Director of IT at a tech services company with 51-200 employees
Real User
Top 20
Responsive and fast support, easy to deploy, well-tuned to ignore false positives
Pros and Cons
  • "We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
  • "It would be nice if the dashboard had some more information upfront, and looked a little better."

What is our primary use case?

We use this product for endpoint security and threat remediation.

How has it helped my organization?

The fact that this is a cloud-native solution that provides us with flexibility and always-on protection is absolutely important, especially with a good majority of our staff working remotely, now.

We've had security incidents that occurred and within a matter of just a couple of minutes, they were completely remediated and fixed and we didn't even have to think about it. We just got the report after the fact.

Falcon's ability to prevent breaches is excellent. It's affected us in that we haven't had any downtime as a result of breaches or any malware or anything like that. Ultimately, it's given us a lot of our time back. On the IT side, this is at least five to ten hours per week. On the user side, it is probably more.

What is most valuable?

The most valuable feature is threat remediation. We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur.

CrowdStrike takes care of all of the updates, so we don't even think about it or see it. This is great because we definitely spent a lot of time doing that kind of thing with our previous solution. Now that we haven't had to do it in four months, it's not even something we consider anymore.

We use both the endpoint and cloud workload protection and the detection and prevention it provides are excellent. It's tuned well to the fact that there can be a lot of false positives, so there's not a lot of potential issues that we're getting alerted about that aren't real. This means that when we do get alerts, we know that they're real and they're already being remediated for us.

What needs improvement?

It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.

Buyer's Guide
CrowdStrike Falcon
November 2022
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,522 professionals have used our research since 2012.

For how long have I used the solution?

I have been using CrowdStrike Falcon for approximately four months.

What do I think about the stability of the solution?

The stability is great and we haven't had a single issue.

What do I think about the scalability of the solution?

It was originally deployed to 200 users and we haven't really grown since we started, so I can't speak to scalability. This represents 100% adoption in our organization, and there are no current plans to grow. As we hire more people, our usage will increase.

There are two people who work with it on a daily basis. There is the director of IT and a network administrator.

How are customer service and support?

The technical support is excellent. I've only used it a couple of times and they were extremely responsive and very fast.

Which solution did I use previously and why did I switch?

Prior to implementing CrowdStrike, we used BlackBerry Cylance. We switched for the ability to have full remediation so that we didn't have to do it ourselves. Also, this product is pretty much best-in-class for endpoint protection.

The only real difference that we have found with CrowdStrike, compared to Cylance, is that we no longer have to spend time remediating our issues. The detection and prevention capabilities are similar, although, with CrowdStrike, we have fewer false positives.

How was the initial setup?

The initial setup is extremely easy. It took me about five minutes to deploy it to my entire organization of about 200 users. The single-center process is extremely important because it's something that we were worried about, but it turned out to be a non-issue because it only took five minutes and we haven't had to think about it again.

We initially had a plan for deployment but once we found out how easy it really turned out to be, it was basically a one-step plan.

What was our ROI?

Our return on investment comes from the fact that there is less downtime for people that do get malware and other such problems. That is something that can be quantified.

What's my experience with pricing, setup cost, and licensing?

We made use of the free trial and the process for getting set up was extremely easy. We spoke to our sales rep and in our discussions and demos, they offered the free trial. We accepted, they sent me a link and I downloaded the agent. I was then able to install it and login in less than five minutes.

Having the free trial was very important in making our decision to implement CrowdStrike because without being able to test it, it's not something that we would have chosen.

The pricing is definitely high but you get what you pay for, and it's not so high that it prices itself out of the market. That said, it's definitely one of the highest. There are no costs in addition to the standard licensing fees and the fact that it's keeping us safe, and it's proven that it works, is worth it.

Which other solutions did I evaluate?

We evaluated solutions from several vendors including Sophos, Trend Micro, McAfee, Kaspersky, and perhaps another one. A lot of these other endpoint solutions don't offer a full remediation option, and that was a big deal for us.

