CrowdStrike Falcon Complete MDR Reviews

The most valuable feature of Falcon Complete is that it is a full security operations center (SOC) as well as a SIEM solution, and it is fully managed. Their security teams are working 24/7 and analyzing everything happening on all endpoints. They also take care of the instant response, which includes disconnecting endpoints, taking over the endpoints and fixing them, and ransomware protection. All of these things are most valuable because it is very difficult to get all the resources in-house to do all of that yourself. So, if you can leverage the experience of a global corporation with the best reputation in the market, and it is fully managed, that's the best. 

They're incredibly transparent. They give full access to all the information and dashboards that they work off themselves. So, you can look in and investigate any incident you wish. It is incredibly powerful from a compliance point of view because you have evidence that all of this is happening, and you're doing it correctly, and you take it seriously. 

It is already wonderful. The dashboards they have are great, but they can always improve it in terms of general interfaces and searching and presenting the information. Occasionally, navigating it to try to find what you want can be challenging because there is so much information there. It is so rich, and it has everything you could ever want. The challenge with anything like that, and any website, is how to build the user journey so that it is user-friendly, but at the same time, it is incredibly dense with information. It is difficult to achieve that balance between these things. They've done a wonderful job, but everything can be improved. So, it could be even better. If I was to focus on one thing, that's what I'd tell them to focus on. The same is with Azure. There is just so much functionality there. How can you make it easy when it is just so vast? It is a tough one.

It would be good if they fleshed it out a bit more, possibly with additional areas such as security awareness training. They could build that in. They're leveraging the same endpoint base that they have the security software on, but then they could offer a centralized portal or hub whereby someone like me could leverage it to track and put out security awareness training for people on all the common topics. I could have a centralized hub for everyone's results from that training and for the evidence that training occurred. It would be relatively straightforward, but it would add a lot for people in the compliance area. It would be a great expansion. It won't improve the actual technical protection, but it would improve the user protection. Educating the users to be more aware increases security. So, if they branched out into that, it would be a great bonus. If I was speaking to them, that's what I'd tell them to do.

I have been using this solution for a couple of years.

It is super stable. I would rate it a ten out of ten in terms of stability.

It is scalable. It is for endpoint protection. It is a cloud-based platform. So, it can scale to whatever amount of endpoints you want. You can scale it any way you want.

The endpoint deployment is relatively straightforward. The only constraint is licensing. The more you scale, the more you pay. That's it.

We have less than 200 users of this solution.

It is a fully managed service, So, we have 24/7 support. It is not technical support. It is a dedicated team, and they're there to answer any queries or questions. So, no technical support was required because nothing went wrong, but when we have questions, they're incredibly responsive. They get back super quick. I have no complaints at all. I would rate them a five out of five.

Positive

We had another solution previously, and we just replaced it with CrowdStrike. Based on all available information, we just decided it was the best, and we don't regret that. It has been very good.

Its initial setup is simple. It is very well designed.

All our endpoints are managed by mobile device management. We have centralized device management, deployment, and installation with Intune. We can install anything we want on any of the computers with Intune.

It is not cheap, and it is not overpriced. It positions itself in the upper half of pricing in the market. You can find a product that claims to do the same and is super cheap, but it'll be not at all good. You can find something that says it does everything in the world, and it is the best thing since sliced bread, but it would be incredibly expensive. Falcon Complete is neither of those. It is always best to go somewhere in the middle, but it is not in the middle. It is in the upper half. So, it is by no means cheap, but it is worth it. Its pricing is well fixed. Given what you get in return, you wouldn't feel bad paying for it.

They have a great licensing model. You can add extra bells and whistles if you want. There is that ability to reduce the price by turning off certain features if you wish. I wouldn't necessarily recommend it, but they do cater to everyone in that sense. 

We compared it to all other vendors, and then we decided on it because it is the best in class and in the Gartner Magic Quadrant. It is the best in the market. 

I would highly recommend it. So far, my experience has been nothing but positive. 

I would rate it a 10 out of 10. It is in the top five. It ticks all the boxes that I have for it. You got to manage your expectations, and given my expectations, it exceeds my expectations. Now, if you were to ask me what is my expectation for the software next year, I'd want it to be better, but at this exact moment in time, it is doing a fantastic job, and I hope they keep it up and improve. If they don't, then my grade will drop. 

