CrowdStrike Falcon Reviews

I am currently using CrowdStrike Falcon as an EDR, which is integrated with SIEM. We also work in a real-time environment with the product. As a Falconist, I perform investigation actions on it. There are three different kinds of alerts I deal with: one based purely on IOCs, another process-oriented IOA, and those based on machine learning alerts. This is what I work on, and it is actually a good tool. It has multiple features, including real-time connection to the RTR environment, allowing direct remote host connection through CrowdStrike. I have multiple options like host search and event search, enabling me to do everything I need. It's a comprehensive package. It's a challenging tool to explore, but once accustomed to it, it is quite excellent.

Obviously, when checking in the SIEM, not all logs are available. In CrowdStrike, unlike SIEM, actions are clearly defined. For example, a regular AV like Symantec might indicate a file was quarantined or failed to quarantine, but in CrowdStrike, I can verify the action. As an incident response analyst, I can use CrowdStrike to perform actions like directly wiping a file from a host if given access. I can investigate by accessing the customer's host based on the RTR environment and utilize host search to know details for the past seven days, including logins, processes, file installations, malicious processes, and network connections. Event search also allows for detailed investigations, showing accessed files and remote installations.

In CrowdStrike, with the variety of security tools available, learning the different query languages can be challenging. I use KQL queries with Sentinel and AQL with QRadar, and CrowdStrike's query language is different as well. This requires constant learning for security analysts. Simplifying the querying process, such as using double quote queries or directly obtaining logs based on IP addresses or usernames, would be beneficial. The event search tab in CrowdStrike is complex, though the host search is more straightforward and gets details from the past week. The querying system, similar to Splunk, could be made more user-friendly.

I have been using it for the past two years.

The stability is always great. I have never seen instability in the CrowdStrike tool.

When it comes to scalability, it is entirely based on premium models according to demand. Our log retention is low, but paying more increases it. Scalability is moderate, based on the charges paid to the CrowdStrike product service team. Offering good services, like better log retention at a lower price, would be excellent.

The CrowdStrike team is very efficient; I would rate them ten out of ten. They respond quickly when it comes to providing services.

I have worked on Symantec ATP, advanced threat protection, but it is a legacy product. Many companies have moved away from Symantec, and they use legacy antivirus solutions. The integration with Symantec ATP was tough, and event or host searches were based entirely on raw logs.

The current setup is easy, but it could be more natural and make drill-down searches simpler. With advancements in AI, integration could streamline responses further, but there is still room for making the process easier.

The integration task should be done by engineers. I'm interested in the process and have learned something about integration, but we have not fully explored all integration aspects.

CrowdStrike is a great solution. It's a hands-on tool. I have not seen other EDRs like it. Compared to Carbon Black, which is much more difficult with a different UI, CrowdStrike allows direct, detailed investigation with a PID generated for each process. It offers unique abilities not seen in other EDRs. Overall product rating: nine out of ten.

Public Cloud

Our organization still uses Infoblox, and my role is a little bit different now. I am conducting the POC of new solutions, which we have to deploy in our infrastructure. I evaluate the new products, and then if we purchase them, we deploy them.

EDR is effective in CrowdStrike. Real-time response (RTR) is a feature of EDR. CrowdStrike provides a lot of visibility in their tool. CrowdStrike is from the EDR point of view. It is a good tool, and we have rolled it out in our infrastructure.

The KDR solution is immature. They do not have much preemption in ITDR. Threat prevention should be their first priority, and false positive reductions are needed. They should improve their support as well. Response resolution time is too high.

I have a little bit of experience with Infoblox. I do not have too much experience with it. Recently, we deployed CrowdStrike, media, and SVR. We purchased CrowdStrike around one and a half years ago, and now we have completely rolled it out in our infrastructure.

Response resolution time is too high.

Neutral

Implementation was comprehensive. It took around seven to eight months.

Overall, seven to eight people from different teams were involved.

SentinelOne and Palo Alto were looked into.

Support is an area that needs attention. Overall, EDR is fine. ITDR is not mature, and other tools are also not mature. If we talk about SIEM and cloud security, those are also not mature. I would rate it five out of ten.