Also, reputation was important. We had used a couple of others in the past and there were issues where they would make an update that would negatively affect all of our computers. For example, our users could no longer access certain important websites. We haven't had that problem with CrowdStrike.

In terms of ease of use, CrowdStrike is extremely easy. Comparatively, we've had less time in the administration console than we have previously.

What other advice do I have?

My advice for anybody who is looking into implementing CrowdStrike is to go ahead and do it. There is nothing to worry about and they deliver as promised.

I would rate this solution a nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Syed Ubaid Ali Jafri - PeerSpot reviewer
Head of Cyber Defense & Offensive Security at Habib Bank Limited
Real User
Top 5Leaderboard
Good lateral movement and overwatch detections but requires improvements in the Mac environment
Pros and Cons
  • "The CS falcon agent is a lightweight agent compared with other agents of EDR products."
  • "CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine."

What is our primary use case?

The following is a list of use cases that were tested and evaluated against Crowd Strike along with different competitors.

1 - Execution of Fileless Ransomware - The test was conducted using PowerShell script execution, the script was executed using privileges rights and it was successful. Although all the preventive controls were enabled in the CS falcon dashboard, CS falcon had raised a red flag regarding fileless execution, however, the moment it let us know our system got encrypted.

2 - Uploading large volume of Data over the cloud - Using customized script in the USB, a test was conducted to copy (.docx, .xlsx, .pptx, .png, .jpg, .pdf, .txt, .rtf) files from the system. It performs a copy operation from the whole disk and creates a password-protected .zip file in APPDATA of the complete files, once the protected file is created it then checks the internet connectivity. As soon as the script finds connectivity with 8.8.8.8, 8.8.4.4. it starts sending the protected .ZIP file over its CnC cloud.

3 - Disabling of CS Falcon Agent - I have conducted a test to disable the Falcon agent from the Windows-based OS. The agent was successfully disabled by booting up another OS and renaming of agent files from the system.

4 - Perform Privilege Task in Crowd strike - CS roles have some additional privileges. While performing host containment, it has the ability to perform the following operations without informing the user: 

* Host Containment 
* Isolating the host from the network;
* Copying data from the host machine into the CS cloud;

Considering the above situation it may cause a breach of user privacy due to which user can file a complaint against InfoSec team.

How has it helped my organization?

The solution fits well in the organization and took out valuable output as expected from Endpoint Detection and Response solution.

This solution supersedes the requirement of an Endpoint Protection solution. The cost of EPP can be saved while using EDR.

One good thing is the active association of the Crowd Strike team in terms of support and coordination. 

Features that require further evaluation include:

Let's take an example of ten machines that require CS falcon agent installation. Apart from agent compatibility and ease of installation, one of the most important areas is the network bandwidth which would require whenever an agent updates the server through the cloud. 

An estimated network bandwidth utilization takes 0.4 MB/hour for a single machine to update its probes over the cloud. If we estimate the total working hours in our case it is eight hours, the formula would be 0.4 X 8 = 3.2 MB per host per day is the data uploading requirement on the cloud. It is highly recommended to assess a number of agents and the network bandwidth requirements.

What is most valuable?

The CS falcon agent is a lightweight agent compared with other agents of EDR products. Moreover, the following is the list of valuable features which I found very useful:
1 - Lateral Movement  
2 - Overwatch detections
3 - Custom IOC blocking
4 - Suspicious Process and Registry operations
5 - Azure/AWS agent installation and easy integration with SIEM
6 - Triage of the complete incident is well created in the CS dashboard. It helps to show complete details about the incident.
7 - It is an agent-based license not machine-based, so once the machine gets outdated/old, installation of the same agent license in another machine is possible.

What needs improvement?

Area of Improvement

The products still require improvement in the Apple environment (Mac). Currently, this solution (as of July 2022) is not compatible with MAC OS (X), Catalina, or Big Sur.

Similarly, the product is also not compatible with Unix-based systems including AIX, Darwin, and FreeBSD.

CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine.

