A campus wide initiative is underway to improve computer security, namely by installing the Splunk Forwarder and CrowdStrike on all servers by the end of June, as required by InfoSec Policy.
The Splunk Forwarder is used to gather real-time log data from servers into a searchable repository. This log data can then be used to detect and troubleshoot security incidents quickly and efficiently.
CrowdStrike, meanwhile, acts as a shield to protect servers from ransomware, malware, and other attacks. This type of tool is called an EDR, Endpoint Detection and Response. It is basically a lightweight, modern, next-gen version of an anti-virus tool.
Brian Allen, Information Security Director, says,” We have had multiple incidents on campus that spread from machine to machine, but when they finally hit a server running CrowdStrike, the game was up. CrowdStrike stopped the spread, and InfoSec was alerted. The more servers that run CrowdStrike means the better our overall defense will be.”
Allen also says, “Detecting attackers is basically a game of looking for needles in haystacks. Splunk allows us to gather all the important haystacks, namely logs, in one place and search at a blazing fast speed.”
To find more information about this initiative or find links for installation instructions, please visit the Splunk & CrowdStrike Expansion Project webpage.