CrowdStrike Falcon Reviews

We use the product for cloud security. We use it for prevention, to watch for gaps in security. We work with customers seeking prevention for advanced apps. 

Sometimes a customer has multiple solutions that come at a higher cost. They have to pay for all of these other security features. With CrowdStrike, customers get one agent for all system operations. It offers more security for remote work and clients gain access to the latest protections.

The solution offers good features. The prevention and device control are useful. It offers helpful firewall management and identity protection.

They've reduced the complexity and provide better security outcomes. Customers tend to prefer CrowdStrike. 

It's easy to deploy and manage.

The solution isn't known in my market. The brand isn't as recognizable. Their shortcomings are more on the marketing side. Everyone knows Microsoft Defender. Customers need to hear more about CrowdStrike and all the advantages and features on offer. 

We've used the solution for three to four months. 

I haven't had any issues with bugs or glitches. I haven't had a problem with stability so far. 

The capability to scale so far has been good. 

Technical support is good. 

Positive

I'm also familiar with Microsoft Defender. However, Defender works best with Microsoft and not necessarily other legacy applications. With CrowdStrike, you can secure all system operations and versions. It's easier to deploy and operate. 

The deployment is seamless and users get immediate protection. It's lightweight. There's one agent deployed to endpoints in minutes. The product offers consistent coverage. There's no complex integrations and it doesn't need fine-tuning. In comparison, Defender can be more complex.

CrowdStrike can be deployed on any operating system, not just Microsoft. 

There isn't really maintenance, it's set and forget. The agent updates automatically and receives continuous security updates, enabling immediate enforcement across endpoints. 

The solution is well worth the cost.

The costs are predictable. There are no surprises. 

In Chile, there are not a lot of CrowdStrike partners of the managed service; therefore, it's a little more expensive than Microsoft, as there are so many more managed partners for Microsoft. That said, if you look at the total cost of ownership, CrowStrike is better than Microsoft.

We're a reseller. We're still new to CrowdStrike. 

I'd rate the solution eight out of ten. The cost is good and they offer better tech support. Also, the protection is wonderful. 

Hybrid Cloud

As a security analyst, I primarily focus on creating rules, conducting investigations, and integrating new devices with our CrowdStrike system. After these integrations, I also check the status to ensure everything is functioning properly.

For threat detection, CrowdStrike provides queries and searches. If I need to find any IOCs, I would say that is my best option. During a cyber war, once we gather some IOCs, we can ingest them into CrowdStrike. This ensures that if we encounter an attack using those IOCs in the future, we receive alerts, allowing us to investigate further. Also, the detection capability of CrowdStrike is quite real-time. If we enforce a policy preventing users from inserting USBs into the PC and it triggers, it happens in real-time without delay.

Currently, users manually input IOCs, and it would be beneficial if IOCs released by major companies were automatically integrated into CrowdStrike. We retrieve files from vendors, which incurs costs. Automating this process could be cost-effective and time-saving.

I think I have been using it for around seven and a half years.

There is no maintenance required because I, as a user of CrowdStrike, am part of the security team. I mainly configure new threat detections or explore new dashboards.

The stability is quite impressive, and I am enjoying it.

It is stable, and I haven't encountered any issues. It is manageable and comfortable.

I am a security analyst, and CrowdStrike is utilized as part of EDR. For websites, other attacks, and banking systems, we have used QRadar, ELK, Sentinel, and some locally built detection systems.

For me, as a security analyst, it doesn't require months or days. Many tasks can be completed in hours. With experience, even critical tasks can be done in minutes.

Whenever our company hires a new employee, they provide him with credentials. He installs the agent and inputs the credentials. The process is entirely console-based.

It depends on the size of the company and the tasks we undertake.

I don't have much information about the setup costs, but it was manageable. CrowdStrike offers three or four packages depending on the company's size, and we purchased the most expensive one for better operations.

I would recommend that if you need a quick response against real-time attackers, you should consider purchasing CrowdStrike. Windows Defender doesn't match up, so configuring it on EC2 instances is better for small and large-scale companies as well. Overall rating: nine out of ten.