Additional Features required in the Next release:

The product requires an add-on feature which should be a turnkey feature if it requires to be turned on to XDR no changes should be required to be made on the user end as the agent is already installed.

For how long have I used the solution?

The solution has been used for around two years, including the demo version with full features and final version with specific features.

This solution has been used without any compatibility issue and/or technical failure due to anti-virus installation.

When we procured Crowd Strike as an EDR it was on the Gartner top ranking as well.

The agent was being utilized in Windows Servers (2016, 2019), Linux Servers (Fedora, Red hat, Cent OS), Windows Endpoints (10, 11), and Mac. 

What do I think about the stability of the solution?

The solution is stable and we have used it for more than 2500+ hosts.

What do I think about the scalability of the solution?

It is a cloud-based solution - so scalability is not an issue.

How are customer service and support?

When it comes to customer service and support is that the principal engages whenever required.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

This was the first product that we evaluated out of 6 (six) products.

How was the initial setup?

The setup was straightforward and it's easy to use.

What about the implementation team?

A vendor team was engaged in the installation of the complete solution.

What's my experience with pricing, setup cost, and licensing?

Licensing is relatively low than other EDR solutions.

Which other solutions did I evaluate?

We evaluated Carbon Black and FireEye.

What other advice do I have?

Crowd Strike is a good solution. However, it requires you to build more features in protecting Endpoint agents for example:

DOM Improvement
DLL's Injections
Detection of CNC in Network Neighbors
Detection of similar attack surfaces in the network.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
CrowdStrike Falcon
November 2022
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,522 professionals have used our research since 2012.
Security Systems Analyst at a retailer with 5,001-10,000 employees
Real User
Top 10
Allows us to sleep better at night
Pros and Cons
  • "I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
  • "I would also like to see the endpoint firewall component produce some level of logging and feedback."

What is our primary use case?

CrowdStrike is a malware protection solution that is deployed on a private cloud across all areas of our organization. We have deployed the solution to 10,000 users. Roles-based it's the security team. 

We recently upgraded to a new feature that is set to roll out. CrowdStrike is a requirement, it's our standard. If you have a new OS deployed or a new server deployed, this is a required component. It has been automated as we grow and as we add more systems.

How has it helped my organization?

CrowdStrike allows us to sleep better at night.

What is most valuable?

I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution.

What needs improvement?

This solution lacks basic functionality, such as being able to perform on-demand scanning. This presents a challenge when it comes to the payment card industry, PCI which has that as built-in requirements for the PCI DSS standard.

I would also like to see the endpoint firewall component produce some level of logging and feedback. 

For how long have I used the solution?

I have been using CrowdStrike Falcon for three years.

What do I think about the stability of the solution?

CrowdStrike is very stable, we've had very few technical issues. The false positive rate is average. It has been very easy to manage and to determine where issues are.

What do I think about the scalability of the solution?

This solution is very scalable. It is easy to roll out more agents and is fairly automated. We have it deployed in multiple environments such as hybrid versus cloud versus private. 

How are customer service and support?

We have had very positive interactions with not only our manage service provider, but the vendor directly. They've offered good support when we've had some questions and concerns. Their documentation is fairly extensive.

Which solution did I use previously and why did I switch?

We follow trends to make sure we have the best product for our organizations. The one we were using fell behind a bit. We wanted something that was completely cloud-based so that the infrastructure wasn't on-prem and we wouldn't be required to manage the upgrades of servers and applications. 

How was the initial setup?

The initial setup was moderate. There is a lot to think about and a lot to plan out, however once that is done the actual deployment is straightforward. We used a tiered deployment, deploying the product in a learning mode or logging mode only. We also did a tiered deployment by division and then enabled features by division to make sure that if there was an impact, we could at least contain it to one area and revert back as quickly as possible.

What about the implementation team?

We deployed with an integrator. They were very knowledgeable and knew what they were doing. They involved the vendor when required. We use half of an FTE to maintain the solution. We also have a managed service provided that also integrated the log files from this product into our SIM. We are pointing all the logs to a log reporting utility that allows us to react to alerts. 