In my cybersecurity strategy, I use CrowdStrike Falcon mainly as an EDR solution for us. Currently, we are using it as an EDR. We are also in discussion along with the CrowdStrike team where we can have a managed SOC integrated.

In the online industry, we are using CrowdStrike Falcon, specifically in online classified, which you could call e-commerce.

For threat detection, the most effective feature I find in CrowdStrike Falcon is 24/7 managed monitoring, which is basically a next-gen antivirus and next-gen endpoint detection and response. In endpoint detection and response, the best part is 24/7 365 continuous monitoring to the endpoint for identifying any suspicious activity.

CrowdStrike Falcon serves as a next-gen AV, which basically does AI-based behavioral analysis to detect and act on malware or ransomware.

The automated response capabilities in CrowdStrike Falcon handle incidents based on the behavior of the activity, performing analysis in case it finds more objectionable content. If there is blocking or breaking any of your site map or something of that sort, it is an untraditional way. If the traffic behaves suspiciously, it triggers an automated response to block it. Additionally, if it detects a file which might have an extension of MIME type of maybe a document whereas it is self-replicating, that sends a suspicious activity alert. In such cases, the detection happens automatically. Because in case it's a zero-day, many times such files automatically get put in a sandbox to extract it and see why it is identified as malware. It offers automated threat detection as well, not only automated response.

Falcon's integration capabilities with other tools enhance my security posture because it has a very lightweight agent, and having a unified console gives us complete visibility, including endpoints, servers, containers, cloud workloads, everything.

To make CrowdStrike Falcon better for the next release, I recommend that they should have a model where it works as agentless. In terms of everything which the agent pushes to the server or to the single console, having a feature where you can have another port, which is SNMP or your network devices or OT devices, which you can specifically monitor, would be great.

I have been using CrowdStrike Falcon for more than two years now.

CrowdStrike Falcon is fairly easy to set up, according to my experience and our team's experience. Since we have a heterogeneous environment, for Windows it is very straightforward and easy, but for Linux it is a bit complex since you need to automate it. If you have a bulk force, then you have to use some CMF or something similar. Overall, it is still fairly easy.

For deployment, it takes approximately a couple of minutes.

During these two years with CrowdStrike Falcon, I certainly faced some problems, including the known CrowdStrike outage, which was quite pinching and brought many of the Windows-related services to a halt just because of one bad configuration push from CrowdStrike tracks.

Except for the incident mentioned above, I have not seen any recent issues with stability.

CrowdStrike Falcon is easy to scale for my company's needs.

I have contacted CrowdStrike for issues, and the response was poor. That particular experience was pretty bad, with people not knowing what was happening, how to mitigate, or what to do. We were in a bad situation, but after a couple of hours, their communication started flowing fine, and things gradually started improving. For that particular instance, I would rate it less than four.

Before working with CrowdStrike Falcon, I evaluated options such as Carbon Black and SentinelOne.

CrowdStrike Falcon is fairly easy to set up, according to my experience and our team's experience. Since we have a heterogeneous environment, for Windows it is very straightforward and easy, but for Linux it is a bit complex since you need to automate it. If you have a bulk force, then you have to use some CMF or something similar. Overall, it is still fairly easy.

For deployment, it takes approximately a couple of minutes.

As for return on investment after implementing CrowdStrike Falcon, I would say if it is protecting my environment, that itself meets my expectations so far.

CrowdStrike Falcon is pretty expensive.

I do not see a lot of advantages in CrowdStrike Falcon; however, because of one particular problem, we had to give away SentinelOne. Otherwise, all three products are quite comparable.

For those who would like to use CrowdStrike Falcon, I recommend negotiating hard on commercial terms because it is not an easy or affordable solution. From a commercial standpoint, you should negotiate hard, but technically, it is not very difficult.

CrowdStrike Falcon is a user-friendly tool.

On a scale of one to ten, I rate CrowdStrike Falcon an eight.

The typical use case for CrowdStrike Falcon depends on what kind of service the customer is looking for. Most customers look for antivirus, endpoint detection and response, or possibly managed detection and response, which leads them to reach out to us.