Hybrid Cloud

I am using it for endpoint protection.

The features I appreciate the most are numerous; the overall product is very good, actually.

This is an advanced tool in terms of AI which is implemented and integrated. CrowdStrike Falcon has a ransom detection time of less than 50 seconds. Detection and taking down violations and breaches takes a minimum time of 59 seconds. Intelligence is very good, as AI is integrated with this solution. The integration capabilities in CrowdStrike Falcon are very good.

If tomorrow is the next release of the product, new features would be helpful, but at the moment, the product is very good. Nothing specific comes to mind about what new features they can add.

For further improvements, I can only think of one example because this is very important for us; they could reduce the price. Then it would deserve a rating of seven.

We have been using it for three to four years and have not encountered any issues.

Regarding challenges or problems with the product, I haven't noticed any current drawbacks. The challenge occurred last year in July when there was some patch update failure, which caused many issues. However, we have overcome that situation.

The stability is good.

We have been using it for three to four years and have not encountered any issues. More experience with this product might come with increased usage.

The technical support from CrowdStrike Falcon is good.

I would rate the support an eight.

Positive

The installation and deployment are straightforward. It is very good and can be integrated with the management engine.

The Return On Investment saves around 30%.

The licensing cost and setup costs are affordable.

I am a computer engineer by profession.

The maintenance is automatic.

I would rate CrowdStrike Falcon as nine overall.

Hybrid Cloud

Other

For our use cases, we are using it to collect IOCs, and we also are using EDR, with injection integrated with our SIM solution to create some use cases.

What I find beneficial about CrowdStrike Falcon is that it performs effectively. We are focusing only on EDR and creating use cases regarding user processes or endpoints, particularly user behavior analytics.

The CrowdStrike Falcon has enhanced our cybersecurity posture in our organization by providing full visibility for each endpoint.

The real-time analytics aspect of CrowdStrike performs well because we get all logs in real-time, with no delay, allowing us to take action immediately.

The integration capabilities of CrowdStrike are excellent; we can integrate it with many SIM solutions and SOAR, and we have already integrated with different platforms. While integrating it with other platforms, I do not remember facing any issues, as we have a very good team for custom connectors, and the integration is smooth without any challenges.

We do not leverage AI within the CrowdStrike Falcon, as we are using different products LLM, and I am unsure if CrowdStrike has the capability to integrate it with local LLM or if I need to use commercial LLM such as OpenAI.

I am currently investigating SOAR in CrowdStrike because I have seen some articles about it, but I am uncertain if it is operational now or still in development.

I do not have any specific features I would want to see included in CrowdStrike.

I have been working with the CrowdStrike Falcon for almost three years.

I find CrowdStrike to be stable; there are no issues, although there was one instance when we had an outage for updating the Falcon Agent, but since then, it has been stable without any issues.

In terms of scalability, I find CrowdStrike to be stable, and I have not encountered any limitations with it. CrowdStrike covers around 2,800 endpoints for us.

Regarding maintenance, the service is excellent; if we face any issues, we open a ticket with the CrowdStrike support team.

I would evaluate CrowdStrike tech support as excellent because they have a very fast response.

On a scale of one to ten, I would rate the technical support as a 10 because they resolve many issues for us.

Positive

Before CrowdStrike, I worked with other solutions for EDR and XDR, specifically Trend Micro and Microsoft Defender's Endpoint, as we are working in MSSP.

The main differences between CrowdStrike and Trend Micro or Microsoft solutions are that CrowdStrike gives me more visibility, while with Defender, I have to run queries which are not easy to use. Even network telemetry for CrowdStrike is very simple and easy to read, allowing for faster understanding compared to Defender where creating rules requires more tuning. Regarding disadvantages of CrowdStrike in comparison to Defender or Trend Micro, I do not see any.

I was not involved in the implementation part of CrowdStrike in my environment because I arrived after it was already installed, so I did not start from scratch.

