CrowdStrike Falcon Reviews

I am a customer of CrowdStrike Falcon through a consultant, and our company is headquartered in India, while our consultant is a sister company also located in India.

We use CrowdStrike Falcon internally in our company.

I am using CrowdStrike Falcon for its purpose, which is to save the company from any attacks, viruses, or whatever threats are available.

The most useful feature of CrowdStrike Falcon is protection, though it cannot be described in one word.

Protection is the main purpose of CrowdStrike Falcon.

CrowdStrike Falcon has positively impacted my organization by providing good protection, logs, and reports, which I find very good.

One area for improvement in CrowdStrike Falcon could be the user interface and reports; it requires some improvements to be easily handled.

For the reporting in CrowdStrike Falcon, I need specific data because in most reports, some of the data is not with that importance for the collector, so the reports need to be more specific for each purpose.

I have been working with CrowdStrike Falcon for around three years.

Regarding stability and reliability, I find CrowdStrike Falcon to be stable; nothing has happened since we installed it, and there are no bugs or issues from the software.

I can say that CrowdStrike Falcon is sufficient in terms of scalability from my point of view; it is capable of working with our current infrastructure or setup, and I believe it's sufficient.

My interaction with technical support for CrowdStrike Falcon was fine; they supported me and provided a solution for my issue.

Based on my experience, I would rate the technical support for CrowdStrike Falcon an eight.

Before CrowdStrike Falcon, I used an application called Kaspersky, but not for the same purposes.

I did not evaluate other options before choosing CrowdStrike Falcon because it was a forced decision from our headquarters, from the mother company.

Currently, I do not remember exactly what version of CrowdStrike Falcon we are using because I'm managing the team, but I can check the right version later.

We are using the latest version of CrowdStrike Falcon.

CrowdStrike Falcon has not helped me predict and prevent potential breaches by itself, but with support from other applications such as Splunk and Windows Defender, it has contributed.

I integrate CrowdStrike Falcon with third-party tools.

I have to integrate CrowdStrike Falcon with other applications to get the most protection, and the integration is smooth and everything works well.

I am using the lightweight agent.

For the system performance, the lightweight agent is fine; it has not affected performance too much, and generally it's acceptable.

I rate CrowdStrike Falcon eight out of ten.

The main use cases for CrowdStrike Falcon from my customers are the lightweight agent, which is very easy to use, and it will protect the complete environment in a single dashboard.

A specific use case from my customers for CrowdStrike Falcon is that the SaaS-based single agent can protect all the platforms.

The best features of CrowdStrike Falcon are the single agent and the fact that there is no daily signature update.

There is no daily signature update because it operates as a signatureless solution.

Regarding the lightweight agent, all other solutions have multiple agents, which degrade system performance; however, this single agent has multiple features that increase system performance.

The elimination of on-prem infrastructure through CrowdStrike Falcon's cloud-native architecture has impacted my customers by reducing both cost and complexity, as they are now using the cloud-native solution.

I recommend that some deep-dive trainings are required for the NG SIEM, specifically for their next-generation SIEM module, as they need some basic trainings for that.

To clarify, deep-dive trainings are required specifically for the NG SIEM or next-gen SIEM.

For technical support, I would rate it as a nine out of ten.

There are no complaints about the support.

Positive

My customers have seen a return on investment with CrowdStrike Falcon.

While I do not have specific details currently available, those who purchased are very happy with the solution.

The price is reasonable when comparing it to other tools.

The license cost is typically per device.

Based on the modules customers purchase, the cost will increase, as they have more than 28 to 32 modules.

The feature called Threat Graph for threat hunting helps in terms of security to predict and prevent breaches by showing how threats are evolving and how we can protect the customer environment, which helps us build better security.

I have integrated CrowdStrike Falcon with existing SIEM solutions and security frameworks.

It helps to streamline incident response processes because it is very easy to integrate with SIEM solutions like IBM QRadar and HPE ArcSight; for the incident response, it helps us correlate with other solutions.

My customers using CrowdStrike Falcon are mainly from all industries, including ITES, finance, marketing, manufacturing, and health.

I recommend that those planning to use CrowdStrike Falcon should migrate from their old traditional antivirus to next-gen antivirus, which will help them protect their environment.

The biggest advantage of this solution for my customers is that it is a single solution that fulfills most of their security concerns while being easy to manage.

I rate CrowdStrike Falcon ten out of ten.

For our use cases, we are using it to collect IOCs, and we also are using EDR, with injection integrated with our SIM solution to create some use cases.

What I find beneficial about CrowdStrike Falcon is that it performs effectively. We are focusing only on EDR and creating use cases regarding user processes or endpoints, particularly user behavior analytics.

