CrowdStrike Introduction and Operation Support Services

CrowdStrike × IdealRoute Consulting

The way office workers work is changing dramatically, and so is the way they think about cybersecurity.
Specifically, there has been a shift from traditional measures of internal and external security to measures based on zero-trust. However, many companies are faced with many issues when they start to consider how to proceed, the scope of consideration, and restrictions in actually introducing a zero-trust mechanism.
IDR, which has expertise in the operation of i-FILTER, m-FILTER, and many other security products, can provide a wide range of support from evaluation and study of EDR products to implementation and operation.

We solve your problems

  • Don't know much about EDR products and be wondering where to start.
  • We are already using EDR products but are dissatisfied and have issues and would like to get appropriate advice to improve them.
  • You want to conduct a PoC evaluation of an EDR product to determine its effectiveness before introducing it, and you need assistance with the evaluation.


Installation support by CrowdStrike technicians

Installation support by CrowdStrike technicians

  • We provide comprehensive support for the confirmation of the environment necessary for the introduction of CrowdStrike and the actual installation work. For customers who wish to conduct evaluation and verification such as PoC/PoV, we will support from the preparation stage, including the formulation of evaluation items.
  • We will configure the system to work according to the customer's wishes. We will customize the settings according to the customer's requests, such as settings in accordance with the customer's past policies or our recommended settings.
Long-term support for SOC operations

Long-term support for SOC operations

  • We handle basic operational tasks such as primary investigation of daily alerts (over-detection and false positive), white-listing, and monthly compilation and reporting of alert content. For threat alerts that are not overdetections or false positives, we conduct secondary investigation (identification of the threat and examination of the assumed scope of impact).
  • Based on the results of the secondary investigation, we provide information useful for customer actions in response to threat alerts.

Work Steps in Installation Support

STEP01|Confirmation of requirements

We will confirm the client's requirements and organize a plan, such as whether the client will conduct PoC/PoV for verification and study period, or whether the client will implement the system as soon as possible and proceed with tuning while operating the system.


We configure CrowdStrike on behalf of the client. We will flexibly respond to your requirements in terms of configuration.
※Agent installation is not included in the basic menu.

STEP03|Start of use

Start of use
After the setup is completed, Agents will be installed in a few terminals first, and then gradually distributed to all terminals while confirming the normality of the system.
In addition, since a large number of alerts are generated in the initial stage of installation, we will also support tuning for stable operation, such as suppressing unnecessary alerts.

Contents of Introduction Support Menu

In addition to support for all phases from the proposal of the installation configuration to the start of use, we also provide an inquiry period to ensure a smooth start of use.

Implementation of Poc and PoV

- We perform the initial setup required for operation.
- We support PoC, PoV, and other verification according to your needs.

Requirement definition and design

Hearing the customer's system environment in detail
- Propose introduction method that fits the system configuration
- We confirm requirements and design the system. We submit requirement definition and design documents in our format as deliverables.

Setup work

Based on the requirements definition and design, we will make the necessary configuration changes.

Operational design

We design the flow of the operation process, such as organizing the process of alerts from CrowdStrike.

Tuning support

- Tuning is performed as necessary for alerts that occur.
- We regularly examine and respond to alerts.