Director of IT at a tech services company with 51-200 employees
Real User
Top 20
Responsive and fast support, easy to deploy, well-tuned to ignore false positives
Pros and Cons
  • "We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
  • "It would be nice if the dashboard had some more information upfront, and looked a little better."

What is our primary use case?

We use this product for endpoint security and threat remediation.

How has it helped my organization?

The fact that this is a cloud-native solution that provides us with flexibility and always-on protection is absolutely important, especially with a good majority of our staff working remotely, now.

We've had security incidents that occurred and within a matter of just a couple of minutes, they were completely remediated and fixed and we didn't even have to think about it. We just got the report after the fact.

Falcon's ability to prevent breaches is excellent. It's affected us in that we haven't had any downtime as a result of breaches or any malware or anything like that. Ultimately, it's given us a lot of our time back. On the IT side, this is at least five to ten hours per week. On the user side, it is probably more.

What is most valuable?

The most valuable feature is threat remediation. We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur.

CrowdStrike takes care of all of the updates, so we don't even think about it or see it. This is great because we definitely spent a lot of time doing that kind of thing with our previous solution. Now that we haven't had to do it in four months, it's not even something we consider anymore.

We use both the endpoint and cloud workload protection and the detection and prevention it provides are excellent. It's tuned well to the fact that there can be a lot of false positives, so there's not a lot of potential issues that we're getting alerted about that aren't real. This means that when we do get alerts, we know that they're real and they're already being remediated for us.

What needs improvement?

It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.

Buyer's Guide
Crowdstrike Falcon Endpoint Security and XDR
February 2023
Learn what your peers think about Crowdstrike Falcon Endpoint Security and XDR. Get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
672,411 professionals have used our research since 2012.

For how long have I used the solution?

I have been using CrowdStrike Falcon for approximately four months.

What do I think about the stability of the solution?

The stability is great and we haven't had a single issue.

What do I think about the scalability of the solution?

It was originally deployed to 200 users and we haven't really grown since we started, so I can't speak to scalability. This represents 100% adoption in our organization, and there are no current plans to grow. As we hire more people, our usage will increase.

There are two people who work with it on a daily basis. There is the director of IT and a network administrator.

How are customer service and support?

The technical support is excellent. I've only used it a couple of times and they were extremely responsive and very fast.

Which solution did I use previously and why did I switch?

Prior to implementing CrowdStrike, we used BlackBerry Cylance. We switched for the ability to have full remediation so that we didn't have to do it ourselves. Also, this product is pretty much best-in-class for endpoint protection.

The only real difference that we have found with CrowdStrike, compared to Cylance, is that we no longer have to spend time remediating our issues. The detection and prevention capabilities are similar, although, with CrowdStrike, we have fewer false positives.

How was the initial setup?

The initial setup is extremely easy. It took me about five minutes to deploy it to my entire organization of about 200 users. The single-center process is extremely important because it's something that we were worried about, but it turned out to be a non-issue because it only took five minutes and we haven't had to think about it again.

We initially had a plan for deployment but once we found out how easy it really turned out to be, it was basically a one-step plan.

What was our ROI?

Our return on investment comes from the fact that there is less downtime for people that do get malware and other such problems. That is something that can be quantified.

What's my experience with pricing, setup cost, and licensing?

We made use of the free trial and the process for getting set up was extremely easy. We spoke to our sales rep and in our discussions and demos, they offered the free trial. We accepted, they sent me a link and I downloaded the agent. I was then able to install it and login in less than five minutes.

Having the free trial was very important in making our decision to implement CrowdStrike because without being able to test it, it's not something that we would have chosen.

The pricing is definitely high but you get what you pay for, and it's not so high that it prices itself out of the market. That said, it's definitely one of the highest. There are no costs in addition to the standard licensing fees and the fact that it's keeping us safe, and it's proven that it works, is worth it.

Which other solutions did I evaluate?

We evaluated solutions from several vendors including Sophos, Trend Micro, McAfee, Kaspersky, and perhaps another one. A lot of these other endpoint solutions don't offer a full remediation option, and that was a big deal for us.

Also, reputation was important. We had used a couple of others in the past and there were issues where they would make an update that would negatively affect all of our computers. For example, our users could no longer access certain important websites. We haven't had that problem with CrowdStrike.

