Coming October 25: PeerSpot Awards will be announced! Learn more

CrowdStrike Falcon Complete OverviewUNIXBusinessApplication

CrowdStrike Falcon Complete is #1 ranked solution in MDR Services. PeerSpot users give CrowdStrike Falcon Complete an average rating of 8.4 out of 10. CrowdStrike Falcon Complete is most commonly compared to Secureworks Taegis ManagedXDR: CrowdStrike Falcon Complete vs Secureworks Taegis ManagedXDR. CrowdStrike Falcon Complete is popular among the large enterprise segment, accounting for 49% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
CrowdStrike Falcon Complete Buyer's Guide

Download the CrowdStrike Falcon Complete Buyer's Guide including reviews and more. Updated: September 2022

What is CrowdStrike Falcon Complete?

Falcon Complete: Endpoint protection delivered as a service. The highest level of endpoint security maturity delivered immediately, without the burden of building and managing it yourself.

Try Falcon for free at https://go.crowdstrike.com/try...;utm_medium=syn&utm_source=itcs. 

CrowdStrike Falcon Complete was previously known as Falcon Complete.

CrowdStrike Falcon Complete Customers

Palm Beach State College, Mercedes-AMG, Pokemon, Telstra, Goldman Sachs, Zebra

CrowdStrike Falcon Complete Video

CrowdStrike Falcon Complete Pricing Advice

What users are saying about CrowdStrike Falcon Complete pricing:
  • "It is not cheap, and it is not overpriced. It positions itself in the upper half of pricing in the market. You can find a product that claims to do the same and is super cheap, but it'll be not at all good. You can find something that says it does everything in the world, and it is the best thing since sliced bread, but it would be incredibly expensive. Falcon Complete is neither of those. It is always best to go somewhere in the middle, but it is not in the middle. It is in the upper half. So, it is by no means cheap, but it is worth it. Its pricing is well fixed. Given what you get in return, you wouldn't feel bad paying for it. They have a great licensing model. You can add extra bells and whistles if you want. There is that ability to reduce the price by turning off certain features if you wish."
  • "The pricing for CrowdStrike Falcon Complete is competitive. It's a cheaper solution when you compare it with others, and on a scale of one to five, I'm rating its pricing a four. You also don't need to pay extra for its features. CrowdStrike Falcon Complete is perfect."
  • "At approximately €60 per machine, per year, I think that it's a good price point."
  • "CrowdStrike is more expensive than SentinelOne. Licensing works on the number of agents and the modules you buy. CrowdStrike has different modules, such as Falcon, Falcon Overwatch, Falcon Complete, etc. The pricing depends upon the module that the customer wants. They have different Incident Response (IR) teams, which are very expensive."
  • CrowdStrike Falcon Complete Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Assistant Vice President at a financial services firm with 10,001+ employees
    Real User
    Identifies malicious activity, light on the system, and has helpful technical support
    Pros and Cons
    • "There's less workload on the endpoint."
    • "The initial setup was slightly complex although it's an easier solution."

    What is our primary use case?

    When work-from-home scenarios started in March 2020, during the pandemic, in the month of April, we were actually going through some POCs and had one ransomware attack on one of the client sites. We had to deploy the solution immediately, which actually helped us find out or not how it worked. Proactively, we could identify some threats in the environment and act on them. We were virtually identifying items and getting notifications, as well as seeing the availability of the intra. That was very helpful for the entire team.

    What is most valuable?

    The solution is very nice. It's got multiple products for multiple features and enabled multiple settings, which helped my team and the organization is also in a way better way. Since it was lockdown the last two years, when the entire organization went to working from a remote location, the earlier solutions, what we had, were of no use. We were most concerned about security over the cloud. Carbon Black has helped us handle that.

    Before we used to support multiple clients. We had to have some connectivity to the client's environment via Citrix or something. To access any of our solutions was a challenge when most of them were on-prem. Those were challenges for all of us. Now, most of the world has gone to the cloud. That actually helped us. Obviously, CrowdStrike was a different experience altogether.

    I personally work on advanced threat hunting and identifying possible malicious activity or the possible threat in our environment which is getting easier earlier. Symantec Engine Protection, for example, gives you known reactive reports where you get stuff from either SIM or some soft team to help us on finding out probably the path for the attack. However, CrowdStrike is better at hunting threats and catching them early.

    There's less workload on the Endpoint. After moving to CrowdStrike we never have this issue of systems getting overutilized by any of the security tools. That was one of the biggest advantages for it.

    What needs improvement?

    CrowdStrike has multiple parameters of components in the same console, which includes your vulnerability scanning. It has access to, or rather, we can integrate with, our existing SIM technology or SIM tool. The information that gets passed on the SIM control, the soft tool data site or any other tool is very limited. I had to actually provide the control access to my soft team so that they could drill down if needed.

    The information was get passed on from Falcon control to CrowdStrike and it was very limited. It was acting as more of an alert only. For any further deep-dive analysis, we had to log in on the console itself. 

    CrowdStrike has multiple parameters. For example, my vulnerability scanning team is a separate team who works on different tools altogether. If I need to give them access to my console I just need to provide them read-only access or kind of an admin access for VA scanning.

    I had to make some customized access that can be provided to different teams on the same console. As a VA team member, if I login to the console with my credential I should be able to see the things which I am working upon. I don't need to see all other tile stack tabs. I should be able to provide some kind of customized access or other kind of access control for the console.

