CrowdStrike Falcon Sensor Malware Protection for Users at Higher Risk
Cisco Advanced Malware Protection (AMP) is now the recommended malware protection solution for the majority of UBC computers, however, some users have been identified as being at higher risk of attack by the UBC Cybersecurity Team. These users will have CrowdStrike Falcon Sensor installed on their UBC managed devices instead (those with a UBC asset tag).
The deployment of CrowdStrike to these units will happen in phases over the coming weeks starting the week of June 1, 2020.
Who is affected?
Individuals on both Vancouver and Okanagan campuses, who have been identified by the UBC Cybersecurity Team as accessing, processing or storing significant amounts of Medium, High or Very High Risk Information will have CrowdStrike installed as the required malware protection on their UBC IT supported devices.
The initial prioritization for the deployment of CrowdStrike is based on current global threat levels. For information on which units have been identified or other queries about the deployment please email firstname.lastname@example.org.
All other staff and faculty will have CISCO AMP automatically installed as replacement for Sophos.
CrowdStrike Falcon Sensor is a Next-Generation Antivirus (NGAV) product that protects computers from malicious activity by analyzing what the computer is doing, and comparing it against known malicious behaviour patterns and systems, rather than relying on on-demand scanning of files accessed and in-use of regular antivirus products.
How will this change affect the end user?
Users will notice very little change, if any. The deployment will uninstall the existing anti-malware software, Sophos or AMP, and install CrowdStrike in its place. Some users may notice pop-up windows in the lower right side of the screen while this happens.
Once installed, CrowdStrike is invisible to the user with no icons or messages to indicate it is installed and operating.
Does the user need to do anything for the installation?
No. Users are not required to do anything.
Users that are on campus or connect to UBC’s myVPN (myvpn.ubc.ca or myvpn.ok.ubc.ca) will receive the update automatically. Once CrowdStrike is installed there will be no indication either on the screen or in the system tray that the change has taken place.