CrowdStrike Falcon Reviews

We are using this solution for advanced threat protection, over and above any antivirus for approximately 1200 end-users, or endpoints. It is able to identify any anomalies and alert on that using the AI engine. That way, there's a small security team to make them more effective, to be able to get an alert, go in and look at what's going on. 

Since I have been here, I have been keying into when people fall for phishing attacks and they either get blocked going to a website or their credentials get compromised, and somebody logs in to their Office 365 account. We were able to forensically identify that in two of the cases. Most recently, since I've been here looking at the more active response, to be able to identify and act a little bit more quickly.

I was able to look through some rapid analysis when bad things happen. More so than having to get, especially in the distributed world of post-COVID, being able to have a central place to be able to see what's going on, on the landscape of endpoints at any given time.

The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system. What does it usually do, and is it doing anything differently?

The UI is great, and the performance was great. The way it gathers and presents the information was very good and it integrates well with things with a central log aggregator, such as Splunk. You can do more big data analytics that includes security. It seems to be fully featured in all of those areas.

I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it. It's got a pretty good engine to do that on its own but it's one of the things that are important to us, so I'm just trying to increase the time-to-issue identification.

By comparison to buying into the Microsoft suite, it was definitely less costly. CrowdStrike can be costly.

I have had this solution for approximately three years.

It seems stable. The performance is good.

It's a scalable solution. They are running 1400 endpoints on it right now, and it seems to be fine.

There is only one person working at it right now and they are the security engineer/operator.

If you look at how they spend their day, a tool like that does a lot with a little and can make a one man band pretty effective or much more effective. It makes the response to an issue right when it happens way more possible with such small security. 

We haven't used technical support.

The initial setup was already completed before I started with this company.

When comparing to Microsoft, CrowdStrike Falcon is more expensive.

I'm going by the client and some of the things that are driving their decisions. 

It's typical when Microsoft throws things in and it seems really cheap, even though you're spending a million and a half dollars with them. You may as well increase the value of that million and a half.

My guess is that CrowdStrike is going to maintain parity or stay ahead of Microsoft.

As I came into this organization, they were moving away from CrowdStrike. 

They upgraded their license to E5 with the security bundle from Microsoft. The goal is to start to move things. 

They are paying twice for things right now, but that will be expiring. CrowdStrike comes up for renewal next year, and they want to be off of it by then.

I haven't gone into critiquing it. Since they've already made the decision and made the investment to go to defender ATP. I'm more concerned with, are we losing anything? Do we have parity when we go from one platform to another? And if any gaps emerge, what needs to be filled?

When we did go into it and walked through it with one of the security engineers, it was snappy, and it had a nice UI. 

I had never been inside the product. I think I got a demo years ago in my CSO role, but I had never delved into a practical use case. The practical use case looked pretty cool.

For anyone who is interested in implementing this solution, I would say don't look for the cost compared to smaller applications. Look at what you're trying to do, and what you're trying to accomplish. The typical first cardinal sin of IT is buying a product and then figuring out how to use it as opposed to having a set of requirements, placing a value on that set of requirements, and then pursuing a solution that covers them the best. 

I think they probably said we've got a gap here because something bad happened to my CrowdStrike. It's an industry leader. Three years after the issue that they were treating was over, and the pain was gone, suddenly, it seems really expensive. That is an IT 101 mistake that I've found in organizations, where it's a means to an end and then it turns this to just an eyesore on the balance sheet.

I would rate this solution an eight out of ten.

The primary use case of this solution is as endpoint detection and response.

At this point what is most valuable is the interface, which is easy to navigate.

In the six months that I have been using CrowdStrike, it has not been able to detect anything. We have been using Trend Micro and it has detected some malicious activities.

We have CrowdStrike conduct some inner forensic investigations in hopes that it will be more advanced and detect things that may have been missed by Trend Micro.

It would be helpful to have some prebuilt search queries based on the top ten queries in the industry for detection.

I have been using CrowdStrike for six months.

It's a SaaS-based solution that maintains itself. It updates automatically so that we are always using the latest version.

It is not like an on-premises solution where you maintain and upgrade the version to get the newest release. It's a cloud service that is maintained by the vendor.

From my understanding, CrowdStrike is scalable as it's a cloud solution. 

This is not an area that we have fully explored as we have less than 20 end-points.