    Microsoft Defender has one good option which is called the ASR rule. It basically allows the machines to be onboarded to different consoles, which analyzes the process of it and summarizes it in a single console. Obviously, the number of incidents of the event are very huge. It takes about a month or so to evaluate. However, after the evaluation completes, you can actually fine-tune what should not be present in your automation. Which you can set up and get rid of it. It would be nice if this product had something similar. 

    For how long have I used the solution?

    I've used the solution for two years.

    Buyer's Guide
    CrowdStrike Falcon Complete
    September 2022
    Learn what your peers think about CrowdStrike Falcon Complete. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    632,539 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    The stability is very good. It does not have any kind of payload on the endpoint, and we don't need to compromise with system performance. The legacy tools used to have this agent needed to be deployed and consumed a lot of system resources. In terms of performance, this tool was an improvement on the legacy.  The capabilities of CrowdStrike as a tool are fantastic.

    What do I think about the scalability of the solution?

    We are working with about 18,000 endpoints and about 2,000 servers.

    The scalability was really good. It covers most of the recent operating systems I would say in India, although most of our customers are using Microsoft operating systems only. In terms of my international clients who have different operating systems, including Mac, Linux, or Unix, this works. CrowdStrike has the maximum availability for all possible and the latest operating systems. With other tools. we didn't have that level of flexibility.

    How are customer service and support?

    Technical support was fantastic, however, frankly speaking, we barely had a chance to get in touch with the technical support as CrowdStrike has a fantastic health portal within that console. There were a couple of scenarios where we went to them as some kind of alert that CrowdStrike was publishing it to the customer only. They had some specific name for those alerts. Those used to get sent to the customer's end only. Being automation as security, CrowdStrike has a policy to provide the information only to the registered customers only. Obviously, the licenses are issued to the customer. However, the licensing policy was limited in that we were kind of a vendor, or rather, a mediator between the customer and the OEM and we fell through the cracks. 

    I would say in my earlier solution, we used to just provide the license number. If the license number were verified, we would get all types of support. 

    Overall, the support team was really good. They are more capable of understanding the other challenges and would then provide the solution.

    Mostly, we were providing all the technical support to the customer. The licenses were installed with the customer's name. We were slightly lacking as the details that OEM was providing were direct to the customer and we were being skipped. At the same time, we used to struggle to get the details and updates or more input from the OEM from CrowdStrike. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We moved from Symantec Endpoint to CrowdStrike.

    How was the initial setup?

    The initial setup was slightly complex although it's an easier solution. It took us about a month to understand the entire process of the console.

    Within a month we were able to train our members to a certain level and within a six-month span, all members actually became familiar for the technology.

    We had some challenges from the client environment as well. That was expected as we were ruling out Symantec as well at the time. Concurrently, we were moving out of Symantec and deploying through the CrowdStrike agent. We were also doing the policy fine-tuning, which took a slightly longer time as the customer had their own developed applications and tools for finding their hashes. We added features like device control, app control. Those parts took slightly longer, however, it was still quicker than the legacy solution.

    We have two people available to handle maintenance. 

    What about the implementation team?

    The deployment was handled by my technical team only. Internally, we had eight team members deploying it. They were using a big fix as a deployment tool to deploy this agent on all the clients. I was leading the admin part of CrowdStrike. We had to involve the patch management team who could push a particular script on all the endpoints to onboard them. Most of the endpoints were working remotely and luckily we fixed everything there in the cloud which was making our life easier for onboarding scripts on the client.

    What other advice do I have?

    I'd rate the solution nine out of ten. 

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Security, Risk and Compliance Officer at a tech services company with 51-200 employees
    Real User
    Fully managed, super stable, and incredibly powerful from a compliance point of view
    Pros and Cons
    • "The most valuable feature of Falcon Complete is that it is a full security operations center (SOC) as well as a SIEM solution, and it is fully managed. Their security teams are working 24/7 and analyzing everything happening on all endpoints. They also take care of the instant response, which includes disconnecting endpoints, taking over the endpoints and fixing them, and ransomware protection. All of these things are most valuable because it is very difficult to get all the resources in-house to do all of that yourself. So, if you can leverage the experience of a global corporation with the best reputation in the market, and it is fully managed, that's the best."
    • "It would be good if they fleshed it out a bit more, possibly with additional areas such as security awareness training. They could build that in. They're leveraging the same endpoint base that they have the security software on, but then they could offer a centralized portal or hub whereby someone like me could leverage it to track and put out security awareness training for people on all the common topics. I could have a centralized hub for everyone's results from that training and for the evidence that training occurred. It would be relatively straightforward, but it would add a lot for people in the compliance area. It would be a great expansion."

    What is most valuable?

    The most valuable feature of Falcon Complete is that it is a full security operations center (SOC) as well as a SIEM solution, and it is fully managed. Their security teams are working 24/7 and analyzing everything happening on all endpoints. They also take care of the instant response, which includes disconnecting endpoints, taking over the endpoints and fixing them, and ransomware protection. All of these things are most valuable because it is very difficult to get all the resources in-house to do all of that yourself. So, if you can leverage the experience of a global corporation with the best reputation in the market, and it is fully managed, that's the best. 

    They're incredibly transparent. They give full access to all the information and dashboards that they work off themselves. So, you can look in and investigate any incident you wish. It is incredibly powerful from a compliance point of view because you have evidence that all of this is happening, and you're doing it correctly, and you take it seriously. 

    What needs improvement?

