CrowdStrike Falcon Reviews

CrowdStrike Falcon is used for endpoint protection for businesses. It's used for identifying threats.

Most of the entry-level security provisions are based on identification, but CrowdStrike Falcon is a market changer because it does not need any kind of signature to identify or update threats.

All organizations face the big challenge of maintaining and updating their security processes. They need to do the update, but then it doesn't go beyond 90%, so CrowdStrike Falcon moved away from the update requirement, so there won't be a need to upgrade for certain types of technology, or for new technology. Not needing to update means the job of maintaining the updates will be taken off the plate of the IT department, which could mean big relief for the customers.

CrowdStrike Falcon is able to identify threats based on processes, rather than looking at signatures and this is what I like about this solution.

I like that it's easy to use, as expected from any cloud solution. CrowdStrike Falcon is an intelligent solution. It's as good as the top solution in the market.

We haven't seen anybody complaining about CrowdStrike Falcon, and we haven't had any customer using this solution who had been attacked by ransomware, so this is proof of how good this solution is.

Setting up and installing CrowdStrike Falcon is not easy, so an area for improvement is for that process to be simplified.

We've been using CrowdStrike Falcon for two years.

I find CrowdStrike Falcon a stable solution.

Installing this solution was not easy. One challenge from the installation is that you always have to replace something, e.g. your Crowdstrike password, macros, etc., before you're able to complete the setup.

We are not carrying CrowdStrike Falcon Complete because it's a managed service, so customers have not really gotten to that level. What we're working with is CrowdStrike Falcon.

Deployment of this solution took us three to five days. We have 2,000 users of CrowdStrike Falcon, and we have 110 different locations across India and some other parts of the world. We have people who manage this solution, but it doesn't require much managing, because the only challenge is removing the old solution, then replacing it with the new one.

I'm recommending CrowdStrike Falcon to other people who are looking into using it, because it's a good solution.

I'm rating CrowdStrike Falcon an eight out of ten.

CrowdStrike is a malware protection solution that is deployed on a private cloud across all areas of our organization. We have deployed the solution to 10,000 users. Roles-based it's the security team. 

We recently upgraded to a new feature that is set to roll out. CrowdStrike is a requirement, it's our standard. If you have a new OS deployed or a new server deployed, this is a required component. It has been automated as we grow and as we add more systems.

CrowdStrike allows us to sleep better at night.

I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution.

This solution lacks basic functionality, such as being able to perform on-demand scanning. This presents a challenge when it comes to the payment card industry, PCI which has that as built-in requirements for the PCI DSS standard.

I would also like to see the endpoint firewall component produce some level of logging and feedback. 

I have been using CrowdStrike Falcon for three years.

CrowdStrike is very stable, we've had very few technical issues. The false positive rate is average. It has been very easy to manage and to determine where issues are.

This solution is very scalable. It is easy to roll out more agents and is fairly automated. We have it deployed in multiple environments such as hybrid versus cloud versus private. 

We have had very positive interactions with not only our manage service provider, but the vendor directly. They've offered good support when we've had some questions and concerns. Their documentation is fairly extensive.

We follow trends to make sure we have the best product for our organizations. The one we were using fell behind a bit. We wanted something that was completely cloud-based so that the infrastructure wasn't on-prem and we wouldn't be required to manage the upgrades of servers and applications. 

The initial setup was moderate. There is a lot to think about and a lot to plan out, however once that is done the actual deployment is straightforward. We used a tiered deployment, deploying the product in a learning mode or logging mode only. We also did a tiered deployment by division and then enabled features by division to make sure that if there was an impact, we could at least contain it to one area and revert back as quickly as possible.

We deployed with an integrator. They were very knowledgeable and knew what they were doing. They involved the vendor when required. We use half of an FTE to maintain the solution. We also have a managed service provided that also integrated the log files from this product into our SIM. We are pointing all the logs to a log reporting utility that allows us to react to alerts. 