There has not been any contact with technical support or community support. I have been able to do what I needed through the documentation provided.

We are currently using CrowdStrike, and also running another AV because CrowdStike is not detecting any malicious activities and the other AV is. We are giving it some more time to see if anything happens.

We decided to start using CrowdStrike for our external facing servers because it is the market leader in EDRs. While Trend Micro has an EDR, they call it XPR it is still new to the market.

The initial setup is straightforward, it is easy to install and only took a few minutes.

We have deployed it on our external facing servers.

The pricing could be reduced. If it was more reasonable that would be great.

I would rate this solution a seven out of ten.

CrowdStrike is an anti-virus solution, and we use it to protect our users from malware.

This solution has made the lives of the IT staff much easier, compared to the previous one. This is the lightest client available that is compatible with different versions of the OS.

The most valuable feature is that our systems are monitored and we are alerted to any unusual behavior.

I would like to see the machine learning feature enhanced.

So far, the solution has been stable. It did not clash with any other product that we have. Also, it is very light, and the users do not have the impression that anything is slowing down their system.

This is simply a client that you have to roll out, so it is fully scalable.

All of the people in our company use this solution.

Technical support for this solution is good.

We did use another solution previously, but technologies keep changing. We found that CrowdStrike meets our requirements.

Our implementation was straightforward, and it was completed within one week.

The first step was to uninstall the old anti-virus solution, and then the CrowdStrike protection was enabled. There was a brief period where both of the solutions were running at the same time.

The implementation was handled by the consultants from CrowdStrike. Everything was done by their staff, from their end and according to their recommendation. The consultants and their service were excellent.

This solution has a very competitive price.

We evaluated solutions by TrendMicro, Kaspersky, Carbon Black, and SentinelOne.

My advice for anybody implementing this solution is to understand the requirements. Look at their vision, and understand how the technology is changing in the market in order to meet the threat of cyber attack. They need to follow the latest standards.

I would rate this solution a ten out of ten.

We are currently using this solution as an ERD tool to control and remediate threat from the endpoint remotely, it serves as a next-gen antivirus solution. It can also be used in a forensic investigation, threat hunting, trend analysis, malware analysis, etc.

• CrowdStrike is a SaaS-based solution which means it can be operated from anywhere, which gives the admins access to control the endpoints from multiple endpoints.
• It has a very low footprint, using 1-2 % CPU and around 40 Mb of RAM, and the agent size is small and easy to deploy as well.
• It has segregation of roles at various levels for the analysts, admins, SMEs, etc.

• It can connect to host and isolate it from the network if needed; this feature helps us to investigate the endpoint without visiting the endpoint and then testing. 
• It saves time and helps to contain the threat in less time.
• complete visibility into the endpoint 

The current version of Falcon does not support DLP which is a may be a good to have in a EDR Solution. It must be included in the future version if possible. There must be a on-premise versions. MDM is also coming soon must also have ability to be controled from same dashboard.

The solution is pretty stable, and it does pretty accurate work. I have never encountered any issue in this dept.

The solution is scalable to multiple thousands of systems at once. There is no restriction for that.

The support portal of CrowdStrike is active and helpful if needed.

We compared multiple solutions in EDR and out of them, CrowdStrike gave the most features and value for money.

It is pretty straightforward and without any complex mechanism.

We as a team implemented the solution on our own, with the help of the manual and help desk.

It helps to manage a lot of threats with pretty less manpower and in a graceful way.

The setup of CrowdStrike is very simple. It supports all three platforms (Windows, MacOS, Linux), and it has support for the specific version of the above OS. Which means sometimes, a particular OS won't be compatible with the CrowdStrike version.

Before choosing the solution, we evaluated various products from the Gartner magic quadrant for endpoint protection platforms (EDR and MDR).

It comes with various modules, so you can choose the module that you need on the basis of the costing it comes with. This is definitely not cheap; it comes with a cost which may depend on the organization if they need it.

The primary use case is detection and forensics.

The product is cloud-based, so we use the latest build which is available.

We are now able to find the root cause analysis on any threat. We can figure out where the issue came in versus just dealing with where it is at the moment.

The most valuable feature is its forensics capability.

It probably needs more integration with firewall vendors. 

It needs integration with other technologies. It doesn't play well with anything else. It is more of a standalone solution. Therefore, integration with other technologies would be great.