In terms of ease of use, CrowdStrike is extremely easy. Comparatively, we've had less time in the administration console than we have previously.

What other advice do I have?

My advice for anybody who is looking into implementing CrowdStrike is to go ahead and do it. There is nothing to worry about and they deliver as promised.

I would rate this solution a nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Jordan Swanson - PeerSpot reviewer
Information Security Assurance Engineer at School District of Lee County
Real User
Top 10
Robust threat hunting and great ability to do on-keyboard remote response and quarantining of devices
Pros and Cons
  • "It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff."
  • "The ability to receive text alerts natively in the console would be kind of cool."

What is our primary use case?

We integrate the data from this solution with ExtraHop, which is an NDR. Being able to move between both platforms and have network-level data and transactions over the network feed into XDR CrowdStrike is really powerful. It helps us make better decisions, it makes better decisions without human intervention, and it hones the analytics a little bit. The EDR aspect of it works almost exactly the same as the regular Falcon product. I will say that it's probably a lot better at scale than what we're using it for. I work at a school district, so for the individual schools, it's nice to see and isolate issues and have reports built by individual school locations rather than just everything looking like a whole hodgepodge of computers.

What is most valuable?

It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff, like look for old versions of applications that maybe you forgot about or find stuff that people are running that maybe you don't want on your network, and it lets you get rid of those. Also, its ability to do on-keyboard remote response and run PowerShell script through the sensor is pretty sick. It's ability to quarantine devices is also pretty great.

What needs improvement?

The ability to receive text alerts natively in the console would be kind of cool. Some people put their email on quiet hours, so having it natively in the system would be nice.

I know that they offer an identity piece and a firewall piece and we haven't subscribed to or purchased either of those, but having some of that data in the base program would be good, and then if you want more control, you pay for it. There's times where I want to look at an internet history of a device that's remote, or I want to see logins, successful or unsuccessful. I don't want to manage identity and I don't want CrowdStrike to alert on it, but it would be nice if the ability to see the data was included with the base product. Then that could kind of get your foot in the door with having the ability to look at that information, but not being able to do anything actionable with it.

For how long have I used the solution?

I have been using this solution for two years. 

What do I think about the stability of the solution?

The solution has never failed. The only false positives that we get are ones that we test with. I do true and false positive testing every month to make sure stuff is working correctly and the solution picks up on it. 

What do I think about the scalability of the solution?

The solution is very scalable. Our proof of concept was a few devices and now at full scale we have 50,000 devices. It's a cloud console, so if you do the implementation right and the sensor is put on in an automated process, it doesn't matter how many computers you have. It just runs. They have sensors for every kind of device: Macs, Windows, Linux, and I think even Android.

How are customer service and support?

The support is great. They're quick to respond and you see the same names pretty consistently. They probably do it by region or account or something like that, so it's not just a random person every time.

How was the initial setup?

The setup is as complex as you want to make it. They have engineers that help you. We did a proof of concept first and that was pretty seamless. If you want to build out a bunch of dynamic groups and have different policies affect the different groups separately, you can. If you want to purchase a bunch of licenses for integration with different products, they partner with a bunch of different security vendors and you can make it as complex or simple as you want. If you just want NextGen AV, you can just have NextGen AV and it's super simple and the sensor just sits on a computer, but if you have a bunch of data and want it to be really complicated and want to be able to do whatever you want, you can do that too. It's pretty flexible, in that sense.

What about the implementation team?

Getting it off the ground took myself, one CrowdStrike engineer, and we could have done it with one systems engineer, but we had two because one was on the client side for the Windows hosts and one was for enterprise for the data center and servers. We did it with four people, and me and one other guy manage it ourselves.

What other advice do I have?

We pay for Overwatch, which is kind of like a sock where someone that works for CrowdStrike monitors certain aspects of your network, and then they can make notes and quarantine devices for you, and they'll alert you at 2:00 in the morning. It's really great, but it takes two people to manage the alerts after a bit of tuning to make sure that the stuff that is on your network that you want to be there, that's getting picked up by CrowdStrike, is excluded. I get maybe ten alerts a day, but that comes from having good hygiene in other areas. If you're not preventing those alerts or fixing the problems that CrowdStrike is picking up, you're going to have a lot of work to do, but if you use CrowdStrike as a hygiene tool, it's a lot easier to manage.