    It is already wonderful. The dashboards they have are great, but they can always improve it in terms of general interfaces and searching and presenting the information. Occasionally, navigating it to try to find what you want can be challenging because there is so much information there. It is so rich, and it has everything you could ever want. The challenge with anything like that, and any website, is how to build the user journey so that it is user-friendly, but at the same time, it is incredibly dense with information. It is difficult to achieve that balance between these things. They've done a wonderful job, but everything can be improved. So, it could be even better. If I was to focus on one thing, that's what I'd tell them to focus on. The same is with Azure. There is just so much functionality there. How can you make it easy when it is just so vast? It is a tough one.

    It would be good if they fleshed it out a bit more, possibly with additional areas such as security awareness training. They could build that in. They're leveraging the same endpoint base that they have the security software on, but then they could offer a centralized portal or hub whereby someone like me could leverage it to track and put out security awareness training for people on all the common topics. I could have a centralized hub for everyone's results from that training and for the evidence that training occurred. It would be relatively straightforward, but it would add a lot for people in the compliance area. It would be a great expansion. It won't improve the actual technical protection, but it would improve the user protection. Educating the users to be more aware increases security. So, if they branched out into that, it would be a great bonus. If I was speaking to them, that's what I'd tell them to do.

    For how long have I used the solution?

    I have been using this solution for a couple of years.

    What do I think about the stability of the solution?

    It is super stable. I would rate it a ten out of ten in terms of stability.

    What do I think about the scalability of the solution?

    It is scalable. It is for endpoint protection. It is a cloud-based platform. So, it can scale to whatever amount of endpoints you want. You can scale it any way you want.

    The endpoint deployment is relatively straightforward. The only constraint is licensing. The more you scale, the more you pay. That's it.

    We have less than 200 users of this solution.

    How are customer service and support?

    It is a fully managed service, So, we have 24/7 support. It is not technical support. It is a dedicated team, and they're there to answer any queries or questions. So, no technical support was required because nothing went wrong, but when we have questions, they're incredibly responsive. They get back super quick. I have no complaints at all. I would rate them a five out of five.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We had another solution previously, and we just replaced it with CrowdStrike. Based on all available information, we just decided it was the best, and we don't regret that. It has been very good.

    How was the initial setup?

    Its initial setup is simple. It is very well designed.

    All our endpoints are managed by mobile device management. We have centralized device management, deployment, and installation with Intune. We can install anything we want on any of the computers with Intune.

    What's my experience with pricing, setup cost, and licensing?

    It is not cheap, and it is not overpriced. It positions itself in the upper half of pricing in the market. You can find a product that claims to do the same and is super cheap, but it'll be not at all good. You can find something that says it does everything in the world, and it is the best thing since sliced bread, but it would be incredibly expensive. Falcon Complete is neither of those. It is always best to go somewhere in the middle, but it is not in the middle. It is in the upper half. So, it is by no means cheap, but it is worth it. Its pricing is well fixed. Given what you get in return, you wouldn't feel bad paying for it.

    They have a great licensing model. You can add extra bells and whistles if you want. There is that ability to reduce the price by turning off certain features if you wish. I wouldn't necessarily recommend it, but they do cater to everyone in that sense. 

    Which other solutions did I evaluate?

    We compared it to all other vendors, and then we decided on it because it is the best in class and in the Gartner Magic Quadrant. It is the best in the market. 

    What other advice do I have?

    I would highly recommend it. So far, my experience has been nothing but positive. 

    I would rate it a 10 out of 10. It is in the top five. It ticks all the boxes that I have for it. You got to manage your expectations, and given my expectations, it exceeds my expectations. Now, if you were to ask me what is my expectation for the software next year, I'd want it to be better, but at this exact moment in time, it is doing a fantastic job, and I hope they keep it up and improve. If they don't, then my grade will drop. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    CrowdStrike Falcon Complete
    September 2022
    Learn what your peers think about CrowdStrike Falcon Complete. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    632,539 professionals have used our research since 2012.
    Ric Cabrera - PeerSpot reviewer
    IT Consultant - Applications & Technology at Select Home Health Services
    Consultant
    Top 20
    Great next-generation antivirus with breach warranty and good intrusion protection
    Pros and Cons
    • "One unique thing that they offer is a breach warranty. We basically have a warranty of up to $100,000 should there be any breach that they're not able to manage."
    • "The downside is that if you are using a device offline, not connected to the internet, you will potentially have exposure."

    What is our primary use case?

    We wanted a very high level of endpoint protection and intrusion detection. Based on all the reviews, you have a bunch of products out there to choose from. One differentiator of CrowdStrike is that it's nearly what I would call zero-touch on the workstation. You don't have to worry about upgrades and all that. Then, when something suspicious is detected, the CrowdStrike team investigates that for us. It's part of the service that we purchased from them. Basically, we use the solution for security.

    How has it helped my organization?

    Basically, from an overall management perspective of the devices, you really only install the sensor once, and then you set up policies on the portal to say, okay, we want to stay on the N minus one version of the sensor. If there's an update that's required, the portal pushes it to the workstation. It makes everything very easy and doesn't require any touch.

    What is most valuable?

    It's mainly the next-generation antivirus that we are leveraging.

    In the traditional antivirus, like McAfee, for example, you'd have to maintain signature files and all that on the workstation. We don't have to do that. On top of that, the footprint on the workstation is nearly zero.

    One unique thing that they offer is a breach warranty. We basically have a warranty of up to $100,000 should there be any breach that they're not able to manage.