What was our ROI?

Because we are information security, we come with a price tag, unfortunately. When we look at it as a whole, we are able to sleep at night, we have a good solution and it is protecting us from the zero-days and the latest malware. I don't know what you put the cost of breach prevention at.  We feel we are using a product that is at the top of the industry. We are doing as much as we can to protect our organization, so there is the return on investment that way.

What's my experience with pricing, setup cost, and licensing?

We pay yearly for the solution. It makes it easier for budgeting purposes. We did incur additional costs when we implemented their firewall solution, calling it the endpoint firewall. 

Which other solutions did I evaluate?

We're constantly looking for other options the industry's top solutions and where the industry is going next. In cybersecurity, we ensure we are protected today but also make sure that we are thinking towards the future and analyzing other solutions to see if they are better, or potentially better in the future.

What other advice do I have?

If you are looking at CrowdStrike, plan appropriately. Make sure you have planned it out and do your testing. We found that it was legacy-friendly. We have a lot of legacy applications and we were concerned about that. We ran into some minor issues but we did find that it was friendly, however, there were some newer applications that the product did not interact with as well as we expected. They were easy fixes, but you should do your due diligence so you run into fewer surprises.

I would rate CrowdStrike a 9 out of 10.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cloud Solution architect at VaporVM
Real User
It has a good mechanism and a reporting feature and enables you to take quick action if there's a missing patch
Pros and Cons
  • "Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches."
  • "Dashboard creation is one of the areas for improvement in CrowdStrike Falcon. Sometimes, management asks for a custom dashboard, so my team has to collect data from CrowdStrike Falcon, integrate that in Splunk, then create the dashboard in Splunk. The Splunk dashboard is more elaborate, so the CrowdStrike Falcon dashboard needs improvement. Another area for improvement in the tool is the malware detection report, as it needs to be more detailed and include some graphics so that if you want to present that data in a nutshell, it's easier to do. For example, the report should consist of some graphical representation that shows a month's worth of data. In terms of an additional feature I'd like CrowdStrike Falcon to have, it's the device posture assessment feature that detects the device posture within the network. Whichever device connects to the corporate network, my company should be able to analyze the device posture. Then there should be communication with the network, which means that as soon as a device connects, CrowdStrike Falcon can assess the device posture, detect its corporate asset, and decide whether it should be allowed on the network."

What is our primary use case?

We primarily use CrowdStrike Falcon for malware detection, endpoints, and application behavior detection. The company has different teams, but our team handles the Windows and Mac hosts.

What is most valuable?

Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches.

What needs improvement?

Dashboard creation is one of the areas for improvement in CrowdStrike Falcon. Sometimes, management asks for a custom dashboard, so my team has to collect data from CrowdStrike Falcon, integrate that in Splunk, then create the dashboard in Splunk. The Splunk dashboard is more elaborate, so the CrowdStrike Falcon dashboard needs improvement.

Another area for improvement in the tool is the malware detection report, as it needs to be more detailed and include some graphics so that if you want to present that data in a nutshell, it's easier to do. For example, the report should consist of some graphical representation that shows a month's worth of data.

In terms of an additional feature I'd like CrowdStrike Falcon to have, it's the device posture assessment feature that detects the device posture within the network. Whichever device connects to the corporate network, my company should be able to analyze the device posture. Then there should be communication with the network, which means that as soon as a device connects, CrowdStrike Falcon can assess the device posture, detect its corporate asset, and decide whether it should be allowed on the network.

For how long have I used the solution?

I've been using CrowdStrike Falcon since January or February, so it's been eleven months, but my company used it even before I joined the organization.

What do I think about the stability of the solution?

Overall, CrowdStrike Falcon is a stable product. My company is satisfied with its stability.

What do I think about the scalability of the solution?

Per my experience, CrowdStrike Falcon is scalable.

How are customer service and support?

