“CrowdStrike is similar to Sophos, but it does things in a new way to match the sophistication of the bad actors who are trying to get your data or take over your computer,” said Ian Vaino, IT’s department head for user support. “The malware out there is getting smarter and has adapted to existing programs. CrowdStrike is cloud-based and looks for unusual behavior patterns that indicate something suspicious is occurring. It alerts us to a change in behavior, and we can quickly evaluate to see if something is trying to breach our defense.”
Vaino says IT wants to enable collaborative research by verifying that the components can be trusted at every point in the process. CrowdStrike has already alerted on over 100 suspicious detections at the Lab. In cases of ambiguity, IT’s endpoint management team worked with the computer users to confirm they were legitimate actions. CrowdStrike so far identified and quarantined several dozen suspicious processes that escaped detection by Sophos. In one case, CrowdStrike detected several malicious programs on one system and enabled the IT team to quarantine them before they could cause damage.
CrowdStrike software is available for Mac and Windows users, with a Linux version scheduled to be introduced later. There is no mobile client, and it is not licensed for personal use. “You should take a few minutes to protect your personal computer as well,” said Vaino. “Windows has Windows Defender installed, and Macs have XProtect, which is part of the system software. The number of malicious attempts continues to increase and everyone needs to be vigilant and take precautions.”