CrowdStrike Falcon Reviews

Primary use is for endpoint investigations.

It allows us to determine root cause, do the analysis, a lot quicker.

Visibility into the endpoint rate. Understanding what processes are running on the system, what registry keys have been enabled. Pretty much understanding the whole frantic side of the endpoint.

It would be nice if we could extrapolate indicators of compromise and write them within sandboxes.

It's fairly stable. We haven't been having too many issues with that.

It scales quite well because it's cloud-based and subscription-based. It can scale pretty quickly.

I would say technical support is fairly good. They understand the technology quite well so they are able to support us a lot better.

The most important criteria when selecting a vendor come down to the capability of the technology, the cost, the support, how it fits into our overall architecture strategy, and the stability of the company. For instance, if it's a small company and they go under, you might as well have not invested in it.

I would rate this solution an eight out of 10 because it has all the features that we need. It's within our budget, and it fits into our overall architecture strategy. There are a few features that could be added, as mentioned.

I would recommend this technology.

CrowdStrike Falcon is an EDR and we use it to protect our developers. They have a lot of risks that come from cloud services, such as AWS.

Without CrowdStrike, our environment is risky for the developers. As it is now, we have not had any security issues for two years.

The CrowdStrike Falcon dashboard is good, and we haven't had any problems with it.

CrowdStrike should add support for ransomware protection.

Additional antivirus functionality should be included. However, this is not a big problem.

I have been working with CrowdStrike Falcon for approximately two years.

We have not faced any problems with the product.

We have support from the CrowdStrike team in Japan and we haven't had any problems with them.

We have installed CrowdStrike on both Mac and Windows PCs, and we haven't had any problem.

Our engineer was responsible for the installation.

I would rate this solution an eight out of ten.

We use CrowdStrike Falcon to secure the endpoints and servers that we have on-premise.

The detection is very reliable. Also, OverWatch is a great feature.

The reporting part is basic. It's not that intuitive and you cannot go further backward in terms of historical information.

The Integration with tools, SOC tools, could be better. 

I have been using CrowdStrike Falcon for two years, more or less.

The stability is good, it's compatible with most of our platform. The agent upgrade could be better, but it's more or less aligned with the platforms. We also use Mac OS on some endpoints. Mac is not always the reflection of the agent that is the latest.

We haven't experienced any issues relating to scalability.

Their customer support is good. I've always gotten the answers that I needed timely and with the content I needed.

The initial setup was a bit complex, but that was due to our environment. In the beginning, we used the outdated VDI infrastructure of Citrix, but we have since evolved along the way and now it's straightforward; however, in the beginning, it was a bit difficult to get the CDI working properly, deploying the agents. 

Deployment time varies, but for most endpoints, it only takes a few minutes.

The price is too high. When we are reaching a new renewal, management always asks what's going on in the market.

For the purpose of starting, yes, it's a very good solution, but you need to take two things into consideration: proper alignment with the infrastructure and the price. The price negatively affects the adoption of this solution.

On a scale from one to ten, I would give this solution a rating of eight — because of the price and reporting.

We are currently using this solution as a replacement for our antivirus solution. It also helps us in terms of forensic investigation, malware analysis, endpoint detection and response. 

First, it is a production from known and unknown interests. Second, it has an extremely low footprint, so it has minimal impact on the user endpoints in terms of CPU and memory usage. The tamper protection of the CrowdStrike agent is extremely good even if the user is having admin rights and he tries to disable these CrowdStrike services. The CrowdStrike service will respawn itself. It is practically impossible to tamper with these services. If I managed to craft some malware that would shut down the services, CrowdStrike will respond itself, and it will still to protect my endpoint.

In addition, it reduces the overall containment timing, and quickly isolates the endpoints to quickly mediate the issues. 

The EDR feature of CrowdStrike is fantastic. Also, in comparison to other solutions, it can connect remotely, so our security analysts can get into the system directly and do manual analysis as well. 

I also like the overall reports. They are crisp and to the point.

There are a couple of issues with the compatibility to some of the operating systems. But, I see that there are a lot of things in the pipeline. They have a roadmap, and continuously are improving. Within the last three months I have seen lot of new features in the overall CrowdStrike suite.

A couple of things were on the cosmetic part. CrowdStrike needed some improvements on the report functionalities, specifically the dashboard functionalities. Technically there a lot of things also coming from a visual perspective. There are a couple of things they still need to work out like the dashboards. The dashboard does not have the facility to export the reports in a PDF format, which I can quickly share with internal stakeholders. These are minor things, but they are in the pipeline.

The product is quite stable. 

It is very scalable. It can be used for 10,000 endpoint users. So, it is very scalable in terms of volume.

Tech support is helpful, but they need a little bit of improvement. The response time is good. This was not a "show-stopper" for us.

Initial setup was pretty straightforward. It has cloud-based hosting, so you can just get your installation agent, install it, authenticate the agent with your cloud instance and start managing the agent.

CrowdStrike has helped us in terms of manpower and cost savings. I work with a team of less than 10 people, and I have worked in other organizations where I used to handle more than 20 to 25 people for the same things.

The pricing will depend upon your volume of usage.

I have prior experience with Cylance and Dell Data Security Agent powered by Cylnace, which I would not say is a complete EDR. I also have prior work knowledge of SECDO, which has been acquired by Palo Alto.

