CrowdStrike Falcon Sandbox Reviews

My deployment model for CrowdStrike Falcon Sandbox is cloud-based.

I am using AWS as the cloud provider for CrowdStrike Falcon Sandbox.

I am using CrowdStrike Falcon Sandbox on the endpoint.

What I appreciate about this solution is that it is very lightweight.

The cloud deployment of CrowdStrike Falcon Sandbox benefits my organization because we can access it from anywhere and at any time we can get the information.

One area that could be improved about CrowdStrike Falcon Sandbox is its console; it should be more user-friendly.

There is room for improvement in terms of support.

They are slow regarding what could be improved in support.

I have been using CrowdStrike Falcon Sandbox for almost two years.

CrowdStrike Falcon Sandbox is stable.

CrowdStrike Falcon Sandbox is scalable.

From one to ten, I would rate the support of CrowdStrike Falcon Sandbox as eight.

Before choosing CrowdStrike Falcon Sandbox, I evaluated other options and was already using Sophos.

I chose CrowdStrike Falcon Sandbox instead of Sophos because it was lightweight and Sophos was resource hungry.

It was very easy to install CrowdStrike Falcon Sandbox because our partner helped me.

We did not spend any time on installation of CrowdStrike Falcon Sandbox.

CrowdStrike Falcon Sandbox implementation was done by the partner, and I do not need many people for that.

I cannot definitively say if it provides a return on investment, but if it is a Ferrari, then I cannot complain about the return on the investment.

I am not sure if there is a financial benefit; maybe, maybe not, as we did not evaluate that aspect.

I think it can be expensive, but it depends on the products.

The impact of CrowdStrike Falcon Sandbox on automated features is maintained by the partner.

Customizable reports partly help me with my team's investigations.

We are not using any other security tools; we are only using the Falcon.

In my organization, approximately 50 users are using CrowdStrike Falcon Sandbox.

There is nothing that requires maintenance; the partner handles it.

I rate CrowdStrike Falcon Sandbox eight out of ten.

The major use case for CrowdStrike Falcon Sandbox is that we are using it with customers who need to check and validate the data the users are uploading to them, to check all the files and all the data received, to make sure that there is no suspicious data, no threat, and so on.

Since I'm working with CrowdStrike Falcon Sandbox, I would say that the solution enhances a company's threat intelligence, as it's a very powerful solution. Through multiple experiences, it proves it protects the customers from multiple threats, either as an internal threat or from an external threat. It's very updated and very quick to detect. The mean time to detect is really fast, so it's a powerful solution.

The multi-platform analysis in the product is very effective, as it helps to identify threats through powerful scanning and detection, and in response as well.

Comparing to other products, this product performs very well in terms of stability and detection, which is important because other products may encounter problems in operations. This product is powerful in detection, which is the most important part because any customer wants a solution that detects what's happening. This is the real strength of CrowdStrike Falcon Sandbox. It's really powerful in detection; it detects any minor change, any minor injection in the data or whatsoever. The visibility is really good. CrowdStrike Falcon Sandbox has one unified platform to manage everything, which is really nice. It has one agent and one console. One agent to install in the machine, and this one agent will give capabilities. I can have visibility into one console, and through this one console, I can do multiple things and manage multiple solutions within CrowdStrike Falcon Sandbox.

I know that the memory forensic feature in CrowdStrike Falcon Sandbox is well-regarded, as CrowdStrike Falcon Sandbox is really famous for this. It's one of the most well-known companies in forensics, and many customers are getting CrowdStrike Falcon Sandbox involved when they are in threat or when they face a threat. They do their forensics in a really good way, and they are reaching a very powerful result. I have experienced this with multiple customers who asked CrowdStrike Falcon Sandbox to interfere and do the forensics, knowing exactly what amount of harm or what amount of breach has been done into their network. CrowdStrike Falcon Sandbox can manage this and give them full visibility about what has been done, what has been remediated, and what has been lost.

The API integrations they offer are extensive and improve threat analysis and collaboration in general, as they have a wide range of integrations with multiple products and multiple vendors, multiple solutions. Throughout the one year and a half, I didn't face any scenario with integrations except for the file monitoring for the AIX. This is the only case I have faced with them, as they don't support IBM AIX file monitoring. But aside from this, their integration spectrum is really wide, really big, and strong, allowing them to integrate with multiple products.

As for room for improvement, we can mention that maybe some additional integrations will be beneficial to cover the whole use cases.

I have been dealing with CrowdStrike Falcon Sandbox for a year and a half.

I would rate the scalability of the solution as very scalable, as it can support medium businesses, small businesses, and large enterprise businesses as well.

I would rate the technical support from CrowdStrike Falcon Sandbox as very good.