    What needs improvement?

    The downside is that if you are using a device offline, not connected to the internet, you will potentially have exposure. Intrusion detection and endpoint protection is all driven using the internet. You have to be connected. If you're not connected, basically, unlike some antivirus software packages, if you introduce something, let's say through a USB port, and you are not online, you have potential exposure.

    I'd like to see a capability where the solution can do offline intrusion detection if needed. For example, if you have offline workstations or devices, then there's new data introduced into the device using, I guess, portable data devices. If there was a way to detect that while the device was not connected, that would be great.

    It's not a major concern for us since 100% of the time, our devices are connected to the internet because most of our business applications are using cloud-based applications.

    The pricing can look expensive.

    For how long have I used the solution?

    We started using the solution in April or May of this year. It's only been a few months. 

    What do I think about the stability of the solution?

    It's stable. So far, so good. I've not had any issues around it in terms of impacting usage, et cetera. It's pretty transparent to us.

    What do I think about the scalability of the solution?

    It's pretty scalable. I've talked to some users from huge companies, Fortune 500 companies, so I know that it's scalable.

    We don't really have any users for it. It's pretty much myself and one other person who just monitors the portal, and that's about it. In terms of devices, we have 100 to 150 devices. 

    We intend to explore the other capabilities of what the sensor can provide us. However, right now, we're just focused on antivirus and intrusion detection. That's about it. 

    The intent is obviously to deploy. Every time we have new devices, et cetera, we just deploy this and go.

    How are customer service and support?

    Support is pretty transparent for me. We've had probably five or six incidents, and they were minor, however, then those are handled by the CrowdStrike team. 

    They would notify me if I needed to take action on my side. So far, they are good. I haven't needed to take any drastic action, like shutting down the device and all that.

    Which solution did I use previously and why did I switch?

    We had decentralized solutions. They were mainly workstation-based and was McAfee. We went to a centralized solution so that it can be centrally managed.

    How was the initial setup?

    The setup is pretty straightforward. We started out with a lot of effort since we didn't have managed devices when we installed it. We didn't have a device management system in place for Windows, so we had to install it at each workstation. 

    The deployment probably took us a week. We had to install the sensors manually. However, the installation process is very straightforward. It takes less than five minutes.

    In terms of maintenance, it's all maintained on the CrowdStrike side.

    What about the implementation team?

    We did the initial setup ourselves in-house.

    What was our ROI?

    There's potentially really no ROI. It addresses an area of risk. That is all. You're putting the investment in the service as a kind of insurance against cyber attacks, data breaches, et cetera.

    What's my experience with pricing, setup cost, and licensing?

    We have a subscription. 

    The cost, the overall cost of the service, is something that could be improved. If you compare it to other antivirus systems, it'll seem more expensive as there's one piece that people overlook - you have a technical team monitoring for you behind the scenes.

    The cost is approximately $35,000 to $40,000 a year. It covers up to 300 devices and 300 Windows or Mac OS devices, and about 150 mobile devices. There are no additional costs beyond the main fee. It's all paid on an annual lease. 

    Which other solutions did I evaluate?

    We looked at Microsoft Defender, McAfee, Norton, and two other solutions, however, this one came up on top. The only downside is the overall cost when you compare it to the competition.

    What other advice do I have?

    We are customers and end-users.

    I'm not sure which version of the solution we're using. Typically, we set ourselves to N minus one. We're typically one version behind the most current.

    I'd warn potential new users that they have to look at the total cost of ownership. One item that's overlooked is when you get an antivirus or a security product, you will need experts to manage and maintain it. CrowdStrike basically provides you with the software solution and the technical support behind it. If you basically add up all those things, it'll probably be on a total cost basis; it'll be reasonable.

    I'd rate the solution nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Head Of Information Security at a financial services firm with 501-1,000 employees
    Real User
    Easy to set up, has multiple dashboards, and offers competitive pricing
    Pros and Cons
    • "What I found most valuable in CrowdStrike Falcon Complete is that it has a lot of monitoring dashboards and use cases, and I saw that it's a very good product, but my company has only tested it, so it's not been used for real use cases. My company hasn't tested the complete license for CrowdStrike Falcon Complete, so the team hasn't checked the open fiber rooms for zero-day attacks, IOAs and IOCs, or any indicators of fraudulent activities. I was also amazed at the solution and its licensing. My company did a competitive analysis of many EDR solutions, but it went with CrowdStrike Falcon Complete. It's one of the top-rated solutions on CyberRatings as well."
    • "At the moment, nothing is missing in CrowdStrike Falcon Complete. I'm amazed by it. It's perfect and I'm not aware of any other vendors that provide its features, but it would also depend on the configuration and policy management of the solution, for example, I can bring you an EDR solution and configure it badly, so it won't do anything. It also depends on the people, not just the technology you're obtaining, so this is the most important thing to do for all solutions, even for firewalls. You can obtain a firewall and if you permit everyone to go through it, then it's useless. What could be improved in CrowdStrike Falcon Complete is its management console. Currently, that console is on the cloud, so if the cloud is compromised, then the management console would also be compromised, and that's quite risky."

    What is our primary use case?

    We use CrowdStrike Falcon Complete internally and externally according to the MITRE ATT&CK framework. MITRE ATT&CK describes most of the TTPs and explains them, including the default use cases and deployed policies. Our internal use case for the solution is specifically for internal fraud cases to use in our internal forensics team.

    How has it helped my organization?