It is extremely stable. It has been around for many years. We have been a customer for almost five years.

It has met every scale need that we have come across.

The technical support is excellent. Though, as the company has grown, the technical support has felt less personal.

Our previous detection software, Webroot, was letting too much stuff through.

The initial setup is very straightforward. It just required an agent being installed. After that, it was self-managing.

We did the deployment directly with the vendor.

The solution has helped to increase staff productivity by probably 25 percent.

We are at about $60,000 per year.

We also looked at Cylance and SentinelOne. We went with CrowdStrike based on our own experimentation with it. We threw our own vulnerabilities at it, and it performed the best.

It does everything that it claims, making our life significantly easier. Definitely consider CrowdStrike. It will probably save you from a lot of threats that other products wouldn't catch.

Our security program is relatively immature, but this product has definitely been one of the keystones of our program.

Our primary use case is as an endpoint protection service. 

We get a notification when there are some malicious activities on our PC whenever we have a detection. The other administrator and I can log in to check the exact details of what happened, what was running, and what caused the detection. We know exactly what was happening on the end user's PC and we can tell if it's something that we actually need or something that's malicious.

When something is detected you can log into the GUI and you can get very specific details about what happened. It's very helpful for investigating incidents and this sort of thing.

The GUI can use improvement, it's cloud-based so sometimes the interface can be a bit slow. The interface could use a little bit more speed. 

When I change the policies for some users, I would like to have an option to apply that policy immediately. Right now, I have to wait for the users to connect to the cloud to take the new policy. I would like for them to develop the ability to have an option to apply the post the policy immediately.

It's very stable, we haven't had any issues so far.

We haven't had any issues when it comes to scalability. We have thirty to forty users.

We haven't had to use their technical support. 

The initial setup was very straightforward. You just download the agent and install it; that's it. The deployment took two to three hours. We have two admins. One of us logs in and sees what happened.

I would advise someone considering this solution to just read the documentation. You should start with the documentation, it's very clear and very simple. Anything you need is in the documentation.

I would rate it a nine out of ten. 

We use it for threat management.

We are now able to pick up more alerts than we were with McAfee. A lot of things were being missed by our security team using McAfee. 

We are happier with CloudStrike's ease of use and touch notification than McAfee's.

I noticed that the performance hits on our operating systems are a more minimal than they were on McAfee.

We have had to open a case with the technical support to get some issues and bugs resolved, but they were resolved relatively quickly.

The scalability has been good so far. We have been using it on-premise and on the cloud. We can move it to a different cloud platform, because it is cloud agnostic.

We just moved over from McAfee to CrowdStrike, which detected a lot of things that McAfee did not. We detected a malicious code on our on-premise system, even though we are migrating our application to the cloud. It was able to detect it right away to send us what the code had tried change and execute. 

Our company decided to make the switch between the two products, and I have seen the value-add since then.

It was pretty easy to set up. We baked it into our subscripts during the start-up process.

Its integration has been pretty seamless.

I would anyone to look at this product based on our company's experience so far.

We have both the on-premise and AWS versions of the product.

It's security-related product. A security environment based on AIML. It is not like the older stuff, which used to have signature-based updates.

It has helped us with security and managing threats that we see currently in our environment.

Because it is security product and acts like an AIML smart product, not merely based on daily/weekly updates and signatures.

Unfortunately, native applications are not supported.

It manages around a few thousand endpoints and servers in our environment, and it is doing well so far.

There are no issues in terms of scalability. 

We can call the tech support, if needed. Then, they have a dedicated rep for us.

It went well. We just installed an app on all the endpoints or devices. They have a good console which helps do this. So, it is as simple as that.

We are using this for endpoint security, so it doesn't need to integrate with anything else.

We evaluated three to four other vendors.

During the PoC, we figured out that this product is far better, and it met our requirements. That is why we went for CrowdStrike. With our PoC, they did a good job in explaining the product. So, the PoC went well, and we were able to achieve what we intended to with it.

Do a thorough PoC. Don't go ever go by the sales team unless you have tested it and know it works for your environment, because every environment is unique. The sales guy will promise you the moon. Only unless you have tested, you know it delivers.

The product has met its purpose for us.

We use both the on-premise and AWS versions. They are both good products and very simple to move, install, and configure.