If I would rate support on a scale of 0 to 10, with 10 being the best, I would give them nine points.

Positive

The product is very easy to install, as implementing CrowdStrike Falcon Sandbox is not complicated at all.

When comparing CrowdStrike Falcon Sandbox with other competitors like SolarWinds or Netwrix, I would definitely advise CrowdStrike Falcon Sandbox, as it is very powerful, very well-known, and very recommended for our customers. Whenever I see a use case that matches CrowdStrike Falcon Sandbox, I instantly recommend it.

Regarding the price, if I am purchasing a single module from CrowdStrike Falcon Sandbox, maybe it's not the best option pricewise. However, if I am acquiring multiple solutions or multiple modules from CrowdStrike Falcon Sandbox, for sure CrowdStrike Falcon Sandbox will provide the best option, the best price.

My clients usually have the solution on cloud. They utilize both private and public cloud. The cloud services are natively CrowdStrike Falcon Sandbox cloud, as they use AWS. Purchasing the product from AWS Marketplace can be done. However, for CrowdStrike Falcon Sandbox specifically, I purchase this product directly from the vendor, not through AWS.

I would give this product an overall rating of 9 out of 10.

Positive

I am responsible for using CrowdStrike for endpoint security, particularly focusing on creating policies. We use CrowdStrike's Falcon Sandbox regularly as part of our day-to-day operations for software analysis.

CrowdStrike provides complete information on various aspects, from identity protection to endpoint detection, and vulnerability assessment. 

Additionally, we receive notifications whenever unauthorized actions are attempted, allowing us to maintain compliance by monitoring user activity and performing vulnerability assessments.

CrowdStrike is an excellent tool for managing all endpoint-related security tasks. It acts as a sensor on end devices and manages a variety of activities. One of the key features is its policy-based notifications, which alert us to unauthorized actions. 

We are able to check logs and reach out to users if necessary for compliance reasons. It also performs well in vulnerability assessment, showing any backdoors and loopholes where patching may be necessary, especially in Java and Oracle environments. The AI engine helps minimize false positives by learning from historical offenses and user behavior.

While CrowdStrike is a powerful tool, the user interface is cluttered with many features, making it challenging to navigate. It requires ongoing learning due to the frequent introduction of new features. We also encounter limitations with malware analysis for files over one GB in size.

CrowdStrike's support is excellent. They respond within two hours after I raise a support ticket and provide resolutions promptly.

Positive

Setting up CrowdStrike has a learning curve, especially in policy creation, which requires understanding user behavior and can take up to a month. However, their support team assists in policy creation and other complexities.

For installing sensors, I need service desk personnel. Experienced professionals with at least five years of experience or those with architect-level knowledge should be involved in policy creation.

Pricing is based on the number of endpoints and the features I need, operating on a usage-based cost structure.

Overall, I would rate CrowdStrike Falcon Sandbox as an eight out of ten. 

The service desks are crucial during deployments, and setting policies requires a deep understanding of the tool and user behavior. CrowdStrike also provides support for policy setup.

We utilize this solution to verify whether files within our environment are hazardous or contain malware. By uploading suspicious files, we can identify spyware or malicious code issues. The sandbox then provides the necessary insights for us to take appropriate action, such as deleting problematic files.

Testing suspicious and malicious files is essential, as it provides a clear understanding of their behavior.

The tool helps to obtain information about potential company breaches. The malware analysis capability is very effective. We check files from various sources, such as emails, USBs, and cloud drives.

The technical support is medium - they could improve, as communication is sometimes slow or late. There are missing detections that other tools catch. For improvements, we need easier ways to view full incident information and better presentation of data. Adding risk indicators for incidents would help decide on immediate actions. The platform should provide more information about incident risks to help less knowledgeable staff make decisions.

We have CrowdStrike for almost 6 years.

While I can't say CrowdStrike Falcon Sandbox is 100% stable, it's been good and stable in my experience.

The service is fast and responsive, with tickets usually handled in less than 24 hours.

Neutral

We use the cloud version, so installation was easy—they just enabled it quickly when we asked. Since it's cloud-based, we don't need to maintain it ourselves.

The product saves us time in incident response and detection, usually between 30 minutes to an hour of downtime.

Price-wise, the tool is a bit above mid-range, maybe 7 out of 10, where 10 is the most expensive.

It's not about adding devices but using the service to identify risks. We've integrated it with our SIEM without problems. I rate the overall solution an eight out of ten. 

The main reasons I use this product are for security and alerting. It is essential for alerting and any kind of malware detection activities.

These features are probably the most essential for me. I find the notifications and alerts received from CrowdStrike server to be invaluable. They analyze Falcon and provide output regarding any kind of infected malware devices or files. We have seen returns on our investment in more than thousands of instances, which is the most important part for us.

