As of 2023, CrowdStrike implementation is mandatory for all endpoints (servers and workstations/laptops) as an added safeguard against cyber attacks. GTA covers the cost for this service at this time. CrowdStrike uses artificial intelligence (AI) technology to detect intrusions across networks and provides real-time protection against malware and threats. It does this in two ways:
- It catches and blocks known malicious code.
- It detects new threats before they can spread through your network, so you can stop them before they cause damage to other systems on your network or within the organization's internal operations.
Georgia's Cyber Defense
What is CrowdStrike?
The CrowdStrike Falcon platform is designed to maximize customer visibility into real-time and historical endpoint security events by gathering event data needed to identify, understand, and respond to attacks.
CrowdStrike delivers incident response, technical assessments, training, and advisory services that help you prepare and defend against advanced threats, respond to widespread attacks, and enhance your cybersecurity practices and controls.
What is Endpoint Security?
Endpoint security focuses on protecting "endpoints," or devices of an organization's IT infrastructure. It includes antivirus and antimalware software, firewalls, and intrusion detection/protection systems.
An endpoint is any physical device that can be connected to a network, including computers, laptops, mobile phones, tablets, and servers. The list of endpoints continues to grow to include many nontraditional items, such as printers, cameras, appliances, smart watches, health trackers, navigation systems, and any other device that can be connected to the internet.
GTA is installing CrowdStrike on the following endpoints:
- Cloud endpoints
- Mobile devices
How Does It Work?
CrowdStrike uses a platform built specifically to protect cloud processes and technologies. It's called a cloud-native platform which refers to applications, services, and infrastructures that are designed to take advantage of cloud computing technologies.
It helps protect areas of enterprise risk, such as endpoints and cloud workloads, identity, and data, so you can stay ahead of cyber threats and prevent security breaches.
It leverages real-time indicators of attack and threat intelligence to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting, and prioritized observability of vulnerabilities.
CrowdStrike promises superior protection, better performance, reduced complexity, and immediate time-to-value.
Who It's for
GTA is making this product offering available to:
- Executive branch
- Education, K-12
- Technical College System of Georgia (TCSG)
- University System of Georgia (USG)
The agency's cost would normally be determined by the amount GTA spends to offer this service. Because GTA is currently paying for it, agencies will not incur any costs at this time for license and subscription purchases. However, county and other local government customers will be required to pay for it.
The manufacturer's retail price for these licenses is $28 per endpoint per year.
Onboarding, Implementation, and Support
Identify Two Agency Individuals Who Will Receive Access to CrowdStrike
Access should be given to:
- An agency security team member (ISO)
- An IT operations team member who can download and install the sensors
GTA OIS will:
- Accommodate up to 4 logins per agency if absolutely required
- Request 2 accounts to CrowdStrike University per agency
- CrowdStrike University is CrowdStrike's Learning Management System (LMS).
- GTA OIS provides two accounts per agency to enable staff to build familiarity with CrowdStrike.
To Request Account Creation from GTA OIS
Send an email from the agency CIO or ISO to [email protected] with names and email addresses. If you need more than two, designate the two to receive access to CrowdStrike University.
Steps to a Successful Implementation
- Schedule CrowdStrike onboarding: GTA Customer Success Managers (CSM) can assist with this process.
- Agency logins: Creation of 2 - 4 agency logins with access based upon agency type (managed/unmanaged).
- Download and install sensors from CrowdStrike: Endpoint EDR agents.
- Request agency access for CrowdStrike University: Request two accounts for each agency.
GTA OIS Security Operations Team will:
- Work with agency personnel to ensure login to consoles
- Provide a three-page CrowdStrike "quick deployment guide" for agency reference on basic navigation and how-tos in the console
- Schedule screen sharing sessions to assist agency staff in navigation and familiarization on an as-needed bases
- Agencies receiving server or end user computing managed services through GTA should not have to install sensors on those managed endpoints.
- All agency-managed endpoints will need to have sensors installed by agency personnel.
Installing CrowdStrike in Cloud Environment
For AWS or cloud server endpoints:
- Customer Success Managers (CSM) will coordinate and schedule a meeting with the GTA Office of Information Security (OIS) and agencies to discuss CrowdStrike installation for cloud environments.
- Agencies will be responsible for installing CrowdStrike for cloud servers.
- GTA OIS will work with agencies to provide them with appropriate credentials to download executables for accelerated environments in AWS.
If you have questions or concerns, contact your CSM.
Agencies whose endpoints are managed by GTA (managed endpoints):
- Agency calls in tickets through Service Desk
- Workstation issues are assigned to NTT Data to address and resolve
- Server incidents are assigned to Unisys queue to address and resolve
Executive branch agencies and agency-managed endpoints (not managed by GTA):
- Agencies will work with and through the GTA Office of Information Security (OIS) via [email protected] (email for assistance)
- GTA OIS will engage CrowdStrike as needed to aid in problem resolution