It is a complete cloud-based solution, so they will have to factor in the compliance requirements as well. Not everyone is comfortable sending the data to the cloud, especially considering the privacy requirements. CrowdStrike needs to think of local and regulatory requirements. But, one thing is for sure, CrowdStrike will not take your personal data to the cloud, it only takes your metadata from the endpoint. But, if the company's having some stringency regulations, it will definitely be harder for them to keep the data in the cloud.

I am using CrowdStrike Falcon for network protection. We have government customers.

I have found the connection to search the hosts for detections very useful in CrowdStrike Falcon.

The solution could improve by providing more types of reports because it's in the detection span you cannot re-export anything. If it could be exported to a CSV file directly there it would help a lot. I currently need to do this by API to get what I need.

In the next release, it would be beneficial to have a DLP or CASB solution.

I have been using CrowdStrike Falcon for approximately one year.

The stability of CrowdStrike Falcon is very good. We have never had an issue.

CrowdStrike Falcon is scalable. We were able to deploy it in a 5,000 hosts environment it is easy to scale.

We plan to increase usage in the future. We are always looking for new clients.

The technical support is very good, it is perfect.

The setup is simple, it took approximately one week.

We deploy the solution with two people.

We are on an annual subscription for the solution. There are not any additional costs.

My advice for others is to purchase the solution it is simple to use and effective.

I rate CrowdStrike Falcon a ten out of ten.

We primarily use this solution for AV, next-gen AV, EDR or XDR.

I find most of the features to be very generic.

The solution is very good but tighter integration around XDR could be included. There are a lot of open integrations, but they are external factors that cause dependencies on the integrator, not really on CrowdStrike, so it's a bit of a challenge as there is no comprehensive solution. Additionally, the solution is dependent on Windows technical support.

We have been using CrowdStrike Falcon for approximately three years.

The solution is stable.

The solution is scalable, but price and support are a bit of a challenge.

We previously used different solutions, and the primary differentiating factor was marketing.

The initial setup was straightforward.

The price is high in comparison to similar brands.

I rate the solution a seven out of ten. I advise new users first to understand their use case, its vulnerability and its importance.

We are currently using this solution as an ERD tool to control and remediate threat from the endpoint remotely, it serves as a next-gen antivirus solution. It can also be used in a forensic investigation, threat hunting, trend analysis, malware analysis, etc.

• CrowdStrike is a SaaS-based solution which means it can be operated from anywhere, which gives the admins access to control the endpoints from multiple endpoints.
• It has a very low footprint, using 1-2 % CPU and around 40 Mb of RAM, and the agent size is small and easy to deploy as well.
• It has segregation of roles at various levels for the analysts, admins, SMEs, etc.

• It can connect to host and isolate it from the network if needed; this feature helps us to investigate the endpoint without visiting the endpoint and then testing. 
• It saves time and helps to contain the threat in less time.
• complete visibility into the endpoint 

The current version of Falcon does not support DLP which is a may be a good to have in a EDR Solution. It must be included in the future version if possible. There must be a on-premise versions. MDM is also coming soon must also have ability to be controled from same dashboard.

The solution is pretty stable, and it does pretty accurate work. I have never encountered any issue in this dept.

The solution is scalable to multiple thousands of systems at once. There is no restriction for that.

The support portal of CrowdStrike is active and helpful if needed.

We compared multiple solutions in EDR and out of them, CrowdStrike gave the most features and value for money.

It is pretty straightforward and without any complex mechanism.

We as a team implemented the solution on our own, with the help of the manual and help desk.

It helps to manage a lot of threats with pretty less manpower and in a graceful way.

The setup of CrowdStrike is very simple. It supports all three platforms (Windows, MacOS, Linux), and it has support for the specific version of the above OS. Which means sometimes, a particular OS won't be compatible with the CrowdStrike version.

Before choosing the solution, we evaluated various products from the Gartner magic quadrant for endpoint protection platforms (EDR and MDR).

It comes with various modules, so you can choose the module that you need on the basis of the costing it comes with. This is definitely not cheap; it comes with a cost which may depend on the organization if they need it.

The primary use case of this solution is as endpoint detection and response.

At this point what is most valuable is the interface, which is easy to navigate.

In the six months that I have been using CrowdStrike, it has not been able to detect anything. We have been using Trend Micro and it has detected some malicious activities.

We have CrowdStrike conduct some inner forensic investigations in hopes that it will be more advanced and detect things that may have been missed by Trend Micro.

It would be helpful to have some prebuilt search queries based on the top ten queries in the industry for detection.

I have been using CrowdStrike for six months.

It's a SaaS-based solution that maintains itself. It updates automatically so that we are always using the latest version.

It is not like an on-premises solution where you maintain and upgrade the version to get the newest release. It's a cloud service that is maintained by the vendor.

From my understanding, CrowdStrike is scalable as it's a cloud solution. 

This is not an area that we have fully explored as we have less than 20 end-points.

There has not been any contact with technical support or community support. I have been able to do what I needed through the documentation provided.

We are currently using CrowdStrike, and also running another AV because CrowdStike is not detecting any malicious activities and the other AV is. We are giving it some more time to see if anything happens.

We decided to start using CrowdStrike for our external facing servers because it is the market leader in EDRs. While Trend Micro has an EDR, they call it XPR it is still new to the market.

The initial setup is straightforward, it is easy to install and only took a few minutes.

We have deployed it on our external facing servers.

The pricing could be reduced. If it was more reasonable that would be great.

I would rate this solution a seven out of ten.