Because we are information security, we come with a price tag, unfortunately. When we look at it as a whole, we are able to sleep at night, we have a good solution and it is protecting us from the zero-days and the latest malware. I don't know what you put the cost of breach prevention at.  We feel we are using a product that is at the top of the industry. We are doing as much as we can to protect our organization, so there is the return on investment that way.

We pay yearly for the solution. It makes it easier for budgeting purposes. We did incur additional costs when we implemented their firewall solution, calling it the endpoint firewall. 

We're constantly looking for other options the industry's top solutions and where the industry is going next. In cybersecurity, we ensure we are protected today but also make sure that we are thinking towards the future and analyzing other solutions to see if they are better, or potentially better in the future.

If you are looking at CrowdStrike, plan appropriately. Make sure you have planned it out and do your testing. We found that it was legacy-friendly. We have a lot of legacy applications and we were concerned about that. We ran into some minor issues but we did find that it was friendly, however, there were some newer applications that the product did not interact with as well as we expected. They were easy fixes, but you should do your due diligence so you run into fewer surprises.

I would rate CrowdStrike a 9 out of 10.

We primarily use the solution for our Windows and Macs.

The detection and response have been excellent overall. We've had no ransomware attacks. 

We found the initial setup to be straightforward. 

The solution is stable. 

Scalability hasn't been an issue for us.

The price is too high.

I've been using the solution for three years now. 

The stability has been fantastic. We have never had an outage. There are no bugs or glitches. The performance is great.

As we are a smaller organization, scalability hasn't been an issue. It's been very good so far. 

We have about 120 users and they include technical people, salespeople, project managers, and developers.

This solution is being widely used in our organization as it is mandatory. All of our users need to have it. 

The product works really well. We very rarely had to reach out to technical support. When we reached out to them, they've been pretty good.

We were in the old McAfee EPO and with all the ransomware and all that stuff hitting us, we found that McAfee wasn't really cutting it. That's why we switched.

The initial setup is simple. It's not overly complex or difficult. 

For us, the deployment took a couple of weeks and we were good to go.

You need very few staff members for deployment and maintenance. 

We did not use an integrator, consultant, or reseller to help us with the implementation. We were able to handle it ourselves.

There's not really an ROI. The ROI is that we haven't been hit by ransomware.

The product is quite expensive. It's higher than the competition in general in terms of cost. 

We pay a yearly licensing fee.

They also offer what they call the Falcon Complete, which was a complete managed service, which we chose not to go with. We measured it ourselves.

We looked at Carbon Black, Cybereason, and Microsoft Defender ATP. We chose CrowdStrike, as it's always easy to use. It was the most mature product as well. We liked what Gartner had to say about CrowdStrike.

We're a managed security services provider.

I can't speak to the exact version of the solution we're using at this time. 

I would advise users to just follow the advice of CrowdStrike. They have some very good manuals and YouTube videos and stuff of that. It's a complex piece of software, however, you need to work very well and make sure your implementation is correct.

I'd rate the solution at a ten out of ten.

CrowdStrike Falcon is leading the market in EDR. They are the first that to have this kind of solution against malware. They have an advantage in respect to the rest of the competitors. They offer a certain amount to protect in case of malware or cyber-attacks. They have a policy or insurance connected to the service. That's the reason why we choose CrowdStrike over other solutions.

The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment.

I am very happy with CrowdStrike Falcon because it does not use a lot of resources in the endpoint, it's a lightweight solution. It provides good protection and it is very effective. Additionally, it is easy to integrate, has great features, good capabilities, and the users have a positive experience.

I have been using CrowdStrike Falcon for approximately one year.

CrowdStrike Falcon is stable.

I have found CrowdStrike Falcon to be scalable.

I have not needed to use technical support.

The cost of CrowdStrike Falcon could be reduced. It is quite expensive if you compare it to other solutions, such as Blue Coat, Symantec, McAfee, or Kaspersky.

