Blog

A Comprehensive Guide for Cybersecurity Professionals in Cyprus and Greece. 

Introduction 

With cyber threats growing more sophisticated, strong endpoint protection is now essential for organisations. Businesses in Cyprus and Greece need flexible cybersecurity approaches to tackle today's challenges and prepare for future risks. CrowdStrike provides advanced tools for security endpoints, and this guide is specifically designed for professionals in the region. Inside, you'll find comprehensive information and step-by-step instructions for setting up CrowdStrike's endpoint protection according to best practices, helping you maintain robust security and stable operations. 

Why Choose CrowdStrike? 

CrowdStrike is a prominent entity in the cybersecurity sector, known for its innovative technology and robust threat detection capabilities. Its solutions employ advanced machine learning and behavioural analytics to effectively identify, prevent, ad address complex cyber threats. With a cloud-native architecture, CrowdStrike delivers streamlined, efficient, and real-time protection for organisations. The company provides comprehensive and tailored security services, addressing concerns such as zero-day vulnerabilities and risk management within multifaceted network environments. For enterprises in Cyprus and Greece, selecting CrowdStrike equates to securing digital assets in partnership with a firm recognised for reliability and precision. 

Additionally, CrowdStrike's platform enables rapid deployment and scalability, making it appropriate for organisations of varying sizes. Its intuitive management console allows security teams to oversee endpoints, conduct incident investigations, and coordinate responses from a unified interface, thereby reducing complexity and enhancing operational efficiency. CrowdStrike also supplies proactive threat intelligence, which assists businesses in anticipating and mitigating emerging cyber risks before they affect critical infrastructure. The solution supports multiple operating systems and integrates seamlessly with existing IT infrastructures, offering flexibility for diverse environments. Lastly, continuous updates and access to global threat intelligence ensure that CrowdStike's protection adapt to evolving attack methodologies, upholding a high standard of security for organisations in an ever-changing digital environment. 

Step-by-Step Guide to Configuring CrowdStrike Endpoint Protection 

Install the CrowdStrike Falcon Sensor 

To initiate the process, install the CrowdStrike Falcon Sensor on all endpoint devices. This sensor is responsible for collecting data and transmitting it to the CrowdStrike cloud for analysis. 

1. Log in to the CrowdStrike Falcon Platform. 
2. Navigate to the "Sensor Downloads" section. 
3. Select and download the version compatible with your operating system. 
4. Execute the installer and follow the provided instructions. 
5. Confirm successful installation by reviewing the status in the "Host Management" section. 

Configure Policies 

CrowdStrike Falcon utilises a comprehensive, multi-layered approach to detect both known and emerging threats, thereby ensuring strong protection across all stages of an attack. To maintain optimal security, it is essential to enable all recommended prevention policies. Attackers frequently exploit techniques such as privilege escalation, credential theft, lateral movement, and system exploitation, Consequently, achieving complete visibility across the entire attack lifecycle is vital. Partial activation of prevention policies- for instance, enabling only 8 out of 10 options- does not equate to proportional protection; if a critical policy remains inactive, the environment may still be fully exposed to risk. 

Before deploying any policy updates in a production environment, it is best practice to thoroughly assess them with a pre-production setting. This evaluation process facilitates the prioritisation of detections and adjustment of configuration to minimise false positives through effective IOC management, advanced machine learning, and IOA exclusions. For further information, please consult the Custom Settings and Configuration documentation. 

For organisations new to CrowdStrike Falcon, adopting a structured three-phase strategy for configuring prevention policies is advised. As additional features are introduced, they should be incorporated into production environments following established change control procedures. 

Three-phase prevention policy settings

The three-phase approach to prevention policy settings provides a structured framework or implementing CrowdStrike's best practices, facilitating progression from intial deployment to complete optimisation. For environments currently utilising antivirus or Host Intrusion Prevention Systems (HIPS), it is recommended to initiate the process with Phase 1 to prevent potential conflicts. When such solutions are not available, organisations may proceed directly to Phase 2. All transitions between phases should comply with established change control protocols, ensuring smooth implementation while allowing for necessary adjustments, including exclusions, IOC management, and the development of custom IOA rules to reduce false positives. 

This methodology is designed to help organisations achieve comprehensive sensor deployment across all eligible endpoints within 45 days, thereby enabling advancement to Phase 2 settings. Within 90 days of initial deployment, Phase 3 settings can be implemented across all hosts to leverage CrowdStrike's advanced capabilities fully. By following this phased approach, organisations can maintain optimal protection while minimising disruptions throughout the transition process. 