The CrowdStrike Falcon technical support is good because it's responsive, and the team reverts to you within a reasonable timeframe and in an excellent manner, which is essential for support. However, my team didn't have many cases because CrowdStrike Falcon doesn't require much support.

My company also took product training and implemented the learnings within the environment. CrowdStrike Falcon is effective and gives the required throughput and output, so in the last ten or eleven months, support cases have been very low, but whenever an issue is raised, the level of support has beeexcellentod.

Which solution did I use previously and why did I switch?

The company previously used Kaspersky, but CrowdStrike Falcon was far better. I heard that there was some attack, and Kaspersky couldn't handle that. CrowdStrike Falcon, on the other hand, offers excellent protection even from multiple malware attacks, and it has a good application behavior analysis feature.

My company did extensive penetration testing on CrowdStrike Falcon, which had good or far better results than Kaspersky. The company had a bad experience with Kaspersky.

How was the initial setup?

The initial setup for CrowdStrike Falcon is moderate in terms of difficulty, so it's not very easy, but it's not complex as well.

How long the setup takes depends on how you want to deploy CrowdStrike Falcon, but at the moment, it doesn't take much time for my company. It's quicker, but any company implementing CrowdStrike Falcon for the first time may need some good training or some hands-on experience. Otherwise, compared to other products, I would say CrowdStrike Falcon is better, implementation-wise.

What's my experience with pricing, setup cost, and licensing?

As I'm part of the technical team, not the budgeting team, I don't have information on CrowdStrike Falcon pricing.

What other advice do I have?

My company uses multiple products related to cybersecurity, for example, Netskope. For endpoint security, my company uses Microsoft Defender ATP and Endgame. My company is also working with CrowdStrike Falcon. For vulnerability management, my company uses Qualys, in particular for the AWS environment.

I don't remember the exact version of CrowdStrike Falcon I'm using, but I know that the tool is on Windows, Mac, and some AWS environments within the company.

Within the company, the total number of endpoints is around seven hundred. Two admins handle the endpoints for CrowdStrike Falcon.

My advice for anyone looking to implement CrowdStrike Falcon is to go for it, especially if you want to add value to your cybersecurity, specifically endpoint protection and application behavior analysis. CrowdStrike Falcon has reliable results, so I prefer it over other tools.

My rating for CrowdStrike Falcon is nine out of ten.

My company is a customer, and not a partner of CrowdStrike Falcon.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Director - IT Security Operations at a manufacturing company with 10,001+ employees
Real User
Allows us to stay in business by keeping our systems up
Pros and Cons
  • "CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
  • "CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."

What is our primary use case?

It blocks all the stuff bad actors are trying to do to our users.

All our end user systems and servers are on-prem and cloud workstations desktops everywhere.

We are using the latest version minus one release (N-1).

How has it helped my organization?

It provided us visibility into our endpoints that we did not have before. The telemetry and data that it collects allows us to respond to possible incidents much faster, containing the host as well as jump on the host for remediation.

CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and kept our systems up.

What is most valuable?

CrowdStrike endpoint detection and response (EDR) is excellent. It blocks the bad stuff without user interaction, allowing us to stay in business. For example, one of our service providers has been down for five days now with ransomware. Also, four of our partners have been down over the past two months with cyberattacks, and we can't do business with our partners.

What needs improvement?

CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it.

For how long have I used the solution?

I have been using it for a little over three years.

What do I think about the stability of the solution?

The stability is very stable. There have been no issues.

We have automated all our CrowdStrike Falcon updates.

What do I think about the scalability of the solution?

It is very scalable. There have been no issues at all.

How are customer service and technical support?

CrowdStrike's technical support is excellent:

  • Quick to respond
  • Quick to help
  • Very responsive
  • They have always been able to solve the issue.

Which solution did I use previously and why did I switch?

I was a McAfee customer for 20 years before switching. It was like night and day, where McAfee is old technology, and CrowdStrike Falcon is new technology. On a scale of one to 10, McAfee is at one and CrowdStrike Falcon is at 10. There is a really big difference.