My advice would be to automate as much of the management as you can. Sensor deployment can be really annoying, but if you figure out how to automate it in your environment, that will make it way easier. That way, as the devices are provisioned, they have the sensor on them and they just pop up into your console. I know some people do it by hand and that's a nightmare.

I would rate this solution as a nine out of ten. It's really good. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Crowdstrike Falcon Endpoint Security and XDR
February 2023
Learn what your peers think about Crowdstrike Falcon Endpoint Security and XDR. Get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
672,411 professionals have used our research since 2012.
Syed Ubaid Ali Jafri - PeerSpot reviewer
Head of Cyber Defense & Offensive Security at Habib Bank Limited
Real User
Top 5
Good lateral movement and overwatch detections but requires improvements in the Mac environment
Pros and Cons
  • "The CS falcon agent is a lightweight agent compared with other agents of EDR products."
  • "CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine."

What is our primary use case?

The following is a list of use cases that were tested and evaluated against Crowd Strike along with different competitors.

1 - Execution of Fileless Ransomware - The test was conducted using PowerShell script execution, the script was executed using privileges rights and it was successful. Although all the preventive controls were enabled in the CS falcon dashboard, CS falcon had raised a red flag regarding fileless execution, however, the moment it let us know our system got encrypted.

2 - Uploading large volume of Data over the cloud - Using customized script in the USB, a test was conducted to copy (.docx, .xlsx, .pptx, .png, .jpg, .pdf, .txt, .rtf) files from the system. It performs a copy operation from the whole disk and creates a password-protected .zip file in APPDATA of the complete files, once the protected file is created it then checks the internet connectivity. As soon as the script finds connectivity with 8.8.8.8, 8.8.4.4. it starts sending the protected .ZIP file over its CnC cloud.

3 - Disabling of CS Falcon Agent - I have conducted a test to disable the Falcon agent from the Windows-based OS. The agent was successfully disabled by booting up another OS and renaming of agent files from the system.

4 - Perform Privilege Task in Crowd strike - CS roles have some additional privileges. While performing host containment, it has the ability to perform the following operations without informing the user: 

* Host Containment 
* Isolating the host from the network;
* Copying data from the host machine into the CS cloud;

Considering the above situation it may cause a breach of user privacy due to which user can file a complaint against InfoSec team.

How has it helped my organization?

The solution fits well in the organization and took out valuable output as expected from Endpoint Detection and Response solution.

This solution supersedes the requirement of an Endpoint Protection solution. The cost of EPP can be saved while using EDR.

One good thing is the active association of the Crowd Strike team in terms of support and coordination. 

Features that require further evaluation include:

Let's take an example of ten machines that require CS falcon agent installation. Apart from agent compatibility and ease of installation, one of the most important areas is the network bandwidth which would require whenever an agent updates the server through the cloud. 

An estimated network bandwidth utilization takes 0.4 MB/hour for a single machine to update its probes over the cloud. If we estimate the total working hours in our case it is eight hours, the formula would be 0.4 X 8 = 3.2 MB per host per day is the data uploading requirement on the cloud. It is highly recommended to assess a number of agents and the network bandwidth requirements.

What is most valuable?

The CS falcon agent is a lightweight agent compared with other agents of EDR products. Moreover, the following is the list of valuable features which I found very useful:
1 - Lateral Movement  
2 - Overwatch detections
3 - Custom IOC blocking
4 - Suspicious Process and Registry operations
5 - Azure/AWS agent installation and easy integration with SIEM
6 - Triage of the complete incident is well created in the CS dashboard. It helps to show complete details about the incident.
7 - It is an agent-based license not machine-based, so once the machine gets outdated/old, installation of the same agent license in another machine is possible.

What needs improvement?

Area of Improvement

The products still require improvement in the Apple environment (Mac). Currently, this solution (as of July 2022) is not compatible with MAC OS (X), Catalina, or Big Sur.

Similarly, the product is also not compatible with Unix-based systems including AIX, Darwin, and FreeBSD.

CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine.

Additional Features required in the Next release:

The product requires an add-on feature which should be a turnkey feature if it requires to be turned on to XDR no changes should be required to be made on the user end as the agent is already installed.

