"The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."
"Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."
"If somebody has been compromised, the question always is: How has it affected other devices in the network? Cisco AMP gives you a very neat view of that."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
"I'm only using the AMP (advanced malware protection) which is protecting my file system from all the malicious things that might happen. It should protect all kinds of things that might happen on the servers, things that I cannot see."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"It doesn't impact the devices. It is an agent-based solution, and we see no performance knock on cell phones. That was a big thing for us, especially in the mobile world. We don't see battery degradation like you do with other solutions which really drain the battery, as they're constantly doing things. That can shorten the useful life of a device."
"At this point what is most valuable is the interface, which is easy to navigate."
"Since we deployed CrowdStrike, the network has become much calmer, and we now understand the sources of infections, which helps us prevent them from spreading."
"CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"Easy to use, intelligent, and stable threat detection software."
"Falcon's best feature is its detection and blocking of threats."
"The scalability is good."
"CrowdStrike Falcon's most valuable feature is the fact that it's not getting in the way of our workforce and their workflow."
"I like the AI and mathematical components that they use."
"The solution is very quick at easily changing the levels of protection for each computer and the server."
"A user can continue to add endpoints and the solution will continue to perform well."
"You can manage all the threats and everything from a centralized dashboard."
"The non-daily requirement to update signatures is the most valuable feature. From a functional point of view, it is pretty spot on. For instance, we compared an algorithm from five years ago to today's algorithm, and it was 98% accurate. It has the ability to detect and mitigate. In the industrial environment that we work in, there's what we call OT versus IT. You are IT Central, but this is OT. Generally, we don't have the same level of skillset as IT individuals or IT professionals have. This particular product doesn't require you to be a computer scientist to be able to understand its proprietary algorithm and to be able to deploy, use, and work within it. It integrates well with a robust SIEM or SOAR solution, and it plays nice with others. We use other detection solutions like CyberX or site provision with Cisco, and it plays nice. That's one of the things we really liked about it."
"It provides good insight into the programs, applications, or websites that may need attention."
"I find the actual overall endpoint malware protection the most valuable feature of CylancePROTECT."
"It does a good job of protecting us."
"I would like to see integration with Cisco Analytics."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time."
"We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment."
"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"Maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time."
"I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool."
"Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply."
"We can do a threat analysis of any machine at any time, but that threat analysis is very limited."
"It does take more time to scan than other solutions."
"CrowdStrike should add support for ransomware protection."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"An improvement would be to extend support to legacy and unsupported servers."
"Having worked with SentinelOne, Cylance is good, however, it probably needs to add a feature similar to SentinelOne's rollback functionality. With this feature, if you get infected, with a click, you can go back to the pre-infection state. If Cylance could add this functionality to their offering as well, that would be ideal."
"The process of whitelisting a script that you want to be able to run can be a little bit difficult, or awkward."
"It's a good solution but some features just need to be updated."
"We would like to see secure integration and multi-factor authentication to be able to access the administration dashboard."
"The product needs to continue to offer better alerts. In particular, around false positives. It needs to reduce them from happening."
"The initial deployment was quite complicated."
"The product does not do a lot of reporting on what it is taking care of. Enhanced reporting would be a welcome improvement."
"The price for this EPP platform is expensive and could be improved."
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.
CrowdStrike Falcon is ranked 1st in Endpoint Protection for Business (EPP) with 50 reviews while CylancePROTECT is ranked 17th in Endpoint Protection for Business (EPP) with 14 reviews. CrowdStrike Falcon is rated 8.8, while CylancePROTECT is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Speeds up the data collection for our phishing playbooks dramatically". On the other hand, the top reviewer of CylancePROTECT writes "An outstanding product that is pretty spot on and easy to deploy and use". CrowdStrike Falcon is most compared with Microsoft Defender for Endpoint, SentinelOne, Cortex XDR by Palo Alto Networks, Darktrace and Fortinet FortiEDR, whereas CylancePROTECT is most compared with Microsoft Defender for Endpoint, SentinelOne, Carbon Black CB Defense, Cortex XDR by Palo Alto Networks and Cybereason Endpoint Detection & Response. See our CrowdStrike Falcon vs. CylancePROTECT report.
See our list of best Endpoint Protection for Business (EPP) vendors.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