We came from an on-premises solution. With more people working remotely, that became an issue. The fact that this is a cloud-native solution provides us with flexibility and always-on protection.

How was the initial setup?

It was very easy to deploy the solution’s single sensor. We used our deployment tools to push it out. Because it is a single agent, it is very lightweight, easy to install, and updates itself. We came from a competitor who had multiple agents, upgrades, and DAT files, where you could have very few of these with 100 percent working. However, since there were six different modules, they all had to be kept updated, which was a nightmare. 

This solution was a simple, easy push. Once it is on there, it updates automatically and we don't have any issues.

For deployment, we use a tool called Quest KACE. We also use SCCM.

We did about 10,000 hosts in around two months. We have had growth through acquisition. Now, we have 12,000 hosts.

What about the implementation team?

We did it ourselves.

For the deployment, there was one FTE (a Level 2 PC technician) for eight weeks. For maintenance, it is pretty much set and forget it. There is very minimal maintenance and zero dedicated staff.

What's my experience with pricing, setup cost, and licensing?

We bought a very small number of licenses, then ran it for a year. We bought a 100 licenses for a year, so we didn't actually do a proof of concept. We just bought them. Then, the next year, we bought 10,000 licenses.

We received a quote three years ago, and it was almost seven figures. CrowdStrike got money from investors to displace competitors, like Symantec and McAfee. Then, our quote was very low, which is why we were able to do this. The first year, the quote was almost a million dollars. The second year, it was a little over $100,000.

Which other solutions did I evaluate?

We also evaluated Cylance and Carbon Black. We went with CrowdStrike Falcon because of the single agent and price. The other solutions required multiple agents, and I did not like that at all.

Compared to the other solutions that we evaluated, CrowdStrike Falcon has a similar ease of use.

What other advice do I have?

We are a very happy CrowdStrike Falcon customer. I highly recommended it. It works.

I would rate this solution as 10 out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Park Armstrong - PeerSpot reviewer
Chief Technical and Solution Architect at Vertigo Inc.
Real User
Top 5Leaderboard
Beneficial crowdsourcing intelligence, robust, and useful multi-tenant architecture
Pros and Cons
  • "The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
  • "The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."

What is our primary use case?

I use CrowdStrike Falcon for endpoint security and compliance auditing.

How has it helped my organization?

We use CrowdStrike Falcon for discovery when anything goes wrong because it gives us a full history of what's happening. It acts as a preventative model for inappropriate activity. Additionally, we use it for compliance reasons.

What is most valuable?

The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence.

What needs improvement?

The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool.

In a future release, the mobile space can use improvement. However, some of those constrained are by Apple and other platforms as to what they can do on the platform. Some of the limitations are industry-based.

For how long have I used the solution?

I have been using CrowdStrike Falcon for approximately one year.

What do I think about the stability of the solution?

The stability of CrowdStrike Falcon is great, I have never had the slightest problems.

What do I think about the scalability of the solution?

CrowdStrike Falcon is highly scalable.

CrowdStrike Falcon is implemented company-wide on every device.

I have approximately one hundred protected endpoints, but the number of users that log on to the tools is approximately four.

How are customer service and support?

CrowdStrike Falcon needs to better its SE sales engineer team. The people didn't fully understand all the different parts of their solution. It's the endpoint protection and it is the essence of what we're trying to receive, they should know their solution very well.

I rate the support from CrowdStrike Falcon a three out of five.

Which solution did I use previously and why did I switch?

I previously used an anti-virus solution, but it didn't do all the things I needed regarding endpoint protection. That's why I added the CrowdStrike Falcon piece to the puzzle. I still have the anti-virus running. I don't need it technically, but I still have it running.

How was the initial setup?

The initial setup of CrowdStrike Falcon is in the medium range of difficulty. You will need a coach and be guided through it.

The time it took to do the full implementation from the beginning to end, from when the contract was turned on, and by the time I turned it on and had everything up was fairly fast because we piloted CrowdStrike Falcon at first. When I bought the solution, it was almost fully implemented. The full process took approximately two months.