Phase 1: Initial Deployment 

This phase is designed for environments equipped with existing anivirus or Host Intrustion Prevention Systems (HIPS), facilitating rapid deployment with minimal operational impact. Host groups should be assigned, and Phase 1 executed for the minimum required period to ensure application compatibility while resolving detections and addressing any false positives. This stage generally spans no more than 45 days. 

During Phase 1: 

• Machine Learning (ML) settings are implemented in detect-only mode, enabling a safe assessment of detections without triggering immediate preventive measures. 
• Most IOA-based settings remain inactive but continue to record detections, permitting comprehensive review and analysis of flagged activities. 
• Behaviour-based ransomware protection and IOA settings with a low likelihood of false positives are activated to strengthen defences against significant threats. 

This premilinary phase establishes a foundation for further refinements during Phase 2 and 3, promoting both operational continuity and robust threat assessment. It ensures the environment is well-prepared for the full integration of advanced security features in the following stages. 

Phase 2: Interim Protection 

This stage represents a critical juncture in the transition process, offering enhanced security measures as third-party antivirus solutions are systematically decommisioned. Begin by assigning host groups and executing Phase 2 for the minimum period required- generally no longer than 45 days- to maintain seamless applications performance as detections are triaged and false positives are resolved. 

Key aspects of this phase include: 

• Setting Machine Learning (ML) detection to "Aggressive" mode for heightened sensitivity, while configuring ML prevention to "Moderate", ensuring a balanced approach between security and operational reliability. 
• Activating additional IOA-based prevention settings to expand threat coverage and proactively address potential risks. 

Upon completion of this phase, the environment should be significantly strenghtned, establishing a robust foundation for the full implementation of advanced protection settings in Phase 3. 

Phase 3: Optimal Protection 

This phase is designed to deliver optimal protection by implementing the recommended prevention settings as the primary policy objectives. Refine exclusion parameters, manage indicators of compromise (IOC). develop custom indicators of attacks (IOA) rules, assign non-production systems to this policy, and conduct comprehensive testing. Confirm that host groups are fully covered. Notable features include: 

• Aggressive machine learning-based prevention mechanisms. 
• Activation of all remaining recommended IOA-based prevention settings. 

CrowdStrike Best Practices 

To ensure optimal performance and security, follow these best practices recommended by CrowdStrike: 

Regularly Update the Falcon Sensor 

for the protection of your systems, it's important to keep the Falcon Sensor up to date. Updating regularly not only boosts security but also makes the sensor work better overall. Keeping your software current allows your organisation to take full advantage of the Falcon platform and stay protected against emerging threats. 

Implement Multi-Factor Authentication (MFA) 

To further secure your CrowdStrike Falcon Platform, it is recommended to enable Multi-Factor Authentication (MFA). MFA introduces an extra verification step, substantially reducing the likelihood of unauthorised access and reinforcing your security posture. By implementing MFA, you help protect sensitive information and ensure that only approved individuals are able to access critical resources. 

Conduct Regular Security Assessments 

Conducting regular security assessments is critical to sustaining an effective security posture. Through continuous evaluation of security controls, organisations can proactively detect and mitigate potential vulnerabilities before exploitation occurs. These assessments should encompass penetration testing, vulnerability scanning, and comprehensive reviews of security policies and procedures. Addressing assessment findings promplty helps ensure that defences remain robust and responsive to evolving threats. 

Train Your Staff 

Educating staff on cybersecurity best practices is essential to ensure effective response to potential alers and incidents. Organisations should conduct regular training sessions to keep personnel up-to-date on emerging threats and corresponding mitigation strategies. Incorporating practical exercises, such as simulated attacks, enhances team preparedness and the capacity to manage real-world scenarios efficiently. Fostering a culture of ongoing learning and vigilance enables organisations to strengthen their defences against cyber threats. 

Conclusion 

To ensure strong cybersecurity, it is imperative to follow CrowdStrike's endpoint configuration best practices, regardless of whether operations are based in Athens or Cyprus. Recommended measures include regularly updating endpoint security software, implementing multi-factor authentication protocols, and performing scheduled security audits. Additionally, providing employees with continuous training to raise awareness of common cyber threats is highly advised. For further assistance, consider consulting a reputable CrowdStrike reseller such as IBSCY Ltd for expert guidance, tailored security solutions, and ongoing technical support. 

Elias Georgiou, is the Team Leader of the Implementations Department. Elias holds a BSc in Computing and a MSc in Computer Network Administration and Management from the University of Portsmouth. He has been a dedicated member of the IBSCY Ltd team since 2016.