My advice to those wanting to use CrowdStrike Falcon is to try it out to see if it works well in their environment. I consider CrowdStrike Falcon is a very accurate solution. They are confident about the capabilities of their solutions because they offer money or payback if there is a high-impact cyber incident or cyberattack while using the solution.

They need to have special consideration about the different plans and budgets that they need to get the solution that they want.

I rate CrowdStrike Falcon a ten out of ten.

The initial use case was for CrowdStrike to be a replacement for McAfee. We wanted to come up with something that was a lot more adaptive to emerging world threats and not just strictly signature-based. We wanted something focused a lot more on heuristic analysis and pattern analysis first, e.g., isn't just sheer signature. Additional use cases are workstation servers and as much as we can do in our OT environment.

It has allowed our security team to have more time and resources built into things that are used to run the business versus needing to babysit our antivirus platform, or any malware platform. With what we have been paying for, it allows us to be a lot more involved with how the business is being run from a security, risk, and compliance standpoint.

We have signed up for Falcon Complete, which is their completely managed service. This has done nothing but paid dividends since we have rolled it out. Slightly before I started, there was a ransomware issue. CrowdStrike did exactly what it was supposed to when we joined networks with the company that we were acquiring. So, that was helpful to us.

To the best of our knowledge, it has stopped everything that we have seen. It has allowed us to focus our efforts on other things relevant to how the overall business functions.

It helps us in the M&A environment because it is a very simple, easy tool to deploy, being pretty much all cloud-based. While we're not building our security practice around it, it is a tool that we want to make sure does integrate well, if at all possible, with any new tool that we purchase moving forward.

It is especially important to us that CrowdStrike Falcon is a cloud-native solution. We have a directive for cloud-first architecture at this point. Anything that is cloud-native, or has a cloud offering, will always get first billing over something that is on-prem. We are a small security team. Having the ability to have a service or application that is not wholly managed by us, but rather governed and used by us, is the ideal solution.

The flexibility comes from allowing us to do a mass push, if we need to. We would find always-on protection with pretty much any solution. However, the fact that it is in the cloud, that just makes it that much better.

I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool. 

U.S. Venture has been using it since the first quarter of 2019. I, however, did not start with the organization until the Summer of 2020.

It has been very stable. There have been no real issues that we have had in the deployment or use of the CrowdStrike system in general. There has been zero downtime.

For our workstations, we don't worry about the updates. However, we have a tighter grip on updates for our server environment only because there was an issue at a point with one update. Since then, we would like to keep our deployments at an N-1. So, there is more of a check built-in just to make sure that the latest and greatest doesn't actually break anything unintentionally.

The CrowdStrike sensor is always kept at N-1 for our production servers. Our test servers are always up to date.

From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool.

We have all our desktop engineering group and server team as admins in the system, but they only use it for specific troubleshooting in their job roles. So, if the server team needs to do something, then they can just log in and do it as well as the desktop engineering group. They can just go in and do stuff, if it is something related to computers or servers. As far as for the overall management of the system, that is left to the security team.

It is currently being used to the extent that we need it. After CrowdStrike had their user conference last Fall, they introduced a lot of new tools, specifically one around forensic that we would like to get our hands on. However, there are no real plans for doing any major increases of its toolset. I do know that there is a project that will be going on for using its mobile application on some Android tablets, but it is still very much in its infancy. So, we are not quite sure how that will roll out yet.

I have never used their standard technical support. I do everything through their unofficial Reddit support forum. Also, if there are any other major technical issues, then I work directly with our TAM. So, I have never just reached out and created a general support case. Therefore, I cannot speak to how well they respond. However, their unofficial Reddit support has been fantastic with helping me work through troubleshooting issues and a couple of queries, where I was having issues trying to get the syntax correct. They have been nothing but helpful.

I believe they have their actual support engineers on Reddit, but there is no SLA nor anything guaranteed on that Reddit page. They claim that right there in the subreddit rule. However, I have had nothing but good luck working through them. It could take a few hours to one or two days to get a response, but it has always been for things that aren't pressing. For things that are pressing, then it is a direct call or email to our technical account manager who is very responsive.