    CrowdStrike Falcon Complete has helped in improving my company in terms of achieving strategies and executing frameworks.

    What is most valuable?

    What I found most valuable in CrowdStrike Falcon Complete is that it has a lot of monitoring dashboards and use cases, and I saw that it's a very good product, but my company has only tested it, so it's not been used for real use cases. My company hasn't tested the complete license for CrowdStrike Falcon Complete, so the team hasn't checked the open fiber rooms for zero-day attacks, IOAs and IOCs, or any indicators of fraudulent activities.

    I was also amazed at the solution and its licensing. My company did a competitive analysis of many EDR solutions, but it went with CrowdStrike Falcon Complete. It's one of the top-rated solutions on CyberRatings as well.

    What needs improvement?

    At the moment, nothing is missing in CrowdStrike Falcon Complete. I'm amazed by it. It's perfect and I'm not aware of any other vendors that provide its features, but it would also depend on the configuration and policy management of the solution, for example, I can bring you an EDR solution and configure it badly, so it won't do anything. It also depends on the people, not just the technology you're obtaining, so this is the most important thing to do for all solutions, even for firewalls. You can obtain a firewall and if you permit everyone to go through it, then it's useless.

    What could be improved in CrowdStrike Falcon Complete is its management console. Currently, that console is on the cloud, so if the cloud is compromised, then the management console would also be compromised, and that's quite risky.

    For how long have I used the solution?

    I've been using CrowdStrike Falcon Complete for six months.

    What do I think about the stability of the solution?

    CrowdStrike Falcon Complete is too stable, but I still have to test it in a forensic case before I could comment on the stability of the solution.

    What do I think about the scalability of the solution?

    We usually follow TMMI, so in terms of the maturity and scalability of CrowdStrike Falcon Complete, it's fine, so far.

    How are customer service and support?

    Our only experience in terms of contacting the technical support team for CrowdStrike Falcon Complete was during implementation.

    How was the initial setup?

    Setting up CrowdStrike Falcon Complete was too easy because it's a cloud solution, so it was too easy to implement. There's nothing to do, for example, you just need to install the agent from the PCs on the endpoint.

    In terms of the deployment time for CrowdStrike Falcon Complete, the infrastructure team implemented the endpoints which took one week, then there's the tuning of the policies, so overall, the deployment took one month.

    What about the implementation team?

    There's a third party or a partner either for implementation or support for CrowdStrike Falcon Complete, but my company did it in-house.

    What was our ROI?

    We haven't seen ROI from CrowdStrike Falcon Complete because we've just done a POV for the top management and there are limited attacks in our organization. We've done some use cases or POCs on a zero-day attack, changing the binaries, etc., and CrowdStrike Falcon Complete was perfect and detected all of the behaviors, isolated them, and did all the functions we expected it to do.

    What's my experience with pricing, setup cost, and licensing?

    The pricing for CrowdStrike Falcon Complete is competitive. It's a cheaper solution when you compare it with others, and on a scale of one to five, I'm rating its pricing a four. You also don't need to pay extra for its features. CrowdStrike Falcon Complete is perfect.

    Which other solutions did I evaluate?

    My company evaluated another solution that was also top-rated: FireEye (now called Trellix).

    What other advice do I have?

    CrowdStrike Falcon Complete currently has five thousand users in my company and the roles vary from top management to C-level to endpoint users to high privilege users, so a lot of people and a lot of money.

    My company recommends CrowdStrike Falcon Complete for the financial, military, and oil and gas sectors. It's by sector, not by people. All the roads now move toward security and securing the business, and it also depends on the criticality of the assets you own and how you're securing the assets. Whenever or whoever has a critical asset should go for a strong security solution such as CrowdStrike Falcon Complete.

    In terms of how extensively the solution is being used in my company, there's no 100% security, so my company is always developing security solutions that can handle new attacks, future attacks, and more sophisticated attacks, so I'm unable to give a percentage of the extent of usage of CrowdStrike Falcon Complete, but if I can just measure this from a governance perspective, it's 80%, specifically from a compliance perspective.

    At the moment, I'm unable to give my advice to others looking into implementing CrowdStrike Falcon Complete because I need to use the solution on a real test or real compromise first.

    I'm rating CrowdStrike Falcon Complete eight out of ten because of its management console being on the cloud. My company doesn't prefer this setup, even if it has an NDA with the vendor because if the cloud itself was compromised, the management is also compromised, and all users will be isolated, so this isn't good from a risk perspective.

    My company is a customer of CrowdStrike Falcon Complete.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Tugomil Cerovecki - PeerSpot reviewer
    CTO at SuperSport
    Real User
    Top 10
    Provides good network visibility, easy to work with, and deep inspection provides valuable insight
    Pros and Cons
    • "It has good visibility, works well, and it is fast."
    • "The performance slows down by between 10% and 40%, depending on what type of work the machine is doing."

    What is our primary use case?

    Our primary use case is an ordinary antivirus. We also use it to watch the activity on the machine.

    What is most valuable?

    It has good visibility, works well, and it is fast.

    It is easy to see what is happening and the reporting is good, although I still don't understand everything. We are still trying to understand all of the information that we receive. When a problem is being investigated, the product does a deep inspection and this is something that we really like. You can see things like which file is connected with which services. The deep inspection is something that we don't have in any other of our other tools.

    The central console is good and it is easy to work with.

    This product is easy to maintain on a daily basis.

    What needs improvement?