Currently, I do not see any tangible benefits from CrowdStrike regarding incident improvement time, response time, or cost saving.

Based on my experience, I would recommend CrowdStrike to others because it is user-friendly and easy to manage, unlike other solutions that require experienced personnel; CrowdStrike's documentation is also very clear.

I would recommend it to other users because it is a perfect product.

It is an easy solution that anyone can manage, providing many benefits for endpoint visibility and allowing for the creation of many custom use cases without the need for much fine-tuning to get true positive alerts.

On a scale of one to ten, I would rate CrowdStrike Falcon as a product and solution as an eight.

On-premises

CrowdStrike Falcon is used as an endpoint detection and response platform. It's basically an antivirus solution. It is deployed on all the endpoints, including workstation servers, et cetera.

We previously had another solution. However, it was a combination of signature-based and anomaly-based detection methods. When we implemented CrowdStrike in our organization, it helped us minimize the critical gap where, in some cases, we could not identify malicious behavior.

CrowdStrike is behavioral-based; therefore, it has a behavioral-based detection method. It's not a signature-based tool. It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints.

They have a service called Overwatch. It's an incident response feature, which CrowdStrike usually provides for most of the customer's premium customers. They will be looking for particular instances. If anything really suspicious or malicious happens, they will inform us. That is one kind of feature that is really great as compared to other tools.

The ransomware protection and behavior-based detection are the best features. 

The solution has effective prevention policies. They help prevent cyber attacks or any other malicious activity.

The real-time response capability supported our incident response efforts. Whenever there is a case of any critical incident or any security breach, at the time of security breach, we can utilize RTR (real-time response) features to know what process is running. Then, we can kill the process. We can get to know, for example, what active connections are. Also, in case of quarantine, if we quarantine a particular machine with CrowdStrike, we still have access to that machine with the real-time response feature. That's quite useful.

File integrity monitoring could be improved. They need to have more clarity on the policies and how we can apply them to get the file modification details. In terms of vulnerability management, CrowdStrike doesn't have the network scanning feature, which other competitors have.

We sometimes get false positives. We have had to create some exceptions. However, we have been able to minimize the noise. 

I have been using CrowdStrike for more than 3 years.

This is a very stable solution. I'd rate the solution 9 out of 10. 

We have a single instance across multiple locations. People in the company work from different locations, and we have agents installed to workstations, et cetera. We have around 8,000 workstations and around 5,000 servers. Then, we have about 20 people working on it directly regularly.

The solution is absolutely scalable, and companies can scale it as needed. I'd rate the solution 9 out of 10 in terms of scalability. 

I'm absolutely satisfied with CrowdStrike's support. They have a robust support team that is always there to help.

Positive

We were previously using Symantec. CrowdStrike has a wider range of features and has been the market leader in its category. After a quick POC, we decided to move to it. 

The initial setup was straightforward. There were no major hiccups in implementing it. We were clearly guided by the CrowdStrike team. We just followed the steps provided. It took 45 to 60 days to implement.

CrowdStrike is a cloud-based solution. We don't have to deploy any instance on-premises or cloud. CrowdStrike provides us access to their instance. We simply have to install the agents on our systems. Those agents will communicate to the CrowdStrike Falcon cloud. It will all be managed by CrowdStrike, and we will have access to the console. On the console, we have all the features and all the different options we need to manage the platform. There is no maintenance required.

We had 3 people participating in the deployment. From the system side, there are multiple teams involved from the deployment point of view. That said, 90% of the work was done by the security platform team.

I'd rate the ease of deployment 4.5 out of 5. 

We have witnessed an ROI. It's been the first line of defense for us. It has saved us on costs. However, those are hard to quantify as we haven't faced a breach.

The solution is expensive, however, if you look at the features, it's worth the cost.

I'm a customer and end-user.

I would absolutely recommend this product to any organization with a prior POC under its belt. A company needs to test it in their environment. That said, I would highly recommend anyone to test it out.

I'd rate the solution 9 out of 10. 

