A campus-wide initiative is underway to improve computer security by installing the Splunk Forwarder and CrowdStrike on all servers by the end of June, as InfoSec Policy requires.
The Splunk Forwarder gathers real-time log data from servers into a searchable repository. This log data can help detect and troubleshoot security incidents quickly and efficiently.
CrowdStrike, meanwhile, acts as a shield to protect servers from ransomware, malware, and other attacks. This type of tool is called an EDR or Endpoint Detection and Response. It is a lightweight, modern, next-gen version of an anti-virus tool.
Brian Allen, Information Security Director, says,” We have had multiple incidents on campus that spread from machine to machine, but when they finally hit a server running CrowdStrike, the game was up. CrowdStrike stopped the spread, and InfoSec was alerted. The more servers that run CrowdStrike means, the better our overall defense will be.”
Allen also says, “Detecting attackers is basically a game of looking for needles in haystacks. Splunk allows us to gather all the important haystacks, namely logs, in one place and search at a blazing fast speed.” For more information about this initiative or to find links for installation instructions, please visit the Splunk & Crowdstrike Expansion Project webpage.