The CrowdStrike Falcon has enhanced our cybersecurity posture in our organization by providing full visibility for each endpoint.

The real-time analytics aspect of CrowdStrike performs well because we get all logs in real-time, with no delay, allowing us to take action immediately.

The integration capabilities of CrowdStrike are excellent; we can integrate it with many SIM solutions and SOAR, and we have already integrated with different platforms. While integrating it with other platforms, I do not remember facing any issues, as we have a very good team for custom connectors, and the integration is smooth without any challenges.

We do not leverage AI within the CrowdStrike Falcon, as we are using different products LLM, and I am unsure if CrowdStrike has the capability to integrate it with local LLM or if I need to use commercial LLM such as OpenAI.

I am currently investigating SOAR in CrowdStrike because I have seen some articles about it, but I am uncertain if it is operational now or still in development.

I do not have any specific features I would want to see included in CrowdStrike.

I have been working with the CrowdStrike Falcon for almost three years.

I find CrowdStrike to be stable; there are no issues, although there was one instance when we had an outage for updating the Falcon Agent, but since then, it has been stable without any issues.

In terms of scalability, I find CrowdStrike to be stable, and I have not encountered any limitations with it. CrowdStrike covers around 2,800 endpoints for us.

Regarding maintenance, the service is excellent; if we face any issues, we open a ticket with the CrowdStrike support team.

I would evaluate CrowdStrike tech support as excellent because they have a very fast response.

On a scale of one to ten, I would rate the technical support as a 10 because they resolve many issues for us.

Positive

Before CrowdStrike, I worked with other solutions for EDR and XDR, specifically Trend Micro and Microsoft Defender's Endpoint, as we are working in MSSP.

The main differences between CrowdStrike and Trend Micro or Microsoft solutions are that CrowdStrike gives me more visibility, while with Defender, I have to run queries which are not easy to use. Even network telemetry for CrowdStrike is very simple and easy to read, allowing for faster understanding compared to Defender where creating rules requires more tuning. Regarding disadvantages of CrowdStrike in comparison to Defender or Trend Micro, I do not see any.

I was not involved in the implementation part of CrowdStrike in my environment because I arrived after it was already installed, so I did not start from scratch.

Currently, I do not see any tangible benefits from CrowdStrike regarding incident improvement time, response time, or cost saving.

Based on my experience, I would recommend CrowdStrike to others because it is user-friendly and easy to manage, unlike other solutions that require experienced personnel; CrowdStrike's documentation is also very clear.

I would recommend it to other users because it is a perfect product.

It is an easy solution that anyone can manage, providing many benefits for endpoint visibility and allowing for the creation of many custom use cases without the need for much fine-tuning to get true positive alerts.

On a scale of one to ten, I would rate CrowdStrike Falcon as a product and solution as an eight.

I am using it for endpoint protection.

The features I appreciate the most are numerous; the overall product is very good, actually.

This is an advanced tool in terms of AI which is implemented and integrated. CrowdStrike Falcon has a ransom detection time of less than 50 seconds. Detection and taking down violations and breaches takes a minimum time of 59 seconds. Intelligence is very good, as AI is integrated with this solution. The integration capabilities in CrowdStrike Falcon are very good.

If tomorrow is the next release of the product, new features would be helpful, but at the moment, the product is very good. Nothing specific comes to mind about what new features they can add.

For further improvements, I can only think of one example because this is very important for us; they could reduce the price. Then it would deserve a rating of seven.

We have been using it for three to four years and have not encountered any issues.

Regarding challenges or problems with the product, I haven't noticed any current drawbacks. The challenge occurred last year in July when there was some patch update failure, which caused many issues. However, we have overcome that situation.

The stability is good.

We have been using it for three to four years and have not encountered any issues. More experience with this product might come with increased usage.

The technical support from CrowdStrike Falcon is good.

I would rate the support an eight.

Positive

The installation and deployment are straightforward. It is very good and can be integrated with the management engine.

The Return On Investment saves around 30%.

The licensing cost and setup costs are affordable.

I am a computer engineer by profession.

The maintenance is automatic.

I would rate CrowdStrike Falcon as nine overall.

We are using it for endpoint protection, as well as for cloud security coverage. It includes monitoring all our critical servers and endpoint devices. We also design workflows for anomaly behavior detection using machine learning techniques for anything malicious or abnormal. We monitor everything suspicious. We either design the workflows or use CrowdStrike to monitor any new detections and anomaly behaviors, as well as do vulnerability management.

The best benefit of CrowdStrike Falcon is 99% MITRE coverage. It detects suspicious or undetected activities on the system and provides protection for zero-day vulnerabilities. If there is a sudden rise in CPU consumption or abnormal storage use, it helps us by creating a ticket, allowing us to investigate any abnormal behavior present. We can look into the machine and investigate. It reduces the false negatives common with other technologies.