They have a great online forum for customer use cases. That has been a great crowd sourcing thing. It is unofficial. I just stumbled across it, but the subreddit for their support has been spectacular for many reasons.

Previous to CrowdStrike, our organization was using McAfee VSE with McAfee ePolicy Orchestrator (ePO). Switching from McAfee to CrowdStrike, we saw a reduction in resources being used on both the workstations and servers. We saw an increase in detections, be that good or bad. We would like to think it was a good thing, because now it is finding a lot more stuff that wasn't strictly signature-based. So, it provided almost a very lightweight SIEM-type of response. It was providing information about installed applications, account lockouts, and top console users. It was a very nice bonus to have that information in addition to just the general overall anti-malware that CrowdStrike is known for.

CrowdStrike is so much easier to use. The UI is far more intuitive. The breakout of how the policies as well as the organizational structure within the UI for how the computers are laid out is far more intuitive. It feels a lot more based around how AD kind of functions. Because I am already familiar with Active Directory, the move to using that in CrowdStrike is very seamless, at least in my mind.

The agent is far more lightweight than our previous antivirus solution. It is a lot less resource intensive. We don't have any more on-prem servers to manage for running the application, which is another benefit to being in the cloud. There are just a couple of holes punched in the firewall for communication in and out.

A lot of the switch was focused around the fact that CrowdStrike was solely a cloud-native solution as well as heuristics versus signature.

It is very simple to deploy the solution’s sensor to our endpoints. Right now, it is part of our standard build process through a SCCM. So, it gets a version, then it is obviously outdated because our desktop engineering group can only update the image so quickly. Once it is checked into the cloud, it updates, decides to download, and gets the new seamless version. It has been wonderful to have and very helpful to us.

The initial setup was done in less than two months.

The implementation strategy was done how any other mass deployment is done. You take a small set of computers, put it on one, remove the old solution, and then run that group by itself, figuring out if there are any new or existing exemptions that needed to be in play. Once it is stable, it is rolled out to a larger group, the process is repeated, and then it is moved onto the servers.

Overall, four people worked on the deployment: It would have been my predecessor, my other coworker, and two server guys to do the server environments.

Our ROI has been high compared to what we had with McAfee. We spend about two hours a month for its care and feeding, which is really low maintenance. We previously spent two to three times that amount of time managing our McAfee environment.

Pricing and licensing seem to be in line with what they offer. We are a smaller organization, so pricing is important. Obviously, we would make a business case if it is something we really needed or felt that we needed. So, the pricing is in line with what we are getting from a product standpoint.

Since moving to CrowdStrike, we have not looked at other endpoint management solutions. In fact, when we look at a new tool, we want to make sure it will play well with CrowdStrike, be it a new SIEM or anything cloud-based. 

Make sure you know what the policies do. There are a lot of good and bad things that you can do with too strict or too loose of a policy governing workstations or servers.

We have evaluated the CrowdStrike Horizon module. We are not there yet. Our environment has not changed drastically since our last review of it. So, we have not felt the need to revisit it since then.

It is important to not solely rely on one product, especially one that has a good or bad name, such as McAfee. Because there was a lot of, "Oh no, we got an antivirus. We're fine." It helps to make sure you always have an in-depth defense strategy.

I would rate it a solid nine out of 10. 

We use it for our endpoint detection and response on our devices for both endpoints and servers. It has replaced our traditional antivirus. We are strictly using it now to do all our antivirus duties.

We are primarily a Windows environment, 95 percent Windows. Then, we have a little bit of Linux and Macs in there as well.

They have been able to help us. We have used other functions, such as Discover, to identify software that is running in our environment. This is not necessarily bad software, but it gives us an idea of what is out there to start building a standard configuration, which helps us build policies for what we do want in our environment and what we don't. That has been very valuable as well. It is kind of an offset of what they actually do; their main bread and butter, if you will. They have been very helpful with other tasks, such as that and in finding themes. 