We use this solution for endpoint and server protection.

The reporting for this solution could be improved. This would make it more proactive in showing what happens during enrolment.

This is a stable solution and we have not experienced any issues. 

This is a scalable solution and we have more than 100 PCs.

The technical support is good. All it depends on the rules you have in place for the engagement of support.

The initial setup is easy and straightforward. It is easy because we set it up for about 500 endpoints in two day or three days. 

We have experienced ROI using this solution. The value is clear when you are able to stop a ransomware attack or other threats. All the money that you put into this protection is the money you save by preventing a problem.

 We pay 40,000 euros to use this solution. 

The engagement rule of this solution is fundamental to its use.The rule you put in place can determine how effective this solution is for your business. 

I would rate this solution a nine out of ten. 

I would say it is for endpoint security, malware, antivirus, and advanced threat monitoring.

I would say it secures the edge for customers more than they were before. It makes them more secure.

I think the AI and the analytics around stopping threats as they come in and learning as threats happen is probably the biggest selling feature. 

I think the pricing is a little high. As of recent, their MITRE scores were not as good as in years past. I would like to see them integrate Humio, which is their SOC or their SIM platform. I would like to see them integrate that into a single solution.

I have been working with CrowdStrike Falcon Complete for the past year and a half.

The stability is great.

They are very scalable even large organizations use CrowdStrike Falcon Complete.

I would say it's pretty good for the most part. I would give it an eight out of ten.

Positive

The initial setup is pretty easy. You are given an implementation specialist. Deployment usually takes a couple of weeks for a bigger organization. For a smaller organization, it could take a couple of days. For just the straight endpoint protection product, you are probably looking at eight dollars a month per user. If you're doing the Falcon Complete with monitoring and the SOC, you're probably looking at eighteen or nineteen dollars a month per user.

A lot of them used MacAfee, Silance, or a couple of other solutions. There's more AI and more built into it.

I would rate CrowdStrike Falcon Complete a nine out of ten.

When work-from-home scenarios started in March 2020, during the pandemic, in the month of April, we were actually going through some POCs and had one ransomware attack on one of the client sites. We had to deploy the solution immediately, which actually helped us find out or not how it worked. Proactively, we could identify some threats in the environment and act on them. We were virtually identifying items and getting notifications, as well as seeing the availability of the intra. That was very helpful for the entire team.

The solution is very nice. It's got multiple products for multiple features and enabled multiple settings, which helped my team and the organization is also in a way better way. Since it was lockdown the last two years, when the entire organization went to working from a remote location, the earlier solutions, what we had, were of no use. We were most concerned about security over the cloud. Carbon Black has helped us handle that.

Before we used to support multiple clients. We had to have some connectivity to the client's environment via Citrix or something. To access any of our solutions was a challenge when most of them were on-prem. Those were challenges for all of us. Now, most of the world has gone to the cloud. That actually helped us. Obviously, CrowdStrike was a different experience altogether.

I personally work on advanced threat hunting and identifying possible malicious activity or the possible threat in our environment which is getting easier earlier. Symantec Engine Protection, for example, gives you known reactive reports where you get stuff from either SIM or some soft team to help us on finding out probably the path for the attack. However, CrowdStrike is better at hunting threats and catching them early.

There's less workload on the Endpoint. After moving to CrowdStrike we never have this issue of systems getting overutilized by any of the security tools. That was one of the biggest advantages for it.

CrowdStrike has multiple parameters of components in the same console, which includes your vulnerability scanning. It has access to, or rather, we can integrate with, our existing SIM technology or SIM tool. The information that gets passed on the SIM control, the soft tool data site or any other tool is very limited. I had to actually provide the control access to my soft team so that they could drill down if needed.

The information was get passed on from Falcon control to CrowdStrike and it was very limited. It was acting as more of an alert only. For any further deep-dive analysis, we had to log in on the console itself. 

CrowdStrike has multiple parameters. For example, my vulnerability scanning team is a separate team who works on different tools altogether. If I need to give them access to my console I just need to provide them read-only access or kind of an admin access for VA scanning.

I had to make some customized access that can be provided to different teams on the same console. As a VA team member, if I login to the console with my credential I should be able to see the things which I am working upon. I don't need to see all other tile stack tabs. I should be able to provide some kind of customized access or other kind of access control for the console.