For how long have I used the solution?

The solution has been used for around two years, including the demo version with full features and final version with specific features.

This solution has been used without any compatibility issue and/or technical failure due to anti-virus installation.

When we procured Crowd Strike as an EDR it was on the Gartner top ranking as well.

The agent was being utilized in Windows Servers (2016, 2019), Linux Servers (Fedora, Red hat, Cent OS), Windows Endpoints (10, 11), and Mac. 

What do I think about the stability of the solution?

The solution is stable and we have used it for more than 2500+ hosts.

What do I think about the scalability of the solution?

It is a cloud-based solution - so scalability is not an issue.

How are customer service and support?

When it comes to customer service and support is that the principal engages whenever required.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

This was the first product that we evaluated out of 6 (six) products.

How was the initial setup?

The setup was straightforward and it's easy to use.

What about the implementation team?

A vendor team was engaged in the installation of the complete solution.

What's my experience with pricing, setup cost, and licensing?

Licensing is relatively low than other EDR solutions.

Which other solutions did I evaluate?

We evaluated Carbon Black and FireEye.

What other advice do I have?

Crowd Strike is a good solution. However, it requires you to build more features in protecting Endpoint agents for example:

DOM Improvement
DLL's Injections
Detection of CNC in Network Neighbors
Detection of similar attack surfaces in the network.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Security Systems Analyst at a retailer with 5,001-10,000 employees
Real User
Allows us to sleep better at night
Pros and Cons
  • "I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
  • "I would also like to see the endpoint firewall component produce some level of logging and feedback."

What is our primary use case?

CrowdStrike is a malware protection solution that is deployed on a private cloud across all areas of our organization. We have deployed the solution to 10,000 users. Roles-based it's the security team. 

We recently upgraded to a new feature that is set to roll out. CrowdStrike is a requirement, it's our standard. If you have a new OS deployed or a new server deployed, this is a required component. It has been automated as we grow and as we add more systems.

How has it helped my organization?

CrowdStrike allows us to sleep better at night.

What is most valuable?

I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution.

What needs improvement?

This solution lacks basic functionality, such as being able to perform on-demand scanning. This presents a challenge when it comes to the payment card industry, PCI which has that as built-in requirements for the PCI DSS standard.

I would also like to see the endpoint firewall component produce some level of logging and feedback. 

For how long have I used the solution?

I have been using CrowdStrike Falcon for three years.

What do I think about the stability of the solution?

CrowdStrike is very stable, we've had very few technical issues. The false positive rate is average. It has been very easy to manage and to determine where issues are.

What do I think about the scalability of the solution?

This solution is very scalable. It is easy to roll out more agents and is fairly automated. We have it deployed in multiple environments such as hybrid versus cloud versus private. 

How are customer service and support?

We have had very positive interactions with not only our manage service provider, but the vendor directly. They've offered good support when we've had some questions and concerns. Their documentation is fairly extensive.

Which solution did I use previously and why did I switch?

We follow trends to make sure we have the best product for our organizations. The one we were using fell behind a bit. We wanted something that was completely cloud-based so that the infrastructure wasn't on-prem and we wouldn't be required to manage the upgrades of servers and applications. 

How was the initial setup?

The initial setup was moderate. There is a lot to think about and a lot to plan out, however once that is done the actual deployment is straightforward. We used a tiered deployment, deploying the product in a learning mode or logging mode only. We also did a tiered deployment by division and then enabled features by division to make sure that if there was an impact, we could at least contain it to one area and revert back as quickly as possible.

What about the implementation team?

We deployed with an integrator. They were very knowledgeable and knew what they were doing. They involved the vendor when required. We use half of an FTE to maintain the solution. We also have a managed service provided that also integrated the log files from this product into our SIM. We are pointing all the logs to a log reporting utility that allows us to react to alerts. 

What was our ROI?

Because we are information security, we come with a price tag, unfortunately. When we look at it as a whole, we are able to sleep at night, we have a good solution and it is protecting us from the zero-days and the latest malware. I don't know what you put the cost of breach prevention at.  We feel we are using a product that is at the top of the industry. We are doing as much as we can to protect our organization, so there is the return on investment that way.