    There are some parts of this solution that are too slow. The performance slows down by between 10% and 40%, depending on what type of work the machine is doing. For example, we had to shut down our backup because it was too slow and it started to overlap with other tasks. We did not try to use our SQL database because there was too much of an impact. This is not on the network but on the machine and even a few percentage points difference is significant for us because of the volume of transactions.

     Integration slows down the system a bit.

    I would like to have an alternate dashboard view, which is somewhat simpler. The one it presents now is like Splunk, and it is very good, but it would be helpful to have a simpler one that only shows the basics like what you have and what it has found. As it is now, it takes time to get used to it. After a while, it won't be a problem for me or other users in the company. When you're working with a regular antivirus, it is much easier to set up and start using.

    For how long have I used the solution?

    We have been working with CrowdStrike Falcon Complete for two months. We are still deploying and integrating it into our environment.

    How are customer service and technical support?

    Because we are still in the process of initial integration, it is our partner who is in contact with technical support. We're still waiting for them to answer with respect to one issue, and now after waiting for two weeks, I cannot say that I'm very happy with that. However, given that it is the holiday season, it's pretty understandable.

    I expect that it will be complete in January when we are fully operational. During New Year and Christmas, it is a bit of a lazy time for everybody.

    Which solution did I use previously and why did I switch?

    We have several solutions in place. We have a firewall, antivirus, and email antivirus systems, and there are still things that pass through. This product is our fourth layer of defense.

    How was the initial setup?

    The initial setup was straightforward for us because we had assistance. On our own, this would not have been as easy.

    What about the implementation team?

    We had CrowdStrike partners who assisted us with the implementation. They asked us things like what should be protected and what should not be. It was a lot of work for our partner to complete the deployment.

    What's my experience with pricing, setup cost, and licensing?

    At approximately €60 per machine, per year, I think that it's a good price point. When you compare this to Windows Defender for Endpoints, the price of that solution is about €50 Euro per month per user.

    There are people who spend a lot of time trying to find the right price to sell new products at, so I always think that people know the value of their product and what price they can sell it at.

    What other advice do I have?

    Every solution has pros and cons. I don't see anything that is more advanced than other solutions, and it's just an ordinary spy product. I have to wait for some time to see how well it works in the real world, but it finds some malware and it finds some things that pass through as normal. 

    At this point in time, I can't yet say for the general case whether I would recommend this product. We are still having a problem with the slowness and the impact on the performance of the system. For workstations or servers that do not have a high load on them, I would certainly recommend buying it. In our case, we had to remove it from our backup servers. So, if you're already using a backup, or hosting servers for VMware or Hyper-V, or using a SQL database, then you should consider testing it first. I'm still not sure what will happen in our case.

    At this point, I cannot rate it an eight or higher because we still don't have an answer on improving the performance. If ultimately they resolve our problem then I would rate this solution an eight or a nine out of ten.

    I would rate this solution a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Global IT Infrastructure Manager at TMF Group
    Real User
    Top 20
    Easy to use, simple to set up and provides easy management
    Pros and Cons
    • "It is very simple to use and not overly technical."
    • "They need to continuously integrate with other security tools such as CyberArk or Mimecast, to cover the entire IT infrastructure."

    What is our primary use case?

    We primarily use the solution for security purposes. We use it to protect our endpoints and prevent any kind of malicious attacks on our company.

    How has it helped my organization?

    In terms of Endpoint security, we feel very secure. Sandboxing is in a place where we can analyze everything before releasing anything into the production environment. It has really helped in terms of how we can prevent the malware from spreading across Endpoints, especially in these scenarios where work from home is common and where users are directly connected to a potentially insecure network.

    What is most valuable?

    The best part of CrowdStrike is the integration with various other tools and technologies such as, for example, Mimecast. We use Mimecast for email security and detection via Crowdstrike. If we have a backend integration of Mimecast logs with Crowdstrike, that's an excellent way for us to secure email.

    The initial setup is straightforward. 

    The stability and performance have been pretty good overall. 

    The solution has proven to be very easy to implement and easy to manage.

    It is very simple to use and not overly technical. 

    The product gives us very low false positives. 

    What needs improvement?

    Considering the recent SolarWinds attacks in November or December last year, we were looking for something that could secure the EDR first tokens. It would be helpful if that was on offer.

    They need to continuously integrate with other security tools such as CyberArk or Mimecast, to cover the entire IT infrastructure. They should keep in mind that there is a risk in the ADFS web environment. From an Endpoint perspective, it's all good, however, they need to explore the origins via something like Crowdstrike.

    The customization could be improved upon. As of now with the area first and web security tokens, we don't see the EDR. We are looking for some solution that can provide EDR solution on the EDR first web environment.

    For how long have I used the solution?

    We've been using the solution since 2017. It's been about three years or so. We've used it for a while.

    What do I think about the stability of the solution?

    The stability is very good. We don't see anything currently that can negatively impact the Endpoint as the agent is installed, however, the processing does not consume the CPU or memory. It's giving us great anti-malware detection along with a very good performance on the Endpoint as well.

    What do I think about the scalability of the solution?

    The solution is fairly easy to scale, as it's not specific to any domain we can implement CrowdStrike on a standalone server, or multi-forest. In terms of scalability, it can support the multi-cloud strategy as well.

    We have about 12,000. places in which the solution is being used. It's on 9,000 devices as a user Endpoint, which is Windows 10, and approximately 3000 servers.

    We do intend to increase usage. Every year is we see a5% to 10% increase in usage.