I rate the ease of deployment for CrowdStrike Falcon a two out of five.

What about the implementation team?

We had some coaching help from the vendor to do the implementation of the solution. We have three people that can manage this solution.

What was our ROI?

This is not a tool you buy because it gives a return on investment. It's a tool you buy because the cost of not having it is far greater than the cost of having it if you have a problem.

What's my experience with pricing, setup cost, and licensing?

There are approximately a hundred different modules you have to purchase, depending on what you want to do. I have most of the modules. How it works is you buy the portfolio, you have to decide all the components you want in it, and then they price out a bundle for you. I have almost all of the package features in my bundle. You only need to pay for the modules you want.

The cost of CrowdStrike Falcon annually is approximately $10,000.

I rate the price of CrowdStrike Falcon a three out of five.

Which other solutions did I evaluate?

I studied the entire industry before choosing CrowdStrike Falcon. I evaluated many other solutions, such as Manage Engine, Malwarebytes, Checkpoint, McAfee, and Microsoft.

We choose CrowdStrike Falcon because it was fit for the purpose of our business. I needed a cloud solution and I needed it to be a SAS offering that was easy to use. It boiled down to features and fit for purpose, not features and functionality.

CrowdStrike Falcon platform was more robust. It was a true multi-tenant architecture, not a hosted instance. The crowdsourcing nature of CrowdStrike Falcon is a large benefit, all of the threat data is real-time and applied to you real-time from all around the world.

What other advice do I have?

My advice to others is to take a serious look at CrowdStrike Falcon. It's a good solution.

I rate CrowdStrike Falcon an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Garnett Kirk - PeerSpot reviewer
Information Security, Sr. Analyst at a wholesaler/distributor with 10,001+ employees
Real User
Top 10
Good support, activity dashboard provides a holistic view from a security standpoint
Pros and Cons
  • "The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint."
  • "We would like to be able to perform on-demand scanning, rather than relying on the scheduler."

What is our primary use case?

We use CrowdStrike Falcon as our EDR solution, including antivirus.

How has it helped my organization?

As Symantec ended its endpoint protection, we were able to roll out CrowdStrike.

It is important to us that CrowdStrike is cloud-based because the way I understand it, that's their main engine for their next-gen EDR solution. The fact that it's cloud-native, flexible, and offers always-on protection is important because we want to have 24-hour monitoring of our environment. It is important to us that we don't have to worry about upgrades.

This product has worked flawlessly to prevent breaches, and then it has allowed us to prevent any downtime.

It has minimized our footprint because having the ability to implement the prevention policies has allowed us to focus on other projects. The prevention policies are working for us.

What is most valuable?

The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint.

What needs improvement?

We would like to be able to perform on-demand scanning, rather than relying on the scheduler. Right now, CrowdStrike does not have an on-demand scanner. They have the always-on, but we have found instances where artifacts are being blocked from running, but they're not being removed. With an on-demand scanner, we would have the ability to remove those artifacts from an end user's machine.

I would like to see the multi-site environment functionality added in the next release. Currently, we are working under a single-site environment, and on the roadmap, they mentioned having the ability to have a multi-site environment.

For how long have I used the solution?

We have been using CrowdStrike Falcon for approximately eight months.

What do I think about the stability of the solution?

Stability-wise, they are very advanced in the next-gen antivirus game. CrowdStrike Falcon is always available.

What do I think about the scalability of the solution?

We have approximately 5,000 machines that are being managed. As time moves on, this number will grow, but we don't expect it to get larger in the near future.

How are customer service and technical support?

I would rate the technical support that we received during the deployment, as well as post-deployment, very well. They were very knowledgeable and gave us all of the tools we needed to have a successful deployment.

Which solution did I use previously and why did I switch?

Prior to Falcon, we were using Symantec antivirus. It was out of date, which is why we replaced it.

How was the initial setup?

It is very easy to deploy the solution's sensor to our endpoints. We use an automated process. 

