Introducing: CrowdStrike Falcon

Miami is joining the ranks of other universities around the country in implementing endpoint protection to bolster our cybersecurity posture against threats like ransomware.

In today’s world, it’s critical to consider cybersecurity as an essential part of running a business – any kind of business, including a university. One important aspect of being "good" at cybersecurity is recognizing that everyone plays a role in protecting Miami data.

We are all on the same team at Miami, and we are all stewards of different data. Have you ever thought that maybe you are in possession of someone else's vital information that you need to keep safe? If you have access to student information, if you do government research, if you have permission to access any of Miami’s systems… We all have a shared responsibility to help keep that data (student, research, administrative, and otherwise) safe.

In service of that shared responsibility, the University is implementing CrowdStrike Falcon as another plank in our cybersecurity strategy, and IT Services is here to lead the way.

CrowdStrike Falcon is an Endpoint Detection and Response (EDR) solution, a security and defense tool that automatically detects and eliminates malicious activity on University devices. As a supplement to standard anti-virus software, CrowdStrike Falcon will proactively help safeguard institutional information and protect key data. The tool will help Miami respond quickly and effectively to malware, ransomware, and other malicious activity.

CrowdStrike helps Miami quickly detect and respond to increasingly advanced attacks. Especially as more university work is done remotely, we have a clear need for greater visibility into university systems and early detection of malicious activity. By detecting and quickly responding to these kinds of threats, we help protect individuals’ personal data and important credentials.

Miami is committed to your privacy and keeping your data safe. Read more about information security initiatives at our Information Security Office site and remember: Stay vigilant!

Information Security Office

Please view our Endpoint Protection Standards for more information about EDR, how we're using it at Miami, and how these standards will be implemented as we move forward.

Standard: Endpoint Protection


What is EDR?

Endpoint Detection and Response (EDR) is a particular kind of software that helps administrators monitor endpoints (computers, tablets, mobile devices, lab equipment, etc.). With EDR, it’s possible for IT administrators to respond quickly to malware, ransomware, and other threats.

What are we trying to protect?

Quite simply: University resources.

Here’s a concrete example: ransomware. Ransomware is a real threat, and it costs money and time to recover data once it has been encrypted in a malicious attack. In a survey of higher-ed IT professionals, nearly two-thirds of institutions reported ransomware attacks in 2021. The attacks are getting closer, becoming more sophisticated, and growing more frequent.

There are countless examples from across the country and world. Universities are seeing an increase in ransomware attacks, for instance, and Miami doesn’t want to join that , but it all comes down to: We are protecting you! Your identity, your data, your intellectual property.

Protecting the data of faculty, staff, and students is all of our responsibility, and CrowdStrike Falcon is a step in that direction.

How does this impact my privacy?

CrowdStrike Falcon will be deployed (remotely) on all Miami-owned endpoints (i.e., lab equipment, desktop computers, tablets, mobile devices, etc.).

The long and the short of it is: Your privacy is highly important to us, and it’s the reason IT Services is deploying CrowdStrike Falcon onto Miami machines. We want your data to be secure.

The details of how CrowdStrike Falcon works are simple. The software will record details about programs you are running and the files that you create or edit on any University device, such as the file name and any metadata (when you created the file, when you edit the file, how much space the file takes up, etc.). However, it will not read or record any of the contents of your files. Your information is yours – none of that will be shared with CrowdStrike.

Important to note: These records are not being actively monitored. These records will only be looked at if a malicious security event takes place.

How will this impact my work?

The great news is that it will not impact your work at all. The program does not require much energy to run, and we will deploy it to your devices remotely. So once you update your computer, you will have CrowdStrike installed.

What will it look like when CrowdStrike detects malware on my device?

The initial deployment of CrowdStrike only contains the sensor; it will simply detect malicious events and send alerts to the core security team. Your device will not be automatically quarantined.

As the sensor is rolled out to the University over the first several months of 2023, however, the automatic quarantine will be enabled. If a malicious event takes place (i.e., there is malware on your machine), CrowdStrike will simply remove your machine from the network. You will lose access to the internet, and a popup will appear telling you that your computer has been taken offline by CrowdStrike.

What devices will CrowdStrike Falcon be on?

CrowdStrike Falcon will be deployed (remotely) on all Miami-owned endpoints. This includes:

  • Desktop and laptop computers;
  • Tablets;
  • Mobile devices (this does not include personal devices, even if you receive a phone stipend through Miami);
  • Computer lab equipment;
  • Servers;
  • Containers and virtual machines.

This does not include your personal devices.

Timeline of Deployment

The new tool will be rolled out in phases over the course of the 2022-2023 academic year. The phases (which we are calling “groups”) are as follows:

Group One: IT Services

  • Who: Staff in IT Services, select test group
  • When: December 2022

Group Two: Technology liaisons in the divisions

  • Who: Technology support specialists, academic directors of technology, key personnel
  • When: December 2022

Group 3: Colleges and Divisions

  • Who: Faculty and staff throughout the rest of the university
  • When: January 2023 (look for word from your local technology support group!)