    How are customer service and technical support?

    We get a lot of proactive support from Crowdstrike. Before anything enters our environment, we get a lot of information from our account manager and there is an annual assessment as well. Overall, it's very good in terms of how they provide us with support services.

    How was the initial setup?

    The initial setup is usually straightforward. We don't see any challenges with the implementation in general, however, there are a few connectivity issues when the ports are not open from our internal network to the Crowdstrike servers. Otherwise, it's very easy.

    What's my experience with pricing, setup cost, and licensing?

    We always get pressured to reduce the cost, however, considering the importance of security, it's worth paying the current rate. Overall it's a good investment when it comes to security practices.

    Which other solutions did I evaluate?

    When we started off with this POC, we were exploring Carbon Black alongside Crowdstrike. Taking into consideration the overall scalability and compatibility in our environment, we decided to go for Crowdstrike.

    What other advice do I have?

    We are customers and end-users.

    We don't have the agent or on-premise servers. This solution is SaaS and we don't need those in order to use it. 

    I'd rate the solution at a nine out of ten considering the experience we've had over the last three years. The only downside is, in certain cases, that we still see the same gaps we have seen in SolarWinds. CrowdStrike is aware of those and is aware of what they need to do. As the first step, for example, what I've seen in the last six months is the integration with Mimecast which is quite a positive development. 

    If you look at the Gartner or other rating agencies, where you can compare the features of Crowdstrike versus others leaders such as Trend Micro or Carbon Black, CrowdStrike is shown to be easy to implement, easy to manage, and very simple to use. You don't need a core skillset to manage a Crowdstrike in your environment. It's very friendly. At the same time, it gives very accurate results. You'll get fewer false positives.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Senior Security Consultant at a tech services company with 501-1,000 employees
    Reseller
    Top 10
    Easy, lightweight, 100% reliable, and able to stop zero-day and ransomware attacks
    Pros and Cons
    • "It is a major anti-malware solution. It can stop zero-day attacks and ransomware attacks. There are so many features in CrowdStrike. Falcon Overwatch is a valuable module. It is lightweight on the endpoints. It doesn't have any scanning mechanism. It works on artificial intelligence, static analysis, and dynamic analysis. There is no signature available on this. It is a pretty easy solution. It is cloud-based, so there is no driver maintenance or anything like that. You can go anywhere in the world. If you have internet, you'll get connected to the cloud and the policies that it contains. It is pretty simple."
    • "Its support should be improved. The product is amazing, but the problem is that their support team is overconfident about the product. If something happens, they don't listen. They keep arguing with the customer. It should have more reporting. Reports are not that customizable. We need customizable reports for our customers, but they not there in CrowdStrike as well as SentinelOne."

    What is our primary use case?

    It is an advanced anti-malware solution. Our clients replace the existing traditional antivirus with this solution. We are an implementer. We sell this solution, and then I go and understand the existing environment to deploy it.

    What is most valuable?

    It is a major anti-malware solution. It can stop zero-day attacks and ransomware attacks. There are so many features in CrowdStrike. 

    It is lightweight on the endpoints. It doesn't have any scanning mechanism. It works on artificial intelligence, static analysis, and dynamic analysis. There is no signature available on this.

    It is a pretty easy solution. It is cloud-based, so there is no driver maintenance or anything like that. You can go anywhere in the world. If you have internet, you'll get connected to the cloud and the policies that it contains. It is pretty simple.

    What needs improvement?

    Its support should be improved. The product is amazing, but the problem is that their support team is overconfident about the product. If something happens, they don't listen. They keep arguing with the customer.

    It should have more reporting. Reports are not that customizable. We need customizable reports for our customers, but they not there in CrowdStrike as well as SentinelOne.

    For how long have I used the solution?

    I have been providing this solution for three years.

    What do I think about the stability of the solution?

    It is a 100% reliable solution. We had some small glitches with it, but we were able to rectify those issues by tuning it.

    What do I think about the scalability of the solution?

    It is pretty good. We have four customers, and there are a total of 15,000 to 20,000 users.

    One of our clients has been using this for over a year now, and they have acquired more companies. They will possibly buy more. They really like the product and are happy with the product.

    How are customer service and technical support?

    The first level of support is with us. If I'm not able to solve an issue, then I'll raise a case to Falcon with the help of the customer. I get guidance from the customer to raise the ticket about the issue and everything. As a partner or a vendor, we cannot raise a case for another customer. 

    Their support team is overconfident about the product. If something happens, they don't listen. They keep arguing with the customer.

    Which solution did I use previously and why did I switch?

    I have got experience with SentinelOne Vigilance. The major difference between SentinelOne Vigilance and CrowdStrike Falcon is the pricing. CrowdStrike is more expensive. Otherwise, both work in almost the same manner. They are cloud-based, and they are next-generation endpoints. They block cyber attacks. 

    How was the initial setup?

    Its initial setup is straightforward. It is pretty simple. It is a very powerful product that doesn't take much time to be set up. Unlike traditional antivirus, you don't need to create a lot of policies and build up the server. I have a link, and I enable the license and download the agent. That's it. It is pretty fast. 

    The deployment duration depends on the environment and the number of clients. It could take from three days to one week depending upon the number of agents. In most cases, the customer will opt to deploy for 50 machines. A customer has around 6,000 endpoints, and I have also deployed for only 50. It depends upon the customer. 

    What about the implementation team?

    We are a team of two. I and my colleague do the deployment. 