Microsoft Defender has one good option which is called the ASR rule. It basically allows the machines to be onboarded to different consoles, which analyzes the process of it and summarizes it in a single console. Obviously, the number of incidents of the event are very huge. It takes about a month or so to evaluate. However, after the evaluation completes, you can actually fine-tune what should not be present in your automation. Which you can set up and get rid of it. It would be nice if this product had something similar. 

I've used the solution for two years.

The stability is very good. It does not have any kind of payload on the endpoint, and we don't need to compromise with system performance. The legacy tools used to have this agent needed to be deployed and consumed a lot of system resources. In terms of performance, this tool was an improvement on the legacy.  The capabilities of CrowdStrike as a tool are fantastic.

We are working with about 18,000 endpoints and about 2,000 servers.

The scalability was really good. It covers most of the recent operating systems I would say in India, although most of our customers are using Microsoft operating systems only. In terms of my international clients who have different operating systems, including Mac, Linux, or Unix, this works. CrowdStrike has the maximum availability for all possible and the latest operating systems. With other tools. we didn't have that level of flexibility.

Technical support was fantastic, however, frankly speaking, we barely had a chance to get in touch with the technical support as CrowdStrike has a fantastic health portal within that console. There were a couple of scenarios where we went to them as some kind of alert that CrowdStrike was publishing it to the customer only. They had some specific name for those alerts. Those used to get sent to the customer's end only. Being automation as security, CrowdStrike has a policy to provide the information only to the registered customers only. Obviously, the licenses are issued to the customer. However, the licensing policy was limited in that we were kind of a vendor, or rather, a mediator between the customer and the OEM and we fell through the cracks. 

I would say in my earlier solution, we used to just provide the license number. If the license number were verified, we would get all types of support. 

Overall, the support team was really good. They are more capable of understanding the other challenges and would then provide the solution.

Mostly, we were providing all the technical support to the customer. The licenses were installed with the customer's name. We were slightly lacking as the details that OEM was providing were direct to the customer and we were being skipped. At the same time, we used to struggle to get the details and updates or more input from the OEM from CrowdStrike. 

Positive

We moved from Symantec Endpoint to CrowdStrike.

The initial setup was slightly complex although it's an easier solution. It took us about a month to understand the entire process of the console.

Within a month we were able to train our members to a certain level and within a six-month span, all members actually became familiar for the technology.

We had some challenges from the client environment as well. That was expected as we were ruling out Symantec as well at the time. Concurrently, we were moving out of Symantec and deploying through the CrowdStrike agent. We were also doing the policy fine-tuning, which took a slightly longer time as the customer had their own developed applications and tools for finding their hashes. We added features like device control, app control. Those parts took slightly longer, however, it was still quicker than the legacy solution.

We have two people available to handle maintenance. 

The deployment was handled by my technical team only. Internally, we had eight team members deploying it. They were using a big fix as a deployment tool to deploy this agent on all the clients. I was leading the admin part of CrowdStrike. We had to involve the patch management team who could push a particular script on all the endpoints to onboard them. Most of the endpoints were working remotely and luckily we fixed everything there in the cloud which was making our life easier for onboarding scripts on the client.

I'd rate the solution nine out of ten. 

Falcon is a threat intelligence platform. In cybersecurity, there's always a chance you'll get breached and gaps that need to be addressed, but you'll never know unless there is a threat seeking to exploit that particular weakness. Most use cases for Falcon will be directly ingested into our Siemens server. The total number of users on the solution is around 1,500.

Falcon's threat intel is strong, and the solution allows our customers to automate their site intelligence. We can integrate Falcon X with the other platforms we use, like FireEye, Insight, Cybertech, and Kaspersky. 

The threat intelligence comes from Falcon X and goes directly into the SIEM and SOAR. That provides us valuable feedback for the use cases being used. If my analyst wants to check suspicious or malicious activities, they get the maximum information from Falcon X about URLs, IPs, domains, hashes, etc.

I would love for the threat intelligence part to be more globalized to provide a tailored response to types of malware and ransomware that are trending in other regions. 

For example, they can add a feature to tell us that there are separate attacks in South Asia or East Asia occurring at these times, so we can supply those things to our environment and protect ourselves.

We've been using Crowdstrike Falcon Complete for almost a year.

Falcon is easy to scale.