We are pretty confident in CrowdStrike. Knock on wood, we haven't had any breaches that we know about. When you do see a large breach in the news, it seems like CrowdStrike is always mentioned. They are either helping investigate or leading the incident response (IR) process for them. While I can't really say it has specifically stopped a data breach for us, we are confident that if something happened then CrowdStrike would catch it.

We primarily use the Falcon feature. It is very dependable for us. We have done multiple tests against it and thrown everything we could at it. It does seem to pick up quite a bit, if not everything, that we have tested with it. So, we rely heavily on it. Right out-of-the-box, the main Falcon component is the biggest feature that we utilize and rely on.

We are a heavy laptop environment. So, it was nice to know that our users would be protected and we would know what was going on, on the endpoint, regardless of how they were connected. That has been very valuable. This is one of the reasons why we chose to go with this solution.

The fact that this is a cloud-native solution means that we don’t need to worry about updates. They take care of all the back-end and architecture. The only updates that we need to worry about are the sensors themselves. If you set them to auto update, like we do, then you don't even have to worry about that. It definitely frees us up to do more important things. If it wasn't for them doing this, we would need at least a part-time FTE, if not a full-time, to operate and manage CrowdStrike keeping it up-to-date as well as the hygiene. We had half of an FTE assigned to our antivirus prior to CrowdStrike. Now, that is just included in our dailies. It lessens that burden so much that we don't even need a slotted requirement for that. Overall, this solution saves us at least a good 10 hours a week that we would have been using before.

Their threat dashboards are very helpful. For instance, with this zero-day that just came out from Microsoft, they already have a dashboard where you can see the assets in your environment affected or at risk. That is just an added value. 

It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful.

We have been using it for four years.

Stability has been really good. We have not seen the issues that we had with traditional AV. Having it connected to the cloud has really helped with stability, being able to see what a computer is doing at all times, and being able to see the last check-in times, this has kind of helped with the sensors.

It is primarily just me for tweaking or management of the solution. I have backups, if needed, but it is such a light lift that I may spend an hour or two a week in the console. It really is a great product that takes care of itself. Not a lot of tweaking has been needed so far, knock on wood. We haven't really had to make any exclusions like we used to with traditional AV. Everything is running with CrowdStrike's full protection, which is a huge bonus for us, since traditionally you are pretty blind. 

The solution is very scalable and easy to deploy as well as sync up agents with it.

The end users are the security team, which consists of about four of us. Then, we have a couple of leads from other technical teams. So, there are probably eight users who have access to CrowdStrike. Primarily, there are just three of us who are in there constantly.

The technical support has been pretty good. They are usually very responsive. We haven't had to escalate anything. When we have needed a more technical, deep dive, we have been able to get a dedicated engineer for our account to assist us. So, there has never been a time where we feel like we can't get the help that we need.

We were previously using McAfee.

CrowdStrike seems to detect quite a bit more than McAfee did. We like how it is kind of real-time, if you will. It is not so much signature-based. So, it has been able to stop things quicker than McAfee did. We have seen a huge increase in performance on our systems. Oftentimes, the daily scans would need to be run with signature-based AV or scans with servers, then that would cause great performance hits. It kind of limited us as well to where we could only scan certain windows. Now that we have CrowdStrike, we are kind of always-on and not limited to having to do those scans. So, that has been a big performance increase for us.

It is a lot easier to use CrowdStrike than McAfee, especially having the team at CrowdStrike handle the maintenance day-to-day, etc. With on-prem, you are responsible for everything. Whereas, with CrowdStrike, we can just worry about our IR response, basic deployment, and health checks. So, it is very convenient having them handle it in the cloud.

CrowdStrike was cutting edge technology at the time. EDR was still kind of new then versus the traditional AV. Not only because of licensing costs, but also because of performance, we felt that we needed something new.