Our deployment took between two and three months, with paperwork, communication, and roll-out timeframes. Our implementation strategy included using IBM's BigFix application to push to Windows machines, and then we used a solution for the Mac to push it out remotely as well.

What about the implementation team?

Our IT Services team deployed this solution, and they leveraged consultants from CrowdStirke to get the proper packages for the process.

I'm sure that there is administration and upgrades to do, as sensors need to be updated or policies need to be adjusted. We have a group of approximately five people who are security engineers, IT Services, and directors who use it.

What's my experience with pricing, setup cost, and licensing?

With respect to pricing, my suggestion to others is to evaluate the environment and purchase what you need.

Which other solutions did I evaluate?

We looked at different options, such as Carbon Black, as we were replacing Symantec as our EDR solution, and CrowdStrike was the top winner. CrowdStrike is always on, 24 hours. Analysis, with the prevention and the detection policies, as well as the USB policies, are all very beneficial. The one thing that CrowdStrike did not have is the on-demand scanner.

What other advice do I have?

My advice for anybody who is interested in implementing CrowdStrike Falcon is to review and evaluate your environment and compare their EDR solutions.

I would rate this solution a ten out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:
PeerSpot user
Product Manager at a tech vendor with 11-50 employees
Real User
Top 5
Offers excellent protection with great integration and fast customer support
Pros and Cons
  • "The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
  • "I have experience with a product called SentinelOne, which has a feature that allows for the customization of query languages. I would like to see such a feature for CloudStrike."

What is our primary use case?

We use the solution for security and in demonstrations to our partners.

What is most valuable?

The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product.

What needs improvement?

I have experience with a product called SentinelOne, which has a feature that allows for the customization of query languages. I would like to see such a feature for CrowdStrike

I want to be able to create independent groups, each managed by its own admin, so I can isolate the group I use for demonstration purposes.

I have heard about CrowdStrike collecting personal information for marketing purposes, but that's not something I was looking for.

For how long have I used the solution?

I've been using this solution for about six months.

What do I think about the stability of the solution?

The stability of the solution varies, several weeks ago I had some difficulties deploying CrowdStrike. It may have been a bug in the latest update, but a few days later this problem was solved. Sometimes there are issues and CrowdStrike deals with them very quickly. 

What do I think about the scalability of the solution?

It amazes me. For instance, we have an end-user with 15,000 users right now and we deployed it in one week. It's a very short time considering other solutions, some of which can take one to two years to deploy completely.

How are customer service and support?

I have contacted customer support four times and they have a very quick response time which is really satisfying. I believe the support team is good.  

How would you rate customer service and support?

Positive

How was the initial setup?

It's pretty straightforward but with Linux if there is a kernel conflict, you may have to change your kernel version and then restart. I can't say with certainty that you won't need to restart during installation. 
It took us 15 minutes to deploy the solution for eight users. 

What about the implementation team?

I personally implemented the product.

What was our ROI?

In a week

What's my experience with pricing, setup cost, and licensing?

It's an expensive solution but you get a very good product for the price. Since having threat hunters and analysts cost much more than the product itself. Compared to other products, SentinelOne is definitely cheaper and the Microsoft E5 package is probably more expensive. Not many companies are willing to purchase CrowdStrike Falcon in our region due to the cost, but the market is changing. Brand awareness is increasing day by day along with the knowledge of what CrowdStrike is capable of by users and user candidates.
This solution, as well as other EDR tools, are selling slowly in our region but this will speed up in the near future. Some companies are already asking for an MSSP version of the product. 

What other advice do I have?

Our end-users and partners want to know which data are going to be collected. Financial institutions need to know what is included in the telemetry data.
As a distributor, in our region it's mandatory for us to implement, as it wouldn't make sense for us to go to partners and end users with other solutions. 

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer: partner/reseller
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free CrowdStrike Falcon Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2022
Buyer's Guide
Download our free CrowdStrike Falcon Report and get advice and tips from experienced pros sharing their opinions.