I rate CrowdStrike support eight out of 10. Overall, the customer service is excellent, and the backend teams are highly responsive. We have a good relationship with CrowdStrike.  The sales, technical, backend, and R&D teams work closely with the customers.

Positive

Falcon X is a cloud-based subscription model, so you just need an account from CrowdStrike. You can log in and set it up in 5 to 10 minutes. It ultimately on how well you understand the technology. If you're familiar with the technology, it's straightforward, but you might find it complicated if this is your first time using it.

There's a lot of information and options in front of you. If you don't know where you have to go for specific information, you'll think it's complicated. The amount of maintenance depends on whether there's a particular update or batch on the back end. 

The licenses for both Carbon Black and Crowdstrike are expensive, but it depends on how the vendors scale the price and negotiate with the customer. So if you have a customer with 7,000 users, the vendor will offer them a low price per user to get them on board. If you have a few hundred users, the price will be a little bit more.

There's a huge price difference at various scales. I was surprised that the license for a hundred users went as high as $120 per user, whereas the same product might cost $30 for 6,000 users.

I haven't worked on the backend part of Carbon Black, so it's hard for me to compare both products. We're using the EDR for Carbon Black with CrowdStrike's threat intelligence. 

Carbon Black is an impressive tool for analysis because it provides in-depth information and a complete triage file for the analysts. In the CrowdStrike, you have some sort of limited information and for the in-depth information you need to take it, Carbon Black provides that particular thing on the first view.

I rate CrowdStrike Falcon Complete nine out of 10. Before you deploy the product, you need to do research, understand the capabilities, and assess your requirements. You should know what you need before you purchase something. It's not like buying jeans, where you can get another pair if you're not satisfied. You should be certain that it fits your requirement.

Budgets are always a challenge in the security field because every CEO or company owner thinks IT security is a burden. It doesn't generate profit, and the company needs to spend money on products and services. You might not go for the best product if you have budgetary constraints.

Comparing CrowdStrike Falcon Complete with Bitdefender, I would say that Bitdefender was comparatively easier to use, deploy and maintain, especially for my technical resources.

CrowdStrike Falcon Complete is the same as any other EDR program. It provided full antivirus protection. Also, it provided a little bit of the ransomware and other protections you would see within the Bitdefender field. The content control wasn't as intuitive and easy to use as Bitdefender.

The most valuable thing in the solution was the analytical AI to detect viruses faster than Bitdefender.

The simplicity of CrowdStrike Falcon Complete's content control and firewall management should be improved. Ransomware protection of the solution needs to be improved.

I have been using CrowdStrike Falcon Complete for six months before switching to Bitdefender, which is easier to maintain.

It's a stable application. It is one of the most stable out of all the other market applications, especially if you're talking about within the EDR platform.

If you don't watch the training videos for CrowdStrike Falcon Complete, it's not as intuitive as Bitdefender.

I have had a very limited experience with the customer support team. So, their response time was far worse than any of the other vendors. So that was probably one of the driving factors and the reason why the adoption process didn't go so well, which is because of their onboarding process, during which they used to take a day to get back to assist you. I would have understood if they had taken a couple of hours to help us, but waiting for a day wasn't acceptable.

I rate the initial setup a four on a scale from one to ten, where one is very difficult.

One can see a return on investment because it does protect one's core environment.

CrowdStrike Falcon Complete is very expensive in comparison to Bitdefender.

CrowdStrike Falcon Complete is probably one of the best software out there if you're looking at it. But if you're on a budget and you want to get something within the same price level, I would look at Bitdefender. Then if I added a worst-case scenario, I would go to Sophos or SentinelOne. In my industry, the cost is a huge variable. Though it's a good product, it's not easy and intuitive. I have to remember that my technical resources to offload my work are in the Philippines. So I need to have something that's very simplistic. I have helped desks in the Philippines, Malaysia, Mexico, and Singapore. When I choose an application, I have to consider the intuitiveness of that application and also the multiple language barriers. So, that is where prospects fail, which is during the adoption process.

I rate the overall solution a seven or eight out of ten.

There are a lot of useful features. First of all, it gives you complete details regarding any malicious activities. So you can replace the impact date or everything from where the file comes. CrowdStrike gives you the complete details of when a file comes to your network, how it's displayed on the other systems, etc. That's the feature most customers like as of now, and they are generally more interested in EDR solutions.