    It definitely needs upgrade, fine-tuning, and exclusions. No security product is 100% accurate, so we need fine-tuning. I am responsible for the maintenance for our clients. They have something called an Annual Maintenance Contract (AMC). Every quarter, I need to do a health check of their endpoints. After that, I send a report to them about the fine-tuning findings and the fine-tuning steps that need to be performed.

    What was our ROI?

    Our clients have definitely seen ROI. They were attacked with ransomware, but CrowdStrike blocked it. They reported to us, and we reported to CrowdStrike.

    What's my experience with pricing, setup cost, and licensing?

    CrowdStrike is more expensive than SentinelOne. Licensing works on the number of agents and the modules you buy. CrowdStrike has different modules, such as Falcon, Falcon Overwatch, Falcon Complete, etc. The pricing depends upon the module that the customer wants. They have different Incident Response (IR) teams, which are very expensive.

    What other advice do I have?

    We definitely need to move to the next-generation solutions because these days attacks are pretty intense, and the traditional antivirus solutions are not going to stop them. CrowdStrike gives a proper security block. It is a 100% protector. 

    There was a customer who was impacted by ransomware. We put SentinelOne over there, and we were able to catch the file that their antivirus couldn't. These solutions are 100% reliable and definitely good for any company that wants their enterprise to be protected on the endpoints. 

    I would rate CrowdStrike Falcon Complete an eight out of ten.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
    PeerSpot user
    Senior Account Manager at a tech services company with 201-500 employees
    Real User
    Comes with good threat-hunting and behavior-based analysis capabilities, and provides quick protection against new threats
    Pros and Cons
    • "The most valuable feature is that it has a zero-day approach. It does not work with the signature itself. It looks into what is happening on an endpoint and protects you better against threats that are not yet known but are captured in a signature. It provides far better detection than when it is only signature-based. You get much quicker protection against any new threat. This is the most important feature of the CrowdStrike solution."
    • "They are doing very well in continuously improving their product. The only thing is that it is completely cloud-based, and some customers don't really like that type of approach, but you can only provide such a solution when you have cloud-based intelligence. On the other end, we know that it is sometimes a breaking point for some of the customers. They could potentially have an on-prem or hybrid solution. Any antivirus needs to have its features updated. If there could be a relay between them, it would be helpful, but that's very hard to do. So, you either accept that approach and have the benefit with this little disadvantage."

    What is most valuable?

    The most valuable feature is that it has a zero-day approach. It does not work with the signature itself. It looks into what is happening on an endpoint and protects you better against threats that are not yet known but are captured in a signature. It provides far better detection than when it is only signature-based. You get much quicker protection against any new threat. This is the most important feature of the CrowdStrike solution.

    They have very good knowledge of how to hunt for threats. It is all about the intelligence you put into a solution for detection. It is about making sure that if you see a number of things, you can interpret them correctly and take the right action against them. They're one of the best vendors because they come from that background. 

    What needs improvement?

    They are doing very well in continuously improving their product. The only thing is that it is completely cloud-based, and some customers don't really like that type of approach, but you can only provide such a solution when you have cloud-based intelligence. On the other end, we know that it is sometimes a breaking point for some of the customers. They could potentially have an on-prem or hybrid solution. Any antivirus needs to have its features updated. If there could be a relay between them, it would be helpful, but that's very hard to do. So, you either accept that approach and have the benefit with this little disadvantage. 

    For how long have I used the solution?

    I have been working with this solution for three years.

    What do I think about the stability of the solution?

    We don't see any specific limitations on that at the moment. 

    What do I think about the scalability of the solution?

    We have large implementations, and we don't really see any issues with the scalability of the solution. It seems to be able to scale up fairly quickly within the environment.

    How are customer service and support?

    Their support is top-notch. They're very dedicated. Their experts are online when you need them. 

    How was the initial setup?

    It is very straightforward. It takes very limited time to set it up. People get used to it very quickly.

    Being a cloud-based solution, you don't really have to do a lot of installation. They have their own cloud. It is maintaining itself. There are automatic updates. That's one of the reasons why you want to go to the cloud-based approach. It is very easy in terms of maintenance.

    What other advice do I have?

    I would advise anyone interested in such a solution to try it out. It is very easy to try it out. 

    It is an absolute requirement to get an EDR solution in place. You should go with the ones that really have the most advanced capabilities for threat hunting. It is best to go with the experts. They've had some competition from Microsoft, which is not a bad solution, but Microsoft is not a security expert. CrowdStrike knows very well how to identify threats and link them to specific behavior. That's what you really want to have in there, and that's their strength. One of the reasons why they're still leading is that they are the only ones who can say, "We manage your network, and we would give you money back if we could not detect the issues upfront." That's one of their strong points.

    If they don't do any specific scanning, they will adapt themselves to that. If it is a new system, they would need to learn that. If there is something new in there, it could be harder for them to detect it because they don't yet know the behavior, and they have to learn about it. That's the only negative element I see in it. 

    They're doing quite a bit of work in improving it. They are doing a good job in evolving the product. I don't see any specific needs at this given moment on that. You could ask a lot, but in the end, you still need to make sure that the core is functioning well. They should stick with what they do best. Evolve that but not start doing everything. That's because it will not work. I'd rather have them stick to their niche.

    I would rate it a nine out of 10.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free CrowdStrike Falcon Complete Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Buyer's Guide
    Download our free CrowdStrike Falcon Complete Report and get advice and tips from experienced pros sharing their opinions.