When we speak to the customer, they usually tell us that they're looking for antivirus or endpoint detection and response, and we then introduce CrowdStrike Falcon.

CrowdStrike Falcon has many valuable features. The solution is used for multiple functions, including MDR, XDR, and CNA solution. It depends on which category you're looking for, and you have to customize the customer's equation accordingly.

CrowdStrike Falcon can be deployed both on-premise and in the cloud, and it's an on-call solution that can be deployed anywhere by simply deploying the agent on the end devices.

Certain areas of CrowdStrike Falcon have room for improvement, but it depends on the specific services being discussed. CrowdStrike offers multiple services, and most of the product comes in the Falcon service, so it's important to be specific regarding whether the discussion is about ADR, antivirus, XDR, or MDR, as it's one of the best solutions in the market.

I believe nothing can be done to make CrowdStrike Falcon a ten out of ten, as I think it's one of the best solutions in the market. However, rating it a ten overall would imply there's no scope for improvement, but to survive in the market, changes must be made every day. Every customer and solution has tendencies for improvement, which is why I'm not giving a perfect score.

I have more than two years of experience working with CrowdStrike Falcon.

I find nothing to miss in terms of stability; there are no glitches, and the solution is stable.

I would rate the scalability of CrowdStrike Falcon highly because it only depends on the customer's infrastructure and what kind of scalable environment they have. There's no scalability limitation from CrowdStrike itself, as it just requires agent deployment.

I would rate the technical support from CrowdStrike as good, actually more than good.

Positive

CrowdStrike Falcon can be deployed both on-premise and in the cloud, and it's an on-call solution that can be deployed anywhere by simply deploying the agent on the end devices.

The return on investment from CrowdStrike EDR depends on each company's circumstances and how they are utilizing the solution.

The price of CrowdStrike Falcon depends on which product we are discussing, as pricing can vary significantly based on the customer's profile and budget.

We are part two of CrowdStrike. The time it takes to deploy CrowdStrike Falcon depends on the customer setup.

My clients vary in size, as we can reach all types of businesses, whether small, medium, or enterprise.

Based on my experience, I would recommend CrowdStrike Falcon solutions to other people. I rate the solution an eight out of ten.

I am using CrowdStrike Falcon for laptop, desktop, our server, and VM, including Linux, Windows server, and Linux server.

The most beneficial features of CrowdStrike Falcon are that it is easy to install, easy to manage, lightweight, and it can stop breaches.

The impact of CrowdStrike Falcon lightweight agents on system performance and visibility is good, with only one agent required.

Speaking about the utilization of Falcon threat graph for threat hunting, it helps my security team to predict and prevent potential breaches.

Considering that CrowdStrike Falcon is a cloud-native architecture, the elimination of on-premises infrastructure makes cybersecurity maintenance cost and complexity minimal, because we only need to install it and then monitor from the dashboard.

In Indonesia for SMB companies, the price is higher than other solutions.

For SMB organizations, the price may be higher than others, which means they have to think twice about it, but for enterprise companies, the cost is not a concern.

I have been using it for about six years and do not have any problems. The pricing is the only issue.

I have been using CrowdStrike Falcon since 2019, before the pandemic.

In terms of deployment of CrowdStrike Falcon, it is quite easy and there are no challenges with deployment.

As for stability, I would rate it around eight because last year they faced some downtime with around eight thousand computers, but it will improve.

For scalability, I would rate it a nine because they can scale efficiently with many users.

Technical support from CrowdStrike Falcon is good because usually in Indonesia we have a partner, and if the partner cannot address the issue, we discuss with CrowdStrike directly.

I would rate technical support a nine out of ten.

Positive

I used McAfee before CrowdStrike Falcon for the same use case. I switched to CrowdStrike Falcon because McAfee did not have machine learning or AI capabilities at that time.

CrowdStrike Falcon saves time and offers good value for money, especially for enterprise companies, because it can stop breaches.

I am not sure about the exact percentage of money it saves, as I have to calculate the risks, but we are satisfied because CrowdStrike Falcon has stopped breaches and prevented hackers.