What's my experience with pricing, setup cost, and licensing?

We pay yearly for the solution. It makes it easier for budgeting purposes. We did incur additional costs when we implemented their firewall solution, calling it the endpoint firewall. 

Which other solutions did I evaluate?

We're constantly looking for other options the industry's top solutions and where the industry is going next. In cybersecurity, we ensure we are protected today but also make sure that we are thinking towards the future and analyzing other solutions to see if they are better, or potentially better in the future.

What other advice do I have?

If you are looking at CrowdStrike, plan appropriately. Make sure you have planned it out and do your testing. We found that it was legacy-friendly. We have a lot of legacy applications and we were concerned about that. We ran into some minor issues but we did find that it was friendly, however, there were some newer applications that the product did not interact with as well as we expected. They were easy fixes, but you should do your due diligence so you run into fewer surprises.

I would rate CrowdStrike a 9 out of 10.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cloud Solution architect at VaporVM
Real User
It has a good mechanism and a reporting feature and enables you to take quick action if there's a missing patch
Pros and Cons
  • "Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches."
  • "Dashboard creation is one of the areas for improvement in CrowdStrike Falcon. Sometimes, management asks for a custom dashboard, so my team has to collect data from CrowdStrike Falcon, integrate that in Splunk, then create the dashboard in Splunk. The Splunk dashboard is more elaborate, so the CrowdStrike Falcon dashboard needs improvement. Another area for improvement in the tool is the malware detection report, as it needs to be more detailed and include some graphics so that if you want to present that data in a nutshell, it's easier to do. For example, the report should consist of some graphical representation that shows a month's worth of data. In terms of an additional feature I'd like CrowdStrike Falcon to have, it's the device posture assessment feature that detects the device posture within the network. Whichever device connects to the corporate network, my company should be able to analyze the device posture. Then there should be communication with the network, which means that as soon as a device connects, CrowdStrike Falcon can assess the device posture, detect its corporate asset, and decide whether it should be allowed on the network."

What is our primary use case?

We primarily use CrowdStrike Falcon for malware detection, endpoints, and application behavior detection. The company has different teams, but our team handles the Windows and Mac hosts.

What is most valuable?

Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches.

What needs improvement?

Dashboard creation is one of the areas for improvement in CrowdStrike Falcon. Sometimes, management asks for a custom dashboard, so my team has to collect data from CrowdStrike Falcon, integrate that in Splunk, then create the dashboard in Splunk. The Splunk dashboard is more elaborate, so the CrowdStrike Falcon dashboard needs improvement.

Another area for improvement in the tool is the malware detection report, as it needs to be more detailed and include some graphics so that if you want to present that data in a nutshell, it's easier to do. For example, the report should consist of some graphical representation that shows a month's worth of data.

In terms of an additional feature I'd like CrowdStrike Falcon to have, it's the device posture assessment feature that detects the device posture within the network. Whichever device connects to the corporate network, my company should be able to analyze the device posture. Then there should be communication with the network, which means that as soon as a device connects, CrowdStrike Falcon can assess the device posture, detect its corporate asset, and decide whether it should be allowed on the network.

For how long have I used the solution?

I've been using CrowdStrike Falcon since January or February, so it's been eleven months, but my company used it even before I joined the organization.

What do I think about the stability of the solution?

Overall, CrowdStrike Falcon is a stable product. My company is satisfied with its stability.

What do I think about the scalability of the solution?

Per my experience, CrowdStrike Falcon is scalable.

How are customer service and support?

The CrowdStrike Falcon technical support is good because it's responsive, and the team reverts to you within a reasonable timeframe and in an excellent manner, which is essential for support. However, my team didn't have many cases because CrowdStrike Falcon doesn't require much support.

My company also took product training and implemented the learnings within the environment. CrowdStrike Falcon is effective and gives the required throughput and output, so in the last ten or eleven months, support cases have been very low, but whenever an issue is raised, the level of support has beeexcellentod.

Which solution did I use previously and why did I switch?

The company previously used Kaspersky, but CrowdStrike Falcon was far better. I heard that there was some attack, and Kaspersky couldn't handle that. CrowdStrike Falcon, on the other hand, offers excellent protection even from multiple malware attacks, and it has a good application behavior analysis feature.