The real-time response helps with MTTR. We achieve faster detection and response times.

It helped prevent breaches. In the past, there was abnormal consumption of RAM along with CPU on a server. It also started communicating with other subnets. CrowdStrike Falcon triggered an alert. We did our investigation and found that we had ransomware. We successfully mitigated it.

The machine learning behavior for anomaly detection is a valuable feature. It helps identify any suspicious or unusual activities within the system.

Furthermore, it has impressive MITRE coverage. 

Deployment in cloud environments is challenging. Another concern is CrowdStrike's GUI. It changes annually, making it hard to work and find options. After a year, options change or integrate with something else, which is challenging for me as it requires relearning. It is time-consuming.

I started working on CrowdStrike in 2018. 

We are following N-1 versions across our environment, which is stable. Due to our requirements, we never switch to the N version; we always stick to N-1 and never face anything abnormal while using it.

It has proven to be a good technology for me. It has adequate coverage and is easy to deploy. Its scalability is good.

It is deployed across the globe.

I would rate them a seven out of ten. They take a lot of time to come back to us.

Neutral

I have used SentinelOne as well. SentinelOne was similar but had major challenges with workflow implementation. Workflow implementation is far easier in CrowdStrike compared to SentinelOne.

We have it in the on-premises environment and cloud environments. For endpoint hosts, it is very easy, but in the cloud environment, there are challenges, especially if we have AWS technologies with Lambda functions, which are serverless.

My implementation strategy was simple. I segregated servers based on criticality, then network, and finally OS level. Anything critical was based on my CMDB asset configuration. Following criticality was the network, determining internal versus public-facing. The last segmentation was on OS configuration. These three categorizations were primarily used in deploying agents across our environment.

In terms of maintenance, there are patches or version upgrades. 

We had a group of five people, which was enough to manage this.

It is worth the money.

It is expensive compared to SentinelOne, but as the market leader, it is worth it.

I would rate CrowdStrike Falcon an eight out of ten. They have some challenges with the cloud environment, which is a major drawback, especially with the serverless aspect. Their GUI also causes issues with regular changes.

If anyone has worked with CrowdStrike, they would promote it. However, cloud security presents challenges. Moving from physical to cloud environments is difficult. I have raised 7-8 tickets to resolve cloud issues, especially with AWS.

I am currently using CrowdStrike Falcon as an EDR, which is integrated with SIEM. We also work in a real-time environment with the product. As a Falconist, I perform investigation actions on it. There are three different kinds of alerts I deal with: one based purely on IOCs, another process-oriented IOA, and those based on machine learning alerts. This is what I work on, and it is actually a good tool. It has multiple features, including real-time connection to the RTR environment, allowing direct remote host connection through CrowdStrike. I have multiple options like host search and event search, enabling me to do everything I need. It's a comprehensive package. It's a challenging tool to explore, but once accustomed to it, it is quite excellent.

Obviously, when checking in the SIEM, not all logs are available. In CrowdStrike, unlike SIEM, actions are clearly defined. For example, a regular AV like Symantec might indicate a file was quarantined or failed to quarantine, but in CrowdStrike, I can verify the action. As an incident response analyst, I can use CrowdStrike to perform actions like directly wiping a file from a host if given access. I can investigate by accessing the customer's host based on the RTR environment and utilize host search to know details for the past seven days, including logins, processes, file installations, malicious processes, and network connections. Event search also allows for detailed investigations, showing accessed files and remote installations.

In CrowdStrike, with the variety of security tools available, learning the different query languages can be challenging. I use KQL queries with Sentinel and AQL with QRadar, and CrowdStrike's query language is different as well. This requires constant learning for security analysts. Simplifying the querying process, such as using double quote queries or directly obtaining logs based on IP addresses or usernames, would be beneficial. The event search tab in CrowdStrike is complex, though the host search is more straightforward and gets details from the past week. The querying system, similar to Splunk, could be made more user-friendly.

I have been using it for the past two years.

The stability is always great. I have never seen instability in the CrowdStrike tool.

When it comes to scalability, it is entirely based on premium models according to demand. Our log retention is low, but paying more increases it. Scalability is moderate, based on the charges paid to the CrowdStrike product service team. Offering good services, like better log retention at a lower price, would be excellent.

The CrowdStrike team is very efficient; I would rate them ten out of ten. They respond quickly when it comes to providing services.

Positive

I have worked on Symantec ATP, advanced threat protection, but it is a legacy product. Many companies have moved away from Symantec, and they use legacy antivirus solutions. The integration with Symantec ATP was tough, and event or host searches were based entirely on raw logs.

