word and the name of the file, “project.docx.”  The content of the document will not be reviewed or recorded.

Does CrowdStrike read my email?

No, CrowdStrike does not access the content of emails.  As noted above, CrowdStrike monitors currently running programs at a technical level but does not look at content.  So, for example, if a PDF document attachment is downloaded from email and opened, CrowdStrike will know that the PDF reader was opened and the name of the PDF document, but will not access the content of the document.  If the PDF document has been modified to attack the computer, as is sometimes the case, CrowdStrike will attempt to detect this attack, but does not and will not use the content of the document to do this.

How is the information collected by CrowdStrike accessed and used?

CrowdStrike uses a secure cloud computing environment to analyze the information it collects to look for patterns that could indicate a cyber-attack against Penn.  When a potential attack is identified, an alert is sent to trained and vetted CrowdStrike IT staff to review who can then pass the alert to Penn.  Within Penn, information and alerts related to a particular school or center are only available to the IT team for that school or center, and within each IT team, only a small number of authorized individuals can access CrowdStrike.  Penn’s Office of Information Security can view alerts across all of Penn in order to help provide coordinated responses to attacks that target more than one School or Center.  This approach is similar to how Penn manages Symantec Endpoint Protection, Penn’s long-standing antivirus software, and is governed by Penn’s Privacy in the Electronic Environment Policy. 

Why is Penn using CrowdStrike?

As you would expect, the cyber-security threats to Penn continue to evolve, and in order to address those threats, Penn’s cyber-security measures need to evolve as well. CrowdStrike specifically helps enhance Penn’s ability to better detect the way a modern hacker would attempt to move from one compromised computer to another and attacks that leverage normally benign computer tools for malicious purposes.

Will CrowdStrike slow down my computer or cause problems when I work with large files?

CrowdStrike is designed to have a very low impact on computer performance.  CrowdStrike can be much more efficient than previous generations of antivirus style software because it does not scan the whole computer for virus files and because it does not access the content of files.  Instead, CrowdStrike monitors current computer activity for indicators that it is malicious. Because of this, CrowdStrike is very efficient regardless of the size of files in use and should generally not have any noticeable impact on computer performance.

Does CrowdStrike consume significant network bandwidth?

For a standard user computer, CrowdStrike only transmits about 1MB of data over the course of 24 hours.  For context, this is less than the amount of data transmitted to load a single normal web page.  For computer servers running CrowdStrike, about 5MB of data would be transmitted in the course of a day, still on the order of magnitude of loading a single web page over the internet.

Will CrowdStrike interact badly with specialized software or programs like antivirus?

It is not anticipated that CrowdStrike will cause problems with other programs, and initial deployments to hundreds of computers have not resulted in reports of problems.  CrowdStrike has been deployed at many of our IvyPlus peer institutions without issue.  Similarly, CrowdStrike has been deployed alongside existing antivirus successfully without issue in Penn’s tests, initial deployments and at organizations outside of Penn.

How long does CrowdStrike store the data it collects?

The data CrowdStrike initially collects is retained for up to thirty days, after which time it is securely deleted. Certain data points are retained longer, such as alerts around potentially malicious computer activity that might indicate an attack is in progress. The longest that CrowdStrike will retain this narrower set of data is one year.  

Share:

  • Facebook
  • Twitter
Print
InfoSec Home
Resources
  • CrowdStrike
  • Penn Policy on Privacy in the Electronic Environment
  • Guidelines on Open Expression
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn
System Status

© 2021 THE UNIVERSITY OF PENNSYLVANIA — 3401 Walnut Street, Philadelphia, PA 19104 — Report accessibility issues and get help — For ISC Staff