My company did extensive penetration testing on CrowdStrike Falcon, which had good or far better results than Kaspersky. The company had a bad experience with Kaspersky.

How was the initial setup?

The initial setup for CrowdStrike Falcon is moderate in terms of difficulty, so it's not very easy, but it's not complex as well.

How long the setup takes depends on how you want to deploy CrowdStrike Falcon, but at the moment, it doesn't take much time for my company. It's quicker, but any company implementing CrowdStrike Falcon for the first time may need some good training or some hands-on experience. Otherwise, compared to other products, I would say CrowdStrike Falcon is better, implementation-wise.

What's my experience with pricing, setup cost, and licensing?

As I'm part of the technical team, not the budgeting team, I don't have information on CrowdStrike Falcon pricing.

What other advice do I have?

My company uses multiple products related to cybersecurity, for example, Netskope. For endpoint security, my company uses Microsoft Defender ATP and Endgame. My company is also working with CrowdStrike Falcon. For vulnerability management, my company uses Qualys, in particular for the AWS environment.

I don't remember the exact version of CrowdStrike Falcon I'm using, but I know that the tool is on Windows, Mac, and some AWS environments within the company.

Within the company, the total number of endpoints is around seven hundred. Two admins handle the endpoints for CrowdStrike Falcon.

My advice for anyone looking to implement CrowdStrike Falcon is to go for it, especially if you want to add value to your cybersecurity, specifically endpoint protection and application behavior analysis. CrowdStrike Falcon has reliable results, so I prefer it over other tools.

My rating for CrowdStrike Falcon is nine out of ten.

My company is a customer, and not a partner of CrowdStrike Falcon.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Director - IT Security Operations at a manufacturing company with 10,001+ employees
Real User
Allows us to stay in business by keeping our systems up
Pros and Cons
  • "CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
  • "CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."

What is our primary use case?

It blocks all the stuff bad actors are trying to do to our users.

All our end user systems and servers are on-prem and cloud workstations desktops everywhere.

We are using the latest version minus one release (N-1).

How has it helped my organization?

It provided us visibility into our endpoints that we did not have before. The telemetry and data that it collects allows us to respond to possible incidents much faster, containing the host as well as jump on the host for remediation.

CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and kept our systems up.

What is most valuable?

CrowdStrike endpoint detection and response (EDR) is excellent. It blocks the bad stuff without user interaction, allowing us to stay in business. For example, one of our service providers has been down for five days now with ransomware. Also, four of our partners have been down over the past two months with cyberattacks, and we can't do business with our partners.

What needs improvement?

CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it.

For how long have I used the solution?

I have been using it for a little over three years.

What do I think about the stability of the solution?

The stability is very stable. There have been no issues.

We have automated all our CrowdStrike Falcon updates.

What do I think about the scalability of the solution?

It is very scalable. There have been no issues at all.

How are customer service and technical support?

CrowdStrike's technical support is excellent:

  • Quick to respond
  • Quick to help
  • Very responsive
  • They have always been able to solve the issue.

Which solution did I use previously and why did I switch?

I was a McAfee customer for 20 years before switching. It was like night and day, where McAfee is old technology, and CrowdStrike Falcon is new technology. On a scale of one to 10, McAfee is at one and CrowdStrike Falcon is at 10. There is a really big difference.

We came from an on-premises solution. With more people working remotely, that became an issue. The fact that this is a cloud-native solution provides us with flexibility and always-on protection.

How was the initial setup?

It was very easy to deploy the solution’s single sensor. We used our deployment tools to push it out. Because it is a single agent, it is very lightweight, easy to install, and updates itself. We came from a competitor who had multiple agents, upgrades, and DAT files, where you could have very few of these with 100 percent working. However, since there were six different modules, they all had to be kept updated, which was a nightmare. 

This solution was a simple, easy push. Once it is on there, it updates automatically and we don't have any issues.

For deployment, we use a tool called Quest KACE. We also use SCCM.

We did about 10,000 hosts in around two months. We have had growth through acquisition. Now, we have 12,000 hosts.

What about the implementation team?

We did it ourselves.

For the deployment, there was one FTE (a Level 2 PC technician) for eight weeks. For maintenance, it is pretty much set and forget it. There is very minimal maintenance and zero dedicated staff.