Public Cloud

I'm a tax lawyer, so the IRS requires me to have a security program. 

Everything is automatic. I install the sensor and renew the service. Periodically, I get a notice that they've shut something down. It couldn't be less painful, and it couldn't be more reassuring. I never need to do anything with it. I don't tweak it or update it. 

You place a sensor on your computers that requires a very small amount of memory. It's about 39k or so to run the sensor. It's not like other programs that slow down the computer. CrowdStrike is constantly scanning your computer from the cloud and responds in a millisecond when it detects anything. 

The content-filtering features for children could be improved. We have young grandchildren aged 12 and 8. My daughter, their mother, wants to keep them from getting in trouble on the net. She looked at all these other solutions from Google, Microsoft, etc., and she couldn't figure out how to make any of those work. I told her that I bet CrowdStrike could handle this. Sure enough, CrowdStrike can do exactly that. It's the same solution that the Defense Department gets. It works, but it's a little complicated to implement. It could be simpler to set the policies. 

I have used CrowdStrike Falcon for three or four years. 

I rate CrowdStrike support 10 out of 10. It's an email-based procedure. You create a case, and they notify you when it's assigned. You get an email from the technician, and you correspond back and forth. I usually request a phone call. They respond quickly. It's usually within half an hour to an hour. The tech support is perfectly adequate and certainly helps with whatever you want. They're nice, and the people seem intelligent.

Positive

Setting up CrowdStrike Falcon is easy. They give you this enormous knowledge base. I almost never use it, but it covers absolutely everything. They also do a lot of handholding for the installation. You can get somebody to call you and tell you that everything is in the right place and it's doing all the right stuff. You can also do it by yourself, and you'll get an email message saying your sensor has been installed on this endpoint.

It took me about half an hour to an hour to download and install the sensor, but I also think it was influenced by the level at which I use CrowdStrike. I am their most basic user. A more complicated environment like the Defense Department might take more time.

CrowdStrike Falcon offers a great value. I'm the smallest kind of customer they had. It's a big step up. I had a more robust subscription, but I found I didn't use any of it ever, so I just cut back to the same thing that I had to begin with. You hardly notice any difference.

Crowdstrike Falcon is relatively cheap. 

We also considered Palo Alto. It had a device, but once you got it, you had some technical issues to deal with. I don't know if Palo Alto's requirements were more or less onerous than CrowdStrike's, but it seemed a little more complicated. 

The two products had similar pricing. Palo Alto was about $750 for the device and a small amount for maintenance and whatnot. The other one is $500 a shot. The fact that you can get some other form of security software for a tenth of that price doesn't matter. It's just not even worth thinking about.

I rate CrowdStrike Falcon 10 out of 10. It's extraordinarily easy to implement and use. You can do some advanced things that require some expertise, but those levels of security would be more appropriate for larger enterprises.

We use the solution for Windows and non-Windows infrastructure. We have Falcon clients on all our machines.

We integrate with CyberArk, which includes DNA reporting, particularly for identifying old and ticket-based attacks. We’ve implemented this integration to receive risk-based scoring. Our strategy focuses on preventing privilege escalation, as our last major incident, NotPetya, resulted from this vulnerability. To address this, we’ve implemented measures through CyberArk and CrowdStrike.

When we encounter phishing attacks via email, we sandbox any reported items. Whenever a suspicious email is reported, we conduct sandboxing in CrowdStrike and block emails, domains, and IPs based on the resulting threat intelligence.

The most critical aspect is preventing privilege escalation, particularly for domain admins with the highest credentials. With our integration of CyberArk, passwords are never transmitted to the endpoint. Instead, a secure RDP file is created, and Falcon is used to prevent privilege escalation attempts.

As customers, we always update our systems whenever a new release is available, with clients connecting directly to the Internet for these updates. We have an agent who manages these updates on the clients, but as an organization, we don’t have control over them. CrowdStrike should assess the impact on endpoints before releasing such updates.

