"The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts."
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world... Because Secure Endpoint has a connection to it, we get protected by it right then and there."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"CrowdStrike Falcon's scalability is good. We have thousands of students using this solution."
"Falcon's best feature is its detection and blocking of threats."
"It seems to do a pretty good job of protecting the host. It offers good insights that it gives you when it has a detection. It's pretty incredible."
"It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint."
"Easy to use, intelligent, and stable threat detection software."
"CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details."
"Enables monitoring of application performance and the ability to predict behaviors."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"The solution is quite stable. The performance has been good."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"The cost is reasonable. It's not overly pricey."
"They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need."
"This product has issues with the number of false positives that it reports."
"The GUI needs improvement, it's not good."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"In terms of the user experience, if the UX design could be much simpler [that would improve things]... if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something."
"It could be improved in connection with artificial intelligence and IoT."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup."
"CrowdStrike Falcon could improve the logs by making them free to the API."
"It would be nice if the dashboard had some more information upfront, and looked a little better."
"On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant."
"I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization."
"The product could be more accurate in terms of performance."
"It does take more time to scan than other solutions."
"CrowdStrike Falcon by itself does not supply in-depth reporting."
"The biggest challenge has been related to the implementation."
"There isn't really a very good user experience. You need a lot of training."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"Sometimes, the solution isn't the easiest to use."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.
CrowdStrike Falcon is ranked 1st in EDR (Endpoint Detection and Response) with 50 reviews while Elastic Security is ranked 7th in EDR (Endpoint Detection and Response) with 17 reviews. CrowdStrike Falcon is rated 8.6, while Elastic Security is rated 7.4. The top reviewer of CrowdStrike Falcon writes "Speeds up the data collection for our phishing playbooks dramatically". On the other hand, the top reviewer of Elastic Security writes "It is quite comprehensive and you're able to do a lot of tasks". CrowdStrike Falcon is most compared with Microsoft Defender for Endpoint, SentinelOne, Cortex XDR by Palo Alto Networks, Darktrace and Fortinet FortiEDR, whereas Elastic Security is most compared with Splunk, Wazuh, Graylog, Datadog and IBM QRadar. See our CrowdStrike Falcon vs. Elastic Security report.
See our list of best EDR (Endpoint Detection and Response) vendors.
We monitor all EDR (Endpoint Detection and Response) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.