I used McAfee before CrowdStrike Falcon for the same use case. I switched to CrowdStrike Falcon because McAfee did not have machine learning or AI capabilities at that time.

My rating for CrowdStrike Falcon would be eight points because there are many antivirus competitors. For those who want to use CrowdStrike Falcon, they should be mindful of the higher price compared to others.

Public Cloud

Other

I used the tool since my company wanted a product with next-generation antivirus and EDR, as it can help with the detection of malicious activities and behavior detection, and the MI and machine learning part in the tool also helps.

Only for the customized IOCs, there is a need to highlight certain aspects, and based on it, we get to block only the hash values but is not based on the file name, like .exe, or other extensions, so I can't block them, making it in an area where the solution needs to improve.

My company had raised a concern with CrowdStrike's support team when one of the antivirus applications that communicates with CrowdStrike started misbehaving. For both the aforementioned tools, the same support ticket had to be raised. If my company had to provide any suggestions regarding the whitelisting part, there was a delay of over a month when dealing with the product's support team. If the tool's support team suggests users follow certain steps, and if it is not followed or is not in progress, then after two or three days, the tool's support team needs to join a video call and provide a resolution to the users.

Some policies in the tool need to be fine-tuned. Customized IOCs need to be improved since they have certain shortcomings. With the customized IOCs, it can be made possible to block a file extension with a filename or file extension type of blocking. Providing users with the ability to customize policies would be a good improvement to the solution.

I have been using CrowdStrike Falcon Threat Intelligence for a year. I am a user of the tool.

Stability-wise, I rate the solution an eight and a half out of ten.

Scalability-wise, I rate the solution an eight out of ten.

My company's cybersecurity and IT security team use the tool. In my company, there are 15,000 users. For servers, there are 1,500 users.

Right now, there is no need to increase the usage of the tool.

The solution's technical support is not good. I rate the technical support a four to five out of ten.

Neutral

I have experience with Palo Alto.

The detection and other functionalities in CrowdStrike and Palo Alto are the same, but cost-wise, CrowdStrike is reasonable. Technically, I would prefer Palo Alto over CrowdStrike.

The product's deployment phase is easy. I rate the setup phase of the tool as a ten on a scale where one is difficult and ten means it is an easy process.

The solution can be deployed in the cloud and on an on-premises model.

The solution can be initially deployed in a minute.

Considering the number of users, servers, cloud, and on-premises environment, it hardly takes 15 to 20 days. When there are laptop and desktop users who are online, and there is a need to install the agent, then there can be some issues, and with such minor things, ten days are more than enough for the installation.

CrowdStrike is a reasonably priced tool.

In terms of the ability of the tool to deal with threats, I would say that the product does it by around 85 percent.

The real-time response of the tool is good, and I feel it is around 90 to 95 percent.

The tool's incident-handling capability is good.

Considering the influence of the product on our company over some time, I would say that the solution is cost-effective and offers good threat detection features. The tool's interface is also good.

The tool's AI features are good, but they are not useful for our company since the area of detection is not something in our bucket right now.

If you have a big budget, go with Palo Alto. If you have a low budget and want a tool that provides more accuracy during detection, then it is better to go with CrowdStrike.

I rate the tool a nine out of ten.

Hybrid Cloud

For our use cases, we are using it to collect IOCs, and we also are using EDR, with injection integrated with our SIM solution to create some use cases.

What I find beneficial about CrowdStrike Falcon is that it performs effectively. We are focusing only on EDR and creating use cases regarding user processes or endpoints, particularly user behavior analytics.

The CrowdStrike Falcon has enhanced our cybersecurity posture in our organization by providing full visibility for each endpoint.

The real-time analytics aspect of CrowdStrike performs well because we get all logs in real-time, with no delay, allowing us to take action immediately.

The integration capabilities of CrowdStrike are excellent; we can integrate it with many SIM solutions and SOAR, and we have already integrated with different platforms. While integrating it with other platforms, I do not remember facing any issues, as we have a very good team for custom connectors, and the integration is smooth without any challenges.

We do not leverage AI within the CrowdStrike Falcon, as we are using different products LLM, and I am unsure if CrowdStrike has the capability to integrate it with local LLM or if I need to use commercial LLM such as OpenAI.