What's my experience with pricing, setup cost, and licensing?

We bought a very small number of licenses, then ran it for a year. We bought a 100 licenses for a year, so we didn't actually do a proof of concept. We just bought them. Then, the next year, we bought 10,000 licenses.

We received a quote three years ago, and it was almost seven figures. CrowdStrike got money from investors to displace competitors, like Symantec and McAfee. Then, our quote was very low, which is why we were able to do this. The first year, the quote was almost a million dollars. The second year, it was a little over $100,000.

Which other solutions did I evaluate?

We also evaluated Cylance and Carbon Black. We went with CrowdStrike Falcon because of the single agent and price. The other solutions required multiple agents, and I did not like that at all.

Compared to the other solutions that we evaluated, CrowdStrike Falcon has a similar ease of use.

What other advice do I have?

We are a very happy CrowdStrike Falcon customer. I highly recommended it. It works.

I would rate this solution as 10 out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Park Armstrong - PeerSpot reviewer
Chief Technical and Solution Architect at Vertigo Inc.
Real User
Top 5Leaderboard
Beneficial crowdsourcing intelligence, robust, and useful multi-tenant architecture
Pros and Cons
  • "The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
  • "The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."

What is our primary use case?

I use CrowdStrike Falcon for endpoint security and compliance auditing.

How has it helped my organization?

We use CrowdStrike Falcon for discovery when anything goes wrong because it gives us a full history of what's happening. It acts as a preventative model for inappropriate activity. Additionally, we use it for compliance reasons.

What is most valuable?

The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence.

What needs improvement?

The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool.

In a future release, the mobile space can use improvement. However, some of those constrained are by Apple and other platforms as to what they can do on the platform. Some of the limitations are industry-based.

For how long have I used the solution?

I have been using CrowdStrike Falcon for approximately one year.

What do I think about the stability of the solution?

The stability of CrowdStrike Falcon is great, I have never had the slightest problems.

What do I think about the scalability of the solution?

CrowdStrike Falcon is highly scalable.

CrowdStrike Falcon is implemented company-wide on every device.

I have approximately one hundred protected endpoints, but the number of users that log on to the tools is approximately four.

How are customer service and support?

CrowdStrike Falcon needs to better its SE sales engineer team. The people didn't fully understand all the different parts of their solution. It's the endpoint protection and it is the essence of what we're trying to receive, they should know their solution very well.

I rate the support from CrowdStrike Falcon a three out of five.

Which solution did I use previously and why did I switch?

I previously used an anti-virus solution, but it didn't do all the things I needed regarding endpoint protection. That's why I added the CrowdStrike Falcon piece to the puzzle. I still have the anti-virus running. I don't need it technically, but I still have it running.

How was the initial setup?

The initial setup of CrowdStrike Falcon is in the medium range of difficulty. You will need a coach and be guided through it.

The time it took to do the full implementation from the beginning to end, from when the contract was turned on, and by the time I turned it on and had everything up was fairly fast because we piloted CrowdStrike Falcon at first. When I bought the solution, it was almost fully implemented. The full process took approximately two months.

I rate the ease of deployment for CrowdStrike Falcon a two out of five.

What about the implementation team?

We had some coaching help from the vendor to do the implementation of the solution. We have three people that can manage this solution.

What was our ROI?

This is not a tool you buy because it gives a return on investment. It's a tool you buy because the cost of not having it is far greater than the cost of having it if you have a problem.

What's my experience with pricing, setup cost, and licensing?

There are approximately a hundred different modules you have to purchase, depending on what you want to do. I have most of the modules. How it works is you buy the portfolio, you have to decide all the components you want in it, and then they price out a bundle for you. I have almost all of the package features in my bundle. You only need to pay for the modules you want.

The cost of CrowdStrike Falcon annually is approximately $10,000.

I rate the price of CrowdStrike Falcon a three out of five.

Which other solutions did I evaluate?

I studied the entire industry before choosing CrowdStrike Falcon. I evaluated many other solutions, such as Manage Engine, Malwarebytes, Checkpoint, McAfee, and Microsoft.

We choose CrowdStrike Falcon because it was fit for the purpose of our business. I needed a cloud solution and I needed it to be a SAS offering that was easy to use. It boiled down to features and fit for purpose, not features and functionality.