The current setup is easy, but it could be more natural and make drill-down searches simpler. With advancements in AI, integration could streamline responses further, but there is still room for making the process easier.

The integration task should be done by engineers. I'm interested in the process and have learned something about integration, but we have not fully explored all integration aspects.

CrowdStrike is a great solution. It's a hands-on tool. I have not seen other EDRs like it. Compared to Carbon Black, which is much more difficult with a different UI, CrowdStrike allows direct, detailed investigation with a PID generated for each process. It offers unique abilities not seen in other EDRs. Overall product rating: nine out of ten.

Our organization still uses Infoblox, and my role is a little bit different now. I am conducting the POC of new solutions, which we have to deploy in our infrastructure. I evaluate the new products, and then if we purchase them, we deploy them.

EDR is effective in CrowdStrike. Real-time response (RTR) is a feature of EDR. CrowdStrike provides a lot of visibility in their tool. CrowdStrike is from the EDR point of view. It is a good tool, and we have rolled it out in our infrastructure.

The KDR solution is immature. They do not have much preemption in ITDR. Threat prevention should be their first priority, and false positive reductions are needed. They should improve their support as well. Response resolution time is too high.

I have a little bit of experience with Infoblox. I do not have too much experience with it. Recently, we deployed CrowdStrike, media, and SVR. We purchased CrowdStrike around one and a half years ago, and now we have completely rolled it out in our infrastructure.

Response resolution time is too high.

Neutral

Implementation was comprehensive. It took around seven to eight months.

Overall, seven to eight people from different teams were involved.

SentinelOne and Palo Alto were looked into.

Support is an area that needs attention. Overall, EDR is fine. ITDR is not mature, and other tools are also not mature. If we talk about SIEM and cloud security, those are also not mature. I would rate it five out of ten.

I used the tool since my company wanted a product with next-generation antivirus and EDR, as it can help with the detection of malicious activities and behavior detection, and the MI and machine learning part in the tool also helps.

Only for the customized IOCs, there is a need to highlight certain aspects, and based on it, we get to block only the hash values but is not based on the file name, like .exe, or other extensions, so I can't block them, making it in an area where the solution needs to improve.

My company had raised a concern with CrowdStrike's support team when one of the antivirus applications that communicates with CrowdStrike started misbehaving. For both the aforementioned tools, the same support ticket had to be raised. If my company had to provide any suggestions regarding the whitelisting part, there was a delay of over a month when dealing with the product's support team. If the tool's support team suggests users follow certain steps, and if it is not followed or is not in progress, then after two or three days, the tool's support team needs to join a video call and provide a resolution to the users.

Some policies in the tool need to be fine-tuned. Customized IOCs need to be improved since they have certain shortcomings. With the customized IOCs, it can be made possible to block a file extension with a filename or file extension type of blocking. Providing users with the ability to customize policies would be a good improvement to the solution.

I have been using CrowdStrike Falcon Threat Intelligence for a year. I am a user of the tool.

Stability-wise, I rate the solution an eight and a half out of ten.

Scalability-wise, I rate the solution an eight out of ten.

My company's cybersecurity and IT security team use the tool. In my company, there are 15,000 users. For servers, there are 1,500 users.

Right now, there is no need to increase the usage of the tool.

The solution's technical support is not good. I rate the technical support a four to five out of ten.

Neutral

I have experience with Palo Alto.

The detection and other functionalities in CrowdStrike and Palo Alto are the same, but cost-wise, CrowdStrike is reasonable. Technically, I would prefer Palo Alto over CrowdStrike.

The product's deployment phase is easy. I rate the setup phase of the tool as a ten on a scale where one is difficult and ten means it is an easy process.

The solution can be deployed in the cloud and on an on-premises model.

The solution can be initially deployed in a minute.

Considering the number of users, servers, cloud, and on-premises environment, it hardly takes 15 to 20 days. When there are laptop and desktop users who are online, and there is a need to install the agent, then there can be some issues, and with such minor things, ten days are more than enough for the installation.

CrowdStrike is a reasonably priced tool.

In terms of the ability of the tool to deal with threats, I would say that the product does it by around 85 percent.

The real-time response of the tool is good, and I feel it is around 90 to 95 percent.

The tool's incident-handling capability is good.

Considering the influence of the product on our company over some time, I would say that the solution is cost-effective and offers good threat detection features. The tool's interface is also good.

The tool's AI features are good, but they are not useful for our company since the area of detection is not something in our bucket right now.

If you have a big budget, go with Palo Alto. If you have a low budget and want a tool that provides more accuracy during detection, then it is better to go with CrowdStrike.

I rate the tool a nine out of ten.