We performed a comparison between CrowdStrike Falcon and Netsurion based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. Netsurion delivers thorough and informative notifications and successfully identifies threats. Users praise its seamless incorporation of endpoint security measures. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options. Netsurion should focus on enhancing weekly reporting, utilizing internet options for enhanced security, and strengthening threat detection and response.
Service and Support: CrowdStrike Falcon's customer service is considered prompt and helpful. Netsurion's customer service has received mixed reviews, with some users expressing concerns about technical planning and the installation process.
Ease of Deployment: CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable. Netsurion's initial setup was described as easy, with clear instructions and packages provided. Reviewers appreciated the support and assistance from Netsurion. Netsurion guided the setup discussion based on business needs, making it easier to understand and implement.
Pricing: Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive. Netsurion is considered a good value for the money and competitive. Users say the solution’s pricing is transparent.
ROI: CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers. Netsurion offers actionable intelligence and eliminates the requirement for specialized staff, saving time and costs. Its managed SOC component also delivered substantial benefits to organizations.
Comparison Results: Our users prefer CrowdStrike Falcon over Netsurion. Users like its seamless and fast setup, lightweight design, precise threat detection, and robust defense against cyberattacks. They also value its integration capabilities, user-friendly dashboard, and dependable security.
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The most valuable aspect is undoubtedly the exploration capability"
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
"The CrowdStrike Falcon dashboard is good, and we haven't had any problems with it."
"The automatic alert feature is the most important feature of the solution."
"It's very easy to set up."
"We are now able to find the root cause analysis on any threat. We can figure out where the issue came in versus just dealing with where it is at the moment."
"CrowdStrike Falcon's most valuable features are the lightweight agent which has absolutely zero performance issues. There is no performance deterioration on the laptop on the network. It is a signature-less antivirus and anti-malware solution, it doesn't depend on signatures which better protects the systems."
"It's given me a level of confidence that my network is secure."
"The most valuable feature of CrowdStrike Falcon for me is its unified sensor, applicable across all models."
"I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one."
"The most valuable feature is definitely real-time alerting, especially in situations where someone might attempt to exploit or hack into our network."
"The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like."
"What I like most about Netsurion is the level of visibility and reporting."
"Their SOC team manages vulnerability management and IOC reviews. They stop bad processes when they happen. The best thing is their weekly reviews of what has been going on in the infrastructure as well as the things that they see and what we should look out for."
"I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."
"We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places. In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats."
"Netsurion has its own security operations center, where it tracks information that comes across our telemetry."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"Advanced attacks could use an improvement."
"The logs could be better."
"In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time."
"I would like to see a more accurate integration and an option to check the local machine."
"CrowdStrike costs a little more than its competitors."
"It is cloud-based, and this does make some weary of the data being held on the cloud. Privacy requirements must be taken into account."
"I would also like to see the endpoint firewall component produce some level of logging and feedback."
"In terms of features, I would like them to add detailed logging functionality in CrowdStrike. Currently, CrowdStrike detects the threats immediately based on the IOCs and the signature-based policies or many threat behaviors, but in terms of logging those threats, it is not very good. The information that they provide in the logs is very little. They can build more analytics into it."
"The management of log aggregation is in need of improvement."
"The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool."
"The biggest issue with Falcon as a standalone product is it doesn't have very much reporting."
"With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again."
"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."
"There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days."
"I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports."
"It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email."
"The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them."
"Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it."
"Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging."
CrowdStrike Falcon is ranked 2nd in Extended Detection and Response (XDR) with 105 reviews while Netsurion is ranked 15th in Extended Detection and Response (XDR) with 24 reviews. CrowdStrike Falcon is rated 8.8, while Netsurion is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Trend Vision One, whereas Netsurion is most compared with Arctic Wolf Managed Detection and Response, CyberHat CYREBRO and Wazuh. See our CrowdStrike Falcon vs. Netsurion report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