It is easy to deploy the solution’s sensor to our endpoints. We have that as part of our build process. When new things are built, we have those as part of the build. If for some reason, something gets corrupted, then it is fairly simple to redeploy and we utilize SCCM for that. However, it is pretty run of the mill, i.e., easy. With the updates being taken care of by CrowdStrike, once it is deployed, then you are pretty much good to go.

Our initial deployment took about a week. That was only due to working out how to adjust CrowdStrike in our environment: weed out false positives, mimic anything that we needed to from our traditional AV over to CrowdStrike, and test previous exclusions that we had for our traditional AV, if we needed those anymore in CyberArk. It was very easy to deploy with SCCM, then it was more just tweaking. 

We did a test in our test environment and saw no negative impacts. Although not advised by CrowdStrike, we were able to run our traditional AV while we were deploying CrowdStrike. Once we knew CrowdStrike was on the machine working, then we were able to send out scripts to remove the old, traditional AV. Our strategy: We knew that it would not, at least in our environment, hurt us to have both on temporarily. So, our deployment strategy was very simple, knowing that we had an AV in place to back us up if something didn't go right with the CrowdStrike install.

I did the deployment. If there were exclusions or something that we needed to address, then I worked with the individual teams.

The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment.

We did the free trial to kick the tires. Part of that head trial was having us load stuff and trying to get by it, and we weren't. That trial really helped sell us that it was a good product.

Getting the free trial was very easy. It has been years now, but it was as simple as just going to the website and requesting a free trial, then it was stood up maybe even that same day. It is hard to remember now, but it was very quick.

The pricing and licensing are fairly good. It is definitely not a cheap product, but I have felt that it is worth the money that we spent. So, we have discussed it in the past, and were like, "Yes, it is probably pricier than some other solutions, but we also feel they really are the leader. We are very comfortable with their level of expertise. So, it's kind of worth the price that we pay."

We do add their OverWatch protection, which is an extra bit of an add-on, but that gives us 24/7 SOC-type watching. So, we have added that on, which has been valuable as well. Outside of that, there have been no more additional costs.

We were looking for an EDR solution. At the time, CrowdStrike was the leader. We were very big into Gartner reviews, and we went off of Gartner. We just wanted the best that was out there.

Do it. It is a great product. I seriously think it is worth considering. We have been completely happy with the solution that we have been running on for years now and have never regretted our decision. I highly recommend it.

We plan on possibly looking into the added features that they offer to see if there is something there that can increase our incident response or add value to our business.

It is our primary EDR, so we are using it 100 percent for that and plan on using it for other avenues. We found Discover can help us with the inventory for applications. So, I am looking for other business opportunities there to help us, which will be our goal in the future.

It has given us some insight into how threat actors work. The biggest thing for us has been threat actor education. They give you intel which helps you identify what attackers you would more likely be targeted by. A lot of this comes with our OverWatch protection. Their threat intel has probably been the biggest thing for us.

Overall, I hate to give a perfect score, but it is probably a 10 out of 10. It is a really great product. 

We use CrowdStrike Falcon as our EDR solution, including antivirus.

As Symantec ended its endpoint protection, we were able to roll out CrowdStrike.

It is important to us that CrowdStrike is cloud-based because the way I understand it, that's their main engine for their next-gen EDR solution. The fact that it's cloud-native, flexible, and offers always-on protection is important because we want to have 24-hour monitoring of our environment. It is important to us that we don't have to worry about upgrades.

This product has worked flawlessly to prevent breaches, and then it has allowed us to prevent any downtime.

It has minimized our footprint because having the ability to implement the prevention policies has allowed us to focus on other projects. The prevention policies are working for us.

The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint.

We would like to be able to perform on-demand scanning, rather than relying on the scheduler. Right now, CrowdStrike does not have an on-demand scanner. They have the always-on, but we have found instances where artifacts are being blocked from running, but they're not being removed. With an on-demand scanner, we would have the ability to remove those artifacts from an end user's machine.