The only challenge is the price, as of now. It could be the only area of improvement for me. It's a little challenging to convince new customers when it comes to the price.

We've been working with CrowdStrike for almost a year — a premium protection solution. However, we provide our customers with whichever version they require, be it the complete solution, premium protection, or basic antivirus.

I would rate the stability of this solution an eight out of ten.

I would rate the scalability of this solution as a ten because it can be easily scaled up whenever needed. Our integration instance is intended for medium-sized clients, and the number of proactive customers who are currently using this solution is more than 2,000 to 3,000 users.

Our distributors provide excellent technical support, and we have experts in our systems. Generally, we don't require any help from OEMs or distributors because they are certified in cloud sites. But whenever we need any kind of help, the distributor provides quick response and mitigation.

Positive

I would like to rate it eight out of ten. It was easy because everything is in the cloud, so you don't have to go through on-premises installation or anything. We just need to set up the cloud, and everything will restart and install that way.

Once we received the credentials from CrowdStrike, we had to set up and create policies such as moderate or high protection. All of these technical steps were taken care of by our technical teams, who are well-experienced and handle different projects.

I would rate pricing a five out of ten, where one indicates the low price and ten indicates the high price. Indian customers are price sensitive, and this solution is a little costlier compared to other solutions. However, customers are still willing to pay for it, but they always compare the price with other solutions since India is a price-sensitive market.

It is a little costlier than other solutions. There are no additional costs except for support costs, which are minimal and not an issue.

We're actually a reseller and a system integrator. We're evaluating several endpoint protection solutions for our customers.

In India, many customers are switching to EDR solutions like CrowdStrike. They prefer automated solutions over traditional legacy antivirus and don't want to invest in additional devices.

I always recommend my customers do a Proof of Concept (PoC) because once they go through the product details, features, and performance, we can convert them into CrowdStrike customers. So I always recommend doing the PoC.

We always recommend doing the PoC, which is like a demo. Overall, the solution is an eight out of ten because it's an automated solution, which is a significant improvement over traditional latency antivirus.

With CrowdStrike, the customer can put in data resources and other things which are automated. In traditional solutions, you would have to work on notifications, do lots of research, and collect logs, but in CrowdStrike, you can easily go through the process and get all the details from when the threat hits your system. It's much more convenient and efficient.

I primarily use the solution on the could to enhance my security posture. It's used to prevent malware from getting on our systems.

I'm looking at using their Spotlight feature. The solution is very good at revealing the vulnerabilities we might have. If there's anything on our system, it will reveal it, and we can address it. 

It is stable and reliable.

Technical support is helpful.

It's pretty easy to set up.

The solution can scale. 

The CSPM UI of the solution could be improved. The cloud solution is where there needs improvement done. The on-premises version is mostly fine. 

The licensing is a bit complex. People need to take some time to understand it to ensure they are getting the most out of the offering.

I've used the solution for three or four months. 

The solution is stable and reliable. My understanding is it is quite stable. I'd rate it nine out of ten for stability. 

The solution is very scalable. I'd rate it eight of nine out of ten. It can extend well. 

We have more than 400 users. We use it on the server side, not for end-user computing. 

We have been using the solution pretty regularly for monitoring. 

Support is very good. They were very helpful during setup. They got back to us pretty quickly. We haven't had any issues with them. 

Positive

We did POCs with other solutions. However, we did not go live with anything other than Crowd Strike. We wanted a good cloud option and those Crowd Strike.

The initial setup is very easy. I'd rate it at a 7.5 out of ten. We did a POC with them before doing the full contract, and the support was very good. We had a few challenges, and support took care of it in a reasonable amount of time.

The deployment took a month or so since we had quite a number of things to handle and complete. 

Our infrastructure team manages the deployment and maintenance. We have not done a lot of maintenance as of now. We are still in learning mode. Likely down the road, we might need just one person to monitor the console and act on things as they arise. 

We handled the initial setup in-house, although we did get help from support occasionally. 

It is too early to say if there will be an ROI. When we run it for a year or so, we'll have a better idea of if we will see one. 

The pricing is pretty contextual. It's hard to give a general price. 

We did look at other options and found Crowd Strike offered a very good cloud option. 

I am a customer. 

We are using the latest version of the solution. 

I'd advise others to do a lot of research and do a POC so that they are aware of what they will be getting and what they will be signing up for. 

I'd rate the solution nine out of ten.