CrowdStrike Falcon Logo

CrowdStrike Falcon pros and cons

Vendor: CrowdStrike
4.4 out of 5
Badge Ranked 1
4,379 followers
Post review

Pros & Cons summary

Prominent pros & cons

PROS

The behavior analysis engine of CrowdStrike Falcon is highly valued.
The solution's ability to provide real-time response and connect to agents to monitor processes is crucial.
The product is lightweight with zero performance issues, scalability, and no need for signature files.
Customers appreciate the easy deployment and integration capabilities with other tools.
The solution's detection capabilities, threat intelligence, and anomaly detection are top features.

CONS

- Lack of logging and feedback from the endpoint firewall component
- Subpar technical support
- High cost depending on selected features
- Complex installation process
- Insufficient ransomware protection
- Limited logs availability through the API
- Issues with technical support resolution and time management
- Absence of manual scanning or serverless scanning
- Inability to make changes to the solution by admins
- Extensive skillset required to maximize tool value
- Expensive compared to competitors
- Limited threat analysis capabilities
- Need for more integrations and support for legacy servers
- Inadequate mobile functionality and optimization
- Inaccurate performance and malware analysis
- Preferences for alternative services
- Lack of visibility in reporting and forensic details
- Desire for customizable query languages and support across all versions
- Weak technical support responses and lack of problem resolution
- Limited non-domain machine sensing capabilities
- Difficulty in searching and using the interface
- Integration limitations in Falcon XDR
- Need for improved EDR functionality
- Lack of native text alerts in the console
- Lack of communication and guidance regarding GUI changes
- Issues with the dashboard and malware detection report
- Desire for device posture assessment feature
- Unfavorable pricing and reliance on internet connection
- Inadequate visibility and integration with XDR
- Incomplete scanning audits or device/application control
- Unnecessary white glove service and false claims
- Need for improved forensic controls and more integrative features
- Challenges with host management and OS support
- Clunky portal navigation and dashboard area
- Management of multiple customer IDs needs improvement
- Room for enhancement in detection time and integration capabilities
- Improvements needed in content-filtering features
- Challenges with the database schema and pricing
- Slower weekend response times
- Insufficient detailed logging functionality
- Further expansion of XDR compatibility
- Technical support would benefit from increased expertise
- Occasional false positives
 

CrowdStrike Falcon Pros review quotes

JA
Mar 11, 2021
I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good.
EH
Mar 23, 2021
As long as the machine is connected to the Internet, and CrowdStrike is running, then it will be on and we will have visibility; no VPNing in or making some type of network connection. CrowdStrike always there and running in the background; for us, that is big. We wanted something that could give us data as long as the machines connected to the Internet and be almost invisible to the employees.
JM
Mar 10, 2021
The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment.
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
772,277 professionals have used our research since 2012.
MG
Mar 4, 2021
Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that.
NC
Mar 17, 2021
From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool.
MK
Jul 12, 2020
The UI is simple and self-explanatory. Everything is easy to understand.
AT
Mar 25, 2021
The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate.
AS
Mar 25, 2021
It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably.
MK
Aug 2, 2020
There's almost no maintenance required. It's very low if there's any at all.
SH
Mar 14, 2021
The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed.
 

CrowdStrike Falcon Cons review quotes

JA
Mar 11, 2021
I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup.
EH
Mar 23, 2021
I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization.
JM
Mar 10, 2021
It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful.
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
772,277 professionals have used our research since 2012.
MG
Mar 4, 2021
A year and a half ago or more, if you put in a support request by email, then it wasn't timely addressed. It could be a day to three days before you received a response, which was a bit frustrating. There was a lot of customer feedback around this issue, which has been greatly refined.
NC
Mar 17, 2021
I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool.
MK
Jul 12, 2020
Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about
AT
Mar 25, 2021
If we have a dashboard capability to uninstall agents, I think that would be great.
AS
Mar 25, 2021
There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it.
MK
Aug 2, 2020
The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ.
SH
Mar 14, 2021
The console is a little cluttered and at times, finding what you're looking for is not intuitive.