CrowdStrike Falcon platform was more robust. It was a true multi-tenant architecture, not a hosted instance. The crowdsourcing nature of CrowdStrike Falcon is a large benefit, all of the threat data is real-time and applied to you real-time from all around the world.

What other advice do I have?

My advice to others is to take a serious look at CrowdStrike Falcon. It's a good solution.

I rate CrowdStrike Falcon an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Information Security, Sr. Analyst at a wholesaler/distributor with 10,001+ employees
Real User
Top 20
Good support, activity dashboard provides a holistic view from a security standpoint
Pros and Cons
  • "The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint."
  • "We would like to be able to perform on-demand scanning, rather than relying on the scheduler."

What is our primary use case?

We use CrowdStrike Falcon as our EDR solution, including antivirus.

How has it helped my organization?

As Symantec ended its endpoint protection, we were able to roll out CrowdStrike.

It is important to us that CrowdStrike is cloud-based because the way I understand it, that's their main engine for their next-gen EDR solution. The fact that it's cloud-native, flexible, and offers always-on protection is important because we want to have 24-hour monitoring of our environment. It is important to us that we don't have to worry about upgrades.

This product has worked flawlessly to prevent breaches, and then it has allowed us to prevent any downtime.

It has minimized our footprint because having the ability to implement the prevention policies has allowed us to focus on other projects. The prevention policies are working for us.

What is most valuable?

The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint.

What needs improvement?

We would like to be able to perform on-demand scanning, rather than relying on the scheduler. Right now, CrowdStrike does not have an on-demand scanner. They have the always-on, but we have found instances where artifacts are being blocked from running, but they're not being removed. With an on-demand scanner, we would have the ability to remove those artifacts from an end user's machine.

I would like to see the multi-site environment functionality added in the next release. Currently, we are working under a single-site environment, and on the roadmap, they mentioned having the ability to have a multi-site environment.

For how long have I used the solution?

We have been using CrowdStrike Falcon for approximately eight months.

What do I think about the stability of the solution?

Stability-wise, they are very advanced in the next-gen antivirus game. CrowdStrike Falcon is always available.

What do I think about the scalability of the solution?

We have approximately 5,000 machines that are being managed. As time moves on, this number will grow, but we don't expect it to get larger in the near future.

How are customer service and technical support?

I would rate the technical support that we received during the deployment, as well as post-deployment, very well. They were very knowledgeable and gave us all of the tools we needed to have a successful deployment.

Which solution did I use previously and why did I switch?

Prior to Falcon, we were using Symantec antivirus. It was out of date, which is why we replaced it.

How was the initial setup?

It is very easy to deploy the solution's sensor to our endpoints. We use an automated process. 

Our deployment took between two and three months, with paperwork, communication, and roll-out timeframes. Our implementation strategy included using IBM's BigFix application to push to Windows machines, and then we used a solution for the Mac to push it out remotely as well.

What about the implementation team?

Our IT Services team deployed this solution, and they leveraged consultants from CrowdStirke to get the proper packages for the process.

I'm sure that there is administration and upgrades to do, as sensors need to be updated or policies need to be adjusted. We have a group of approximately five people who are security engineers, IT Services, and directors who use it.

What's my experience with pricing, setup cost, and licensing?

With respect to pricing, my suggestion to others is to evaluate the environment and purchase what you need.

Which other solutions did I evaluate?

We looked at different options, such as Carbon Black, as we were replacing Symantec as our EDR solution, and CrowdStrike was the top winner. CrowdStrike is always on, 24 hours. Analysis, with the prevention and the detection policies, as well as the USB policies, are all very beneficial. The one thing that CrowdStrike did not have is the on-demand scanner.

What other advice do I have?

My advice for anybody who is interested in implementing CrowdStrike Falcon is to review and evaluate your environment and compare their EDR solutions.

I would rate this solution a ten out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:
PeerSpot user
Buyer's Guide
Download our free Crowdstrike Falcon Endpoint Security and XDR Report and get advice and tips from experienced pros sharing their opinions.
Updated: February 2023
Buyer's Guide
Download our free Crowdstrike Falcon Endpoint Security and XDR Report and get advice and tips from experienced pros sharing their opinions.