I would like to see the multi-site environment functionality added in the next release. Currently, we are working under a single-site environment, and on the roadmap, they mentioned having the ability to have a multi-site environment.

We have been using CrowdStrike Falcon for approximately eight months.

Stability-wise, they are very advanced in the next-gen antivirus game. CrowdStrike Falcon is always available.

We have approximately 5,000 machines that are being managed. As time moves on, this number will grow, but we don't expect it to get larger in the near future.

I would rate the technical support that we received during the deployment, as well as post-deployment, very well. They were very knowledgeable and gave us all of the tools we needed to have a successful deployment.

Prior to Falcon, we were using Symantec antivirus. It was out of date, which is why we replaced it.

It is very easy to deploy the solution's sensor to our endpoints. We use an automated process. 

Our deployment took between two and three months, with paperwork, communication, and roll-out timeframes. Our implementation strategy included using IBM's BigFix application to push to Windows machines, and then we used a solution for the Mac to push it out remotely as well.

Our IT Services team deployed this solution, and they leveraged consultants from CrowdStirke to get the proper packages for the process.

I'm sure that there is administration and upgrades to do, as sensors need to be updated or policies need to be adjusted. We have a group of approximately five people who are security engineers, IT Services, and directors who use it.

With respect to pricing, my suggestion to others is to evaluate the environment and purchase what you need.

We looked at different options, such as Carbon Black, as we were replacing Symantec as our EDR solution, and CrowdStrike was the top winner. CrowdStrike is always on, 24 hours. Analysis, with the prevention and the detection policies, as well as the USB policies, are all very beneficial. The one thing that CrowdStrike did not have is the on-demand scanner.

My advice for anybody who is interested in implementing CrowdStrike Falcon is to review and evaluate your environment and compare their EDR solutions.

I would rate this solution a ten out of ten.

We have various use cases. We are protecting servers and endpoints that are utilizing this product to focus on advanced, persistent threats, with the goal of reducing the overhead on the endpoint for early detection.

Right now, we have not put enforcement, and we're moving to the next level of detection.

Using this solution has reduced my need for imaging. We can mitigate the issue and address it immediately, for people both on and off of the network.

The most valuable feature is that we don't need to re-image machines as much as we had to.

They need to strengthen the forensic capabilities of this product, for e-discovery.

We started testing and deploying CrowdStrike Falcon about a year and a half ago, in the early part of 2019.

In terms of stability, it's a great tool.

At this time, we have between 5,000 and 6,000 endpoints.

We have been in touch with CrowdStrike technical support and they have been very supportive.

Prior to CrowdSrike, we used a signature-based solution from Symantec.

The initial setup was very straightforward and very easy. We've been bringing stuff into the SWOT platform and getting that data. It has been pretty good.

The implementation was done in-house. We had, in part, help from a strategic partner, EY.

CrowdStrike is what we did for the time and for the moment. It is number two when you look at the magic quadrant, and we have implemented that for the time being. When we selected it, that was right for us to get away from a Symantec signature-based environment for endpoint detection response.

We have moved over to CrowdStrike for now. When you look at the quadrant, the number one is Microsoft. With Defender built into the operating system, there is less overhead on the endpoint. We will eventually, most likely, migrate to that.

I have experience with Cylance, as well. They gave that the advanced persistent threat leader title, at one point in the market. I implemented that for one client and now, being in this CISO role, I went with CrowdStrike over Cyberreason and Cylance/Blackberry. The main reason for CrowdStrike is the Falcon technologies and what they do with their strategy.

We're moving to Office 365, and it will make sense for me to adopt Microsoft Defender because it's integrated into the platform. One of the differences between Defender versus CrowdStrike or any other of them is that they have to sit outside. Microsoft Defender can go deep down into the kernel, and that's a good thing for the endpoint. You can do a lot and detect a lot, which makes it far safer against advanced persistent threats.

Overall, this product has been pretty good and I recommend it.

I would rate this solution a nine out of ten.