I am currently investigating SOAR in CrowdStrike because I have seen some articles about it, but I am uncertain if it is operational now or still in development.

I do not have any specific features I would want to see included in CrowdStrike.

I have been working with the CrowdStrike Falcon for almost three years.

I find CrowdStrike to be stable; there are no issues, although there was one instance when we had an outage for updating the Falcon Agent, but since then, it has been stable without any issues.

In terms of scalability, I find CrowdStrike to be stable, and I have not encountered any limitations with it. CrowdStrike covers around 2,800 endpoints for us.

Regarding maintenance, the service is excellent; if we face any issues, we open a ticket with the CrowdStrike support team.

I would evaluate CrowdStrike tech support as excellent because they have a very fast response.

On a scale of one to ten, I would rate the technical support as a 10 because they resolve many issues for us.

Positive

Before CrowdStrike, I worked with other solutions for EDR and XDR, specifically Trend Micro and Microsoft Defender's Endpoint, as we are working in MSSP.

The main differences between CrowdStrike and Trend Micro or Microsoft solutions are that CrowdStrike gives me more visibility, while with Defender, I have to run queries which are not easy to use. Even network telemetry for CrowdStrike is very simple and easy to read, allowing for faster understanding compared to Defender where creating rules requires more tuning. Regarding disadvantages of CrowdStrike in comparison to Defender or Trend Micro, I do not see any.

I was not involved in the implementation part of CrowdStrike in my environment because I arrived after it was already installed, so I did not start from scratch.

Currently, I do not see any tangible benefits from CrowdStrike regarding incident improvement time, response time, or cost saving.

Based on my experience, I would recommend CrowdStrike to others because it is user-friendly and easy to manage, unlike other solutions that require experienced personnel; CrowdStrike's documentation is also very clear.

I would recommend it to other users because it is a perfect product.

It is an easy solution that anyone can manage, providing many benefits for endpoint visibility and allowing for the creation of many custom use cases without the need for much fine-tuning to get true positive alerts.

On a scale of one to ten, I would rate CrowdStrike Falcon as a product and solution as an eight.

On-premises

As a security analyst, I primarily focus on creating rules, conducting investigations, and integrating new devices with our CrowdStrike system. After these integrations, I also check the status to ensure everything is functioning properly.

For threat detection, CrowdStrike provides queries and searches. If I need to find any IOCs, I would say that is my best option. During a cyber war, once we gather some IOCs, we can ingest them into CrowdStrike. This ensures that if we encounter an attack using those IOCs in the future, we receive alerts, allowing us to investigate further. Also, the detection capability of CrowdStrike is quite real-time. If we enforce a policy preventing users from inserting USBs into the PC and it triggers, it happens in real-time without delay.

Currently, users manually input IOCs, and it would be beneficial if IOCs released by major companies were automatically integrated into CrowdStrike. We retrieve files from vendors, which incurs costs. Automating this process could be cost-effective and time-saving.

I think I have been using it for around seven and a half years.

There is no maintenance required because I, as a user of CrowdStrike, am part of the security team. I mainly configure new threat detections or explore new dashboards.

The stability is quite impressive, and I am enjoying it.

It is stable, and I haven't encountered any issues. It is manageable and comfortable.

I am a security analyst, and CrowdStrike is utilized as part of EDR. For websites, other attacks, and banking systems, we have used QRadar, ELK, Sentinel, and some locally built detection systems.

For me, as a security analyst, it doesn't require months or days. Many tasks can be completed in hours. With experience, even critical tasks can be done in minutes.

Whenever our company hires a new employee, they provide him with credentials. He installs the agent and inputs the credentials. The process is entirely console-based.

It depends on the size of the company and the tasks we undertake.

I don't have much information about the setup costs, but it was manageable. CrowdStrike offers three or four packages depending on the company's size, and we purchased the most expensive one for better operations.

I would recommend that if you need a quick response against real-time attackers, you should consider purchasing CrowdStrike. Windows Defender doesn't match up, so configuring it on EC2 instances is better for small and large-scale companies as well. Overall rating: nine out of ten.

Hybrid Cloud