EDR Offers Protection Against Current Attack Methods
Doug Streit, CISO and executive director of IT security and planning at Old Dominion University, realized several years ago that the school’s traditional anti-virus software would not be adequate to meet the challenges of the modern threat landscape.
“Workstations and laptops are notorious for being susceptible to compromise in a large enterprise computing environment,” Streit says. “We needed the ability to detect and respond efficiently to suspected security events across our endpoints.”
After rigorous testing and assessment, ODU implemented CrowdStrike Falcon Insight, which provides continuous raw event recording, delivers real-time situational awareness metrics and enables proactive and managed threat hunting.
In addition to these capabilities, Streit says, ODU opted for CrowdStrike in part because of its streamlined management platform and its ability to protect endpoints running a range of operating systems. “We needed a tool that would be easy to deploy and manage,” he says.
LEARN ABOUT: What higher ed institutions should know about security service edge.
The university is now running CrowdStrike on 7,000 devices, and Streit calls EDR “one of the anchor stores of our security mall,” along with multifactor authentication, next-generation firewall and security information and event management.
“The result has been an added layer of protection beyond a traditional anti-virus, which lets us protect against the current attack methods that we are seeing, particularly ransomware,” he says.
Recently, the EDR tool picked up a critical alert from an IT workstation used by an employee with administrative privileges. Without EDR in place, the compromise likely would have gone undetected for some time, and Streit notes that even a one-day delay could have led to disastrous consequences.
“A lot can happen in 24 hours,” he says.