As of now, there is nothing specific in need of improvement.

I have been using the solution for a couple of years now.

I would probably rate the stability as eight out of ten.

In terms of scalability, it is indeed scalable.

I think the customer service is good. I would rate it as eight or nine, maybe even nine out of ten.

Positive

The installation was quite straightforward, and I found it was deployed easily.

The implementation was handled by a team consisting of around five to six people.

I can say that we do see a return on investment with this product.

I would definitely recommend this product. The reasons for this recommendation include the scalability it offers, how user-friendly it is, and how easy it is to customize it according to an organization's needs. I think those aspects are the most important. 

The overall product rating is nine out of ten.

To investigate potentially malicious URLs and detonate potential malware. Crowdstrike is the EDR platform of our choice, it is great that this is found within the platform. Our environment encompasses many different users of varying job roles, in which different formats and types of documents are shared constantly. A high volume of emails is sent daily, those that include both links and attachments. This necessitates the ability to sandbox these artifacts as well as interact with them in a manner that users typically would. 

It provides a safe way to analyze and review documents that may have sensitive information without uploading them to a public platform. Additionally, provides an easy way to spin up a VM without requiring additional resources and patching of personal or team-managed virtualization. This empowers analysts to fully analyze and understand the behaviors of varying executables and sites. This has enabled our team to provide a better experience to our users by identifying any false positives from our email gateway and promoting security hygiene by reporting phishing emails. An analyst will personally reply to the report with their findings after sandboxing the artifacts. 

The detailed report is very valuable, but not always accurate. This is a great resource to share amongst team members and stakeholders after analysis. Interactivity is also extremely important to incident responders and analysts. This ensures that the executables are detonated successfully, and links are interacted with real human behaviors, ensuring a thorough analysis. The recording of network connections, processes, hashes, and fingerprints is very valuable to understand the behaviors of URLs and Files. 

Some activity is outlined to be malicious, however, context explains that this is normal behavior. For example, outlook creates a new process in MSEDGE/Chrome when a link is clicked. Of course, that would happen. I would love to see the support of additional operating systems, such as MacOS and Windows 11 in future releases. 

One detail that would be nice but is truly asking for a lot is the included aesthetic formatting of the sandbox report. This would be great to present to key stakeholders following the analysis. 

I have been using it for about one year. 

The CrowdStrike Falcon Sandbox is one of the most intelligent anti-virus solutions present in the market. It excels in detecting hidden malicious programs by successfully identifying unknown threads to the computer or device.

One of the valuable features of the solution is to impressively detect threats without any impact on the end point performance. The solution ensures that the end users have a seamless experience.

I don't have any suggestions, because the solution is company-maintained and I believe the company is adopting every feature based on their needs and requirements.

I have been using CrowdStrike Falcon Sandbox for the past couple of years.

I haven’t heard of any such issues from the client’s end.

CrowdStrike Falcon Sandbox exhibits high scalability, accommodating customers of all sizes, from small businesses to enterprises.

I am not a part of the engineering team and hence, cannot provide the details about the deployment process.

CrowdStrike Falcon Sandbox is not cheap; however, whether it should be more affordable is a decision best left to the company.

I would rate it 8 out of 10. 

Falcon Sandbox is used to quarantine files, scan them, and ensure there are no malicious threats or IOCs related to these files. It provides threat feed to the CrowdStrike endpoint, assisting in detection and response. It is used in the client's environment, where Mahmoud's team implements and supports the product.

It benefits a lot by ensuring every file is clean, significantly reducing the attack surface for the organization. It automates file analysis, reducing manual work and improving security incident response times.

The most valuable features include malware detection, threat rating related to files, studying the metadata of the files, and providing threat feeds to the endpoint.

The product needs integration with SOAR products to add more integration points, which is important for various clients. Additionally, integrating behavior detection alongside IOCs and threat detection would enhance the product.

The solution has been used since the launch of the product, which is almost four years now.

The stability of Falcon Sandbox is rated at eight out of ten.

The scalability of the solution is rated at nine out of ten.

CrowdStrike customer service is very good, especially if you have tiered support like the world tier. They provide timely responses and informative support without delays.

Positive

The initial setup is easy, and it usually takes one day for full integration, including ensuring Threat Intelligence is delivering the right IOCs.

The implementation was handled by our team which included five engineers. One engineer is typically enough to deploy the product.

CrowdStrike is generally considered a bit expensive compared to other vendors. Falcon Sandbox is one of the modules of CrowdStrike, and the overall product's pricing is rated seven out of ten.

Mahmoud recommends CrowdStrike Sandbox as it is one of the best products on the market. However, additional modules are required for effective integration and usage. I'd rate the solution eight out of ten.