Our organization now seeks AI-based stock monitoring to prioritize thousands of alerts generated across various platforms. The AI integration is still in its early stages, so we would like to see Falcon develop tools that can integrate with multiple platforms and help identify the highest-priority alerts.

I have been using CrowdStrike Falcon Threat Intelligence since 2017. We are using the latest version of the solution.

I rate the solution’s stability a nine out of ten.

The integration part is very good. CrowdStrike collaborates with most security vendors, so it's very easy to get one platform for our risk factors across the enterprise.

40 thousand devices are using this solution. We get many alerts from Falcon, sometimes from end users and sometimes from Internet-facing servers.

I rate the solution's scalability a nine out of ten.

We struggle to get specialized resources from CrowdStrike in a few cases.

Neutral

CrowdStrike Falcon Black is an on-premise solution that was very complicated, so we faced performance issues. The main reason for the switch is the performance issues reported by multiple application owners.

Initially, we faced many challenges because we had to open ports from each of our subnets to Falcon, as it’s a SaaS solution. Each client needs to communicate with Falcon servers for threat intelligence. Due to the complexity of our network, we had to carefully consider all security aspects when opening the external communication ports to Falcon.

It took 25 to 30 days to deploy it completely.

We began with our Tier 0 servers, which had the most critical and highest privileges. After securing those, we moved on to Tier 1 and Tier 2 as we continued deployment. Our approach was to first address the highest risk factors across the enterprise and then gradually move on to securing endpoints like user desktops and laptops.

I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.

We took professional services from CrowdStrike, so it was done in-house with only two people: one from the execution team and one from the cybersecurity team.

When we track the annual priority cases, especially the security incidents, we have made many improvements. That is ROI in terms of tracking security incidents.

I rate the product’s pricing a six out of ten, where one is cheap and ten is expensive.

Most customer requirements focus on email security, so we’ve implemented Mimecast. CrowdStrike Falcon integrates with Mimecast, allowing us to provide advanced security beyond Office 365’s capabilities. With DMARC in place, Falcon helps us identify domains that pose a risk to the organization.

I advise you to look for customer feedback, and then they should also look for Gartner and other industry leaders so you get the ranking.

Overall, I rate the solution a seven out of ten.

Public Cloud

We provide a service for our clients with CrowdStrike Falcon. Alerts come into the CrowdStrike Falcon dashboard, and we investigate them based on the process tree and commands running. We check everything for any infections in the host or internal connections. If a threat is confirmed, we place it into the containment section inside Falcon. 

CrowdStrike improves our detection capabilities. We use multiple tools like Symantec and this one. CrowdStrike reports on the processes and services, allowing us to investigate forensically. We can conduct a deep analysis and identify the threat at the memory level. We can do more investigation of the process to see where it started and where it is going. We can see the commands running on the backend, CPU utilization, and memory consumption. All of that information is helpful. 

CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools. 

It's integrated with multiple threat intelligence sources, such as the AbuseIPDB. That integration helps because we can easily cross-check between CrowdStrike and other solutions like an MDR or Azure AD. Hybrid analysis is integrated with CrowdStrike in our environment. There's also sandbox analysis. It's more informative. We perform a routine activity in our test environment where we simulate the process and file.

CrowdStrike Falcon sometimes wrongly flags things as malicious. Let's say a user is active on Chrome only. Sometimes, our cross-segmenting will fetch from the backend data and show that it is malicious because of memory or CPU utilization.

I have used Falcon for more than two years. 

CrowdStrike Falcon is a stable solution.  

CrowdStrike is scalable. We can query large amounts of data, and the solution responds well, whereas Splunk takes a longer time to perform a search operation.

I rate CrowdStrike support 10 out of 10. They respond quickly and don't take much time to resolve all our issues.

Positive

I have used Symantec and Rapid7.

Falcon was already deployed when I started working. It requires some maintenance. We need to make some adjustments for some use cases, or we might need to implement upgrades that require downtime. 

CrowdStrike Falcon is expensive because it's based on the number of services. 

I rate CrowdStrike Falcon 10 out of 10. It has delivered some good results. 

On-premises