CrowdStrike Falcon Reviews

We provide a service for our clients with CrowdStrike Falcon. Alerts come into the CrowdStrike Falcon dashboard, and we investigate them based on the process tree and commands running. We check everything for any infections in the host or internal connections. If a threat is confirmed, we place it into the containment section inside Falcon. 

CrowdStrike improves our detection capabilities. We use multiple tools like Symantec and this one. CrowdStrike reports on the processes and services, allowing us to investigate forensically. We can conduct a deep analysis and identify the threat at the memory level. We can do more investigation of the process to see where it started and where it is going. We can see the commands running on the backend, CPU utilization, and memory consumption. All of that information is helpful. 

CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools. 

It's integrated with multiple threat intelligence sources, such as the AbuseIPDB. That integration helps because we can easily cross-check between CrowdStrike and other solutions like an MDR or Azure AD. Hybrid analysis is integrated with CrowdStrike in our environment. There's also sandbox analysis. It's more informative. We perform a routine activity in our test environment where we simulate the process and file.

CrowdStrike Falcon sometimes wrongly flags things as malicious. Let's say a user is active on Chrome only. Sometimes, our cross-segmenting will fetch from the backend data and show that it is malicious because of memory or CPU utilization.

I have used Falcon for more than two years. 

CrowdStrike Falcon is a stable solution.  

CrowdStrike is scalable. We can query large amounts of data, and the solution responds well, whereas Splunk takes a longer time to perform a search operation.

I rate CrowdStrike support 10 out of 10. They respond quickly and don't take much time to resolve all our issues.

Positive

I have used Symantec and Rapid7.

Falcon was already deployed when I started working. It requires some maintenance. We need to make some adjustments for some use cases, or we might need to implement upgrades that require downtime. 

CrowdStrike Falcon is expensive because it's based on the number of services. 

I rate CrowdStrike Falcon 10 out of 10. It has delivered some good results. 

We use CrowdStrike Falcon as a managed SOC for intrusion detection on our endpoints.

Being a cloud-native solution, CrowdStrike Falcon provides flexibility and always-on protection. This is extremely important to have the best protection available.

It is a fully managed service, so they provide all the necessary updates for us which is helpful.

While CrowdStrike Falcon provides us with better peace of mind in terms of protection, it also generates alerts for potential threats, requiring our investigation. However, the platform further alleviates our anxiety by automatically reviewing unaddressed alerts, offering an additional layer of security. This coverage fosters a heightened sense of security.

CrowdStrike Falcon has been instrumental in preventing breaches, allowing us to operate with significantly increased security compared to the past. This has provided us with much greater peace of mind. While no security solution is foolproof, Falcon has brought us remarkably close. 

The anomaly detection is the most valuable feature.

The portal can be clunky to navigate at times and has room for improvement.

I have been using CrowdStrike Falcon for two years.

I would rate the stability of CrowdStrike Falcon a nine out of ten. The only issue I have had is with an old version of the endpoint that was installed and has proven to be problematic. 

CrowdStrike Falcon is scalable.

The technical support is good and they provide prompt responses to all of our questions.

Positive

We implemented CrowdStrike Falcon in response to a security incident. It was the first endpoint detection and response service we had ever used, and we've been utilizing it since 2021.

Deploying the sensors to our endpoints is straightforward. We do have a manual process for deploying the sensors to our endpoints. There are also options to do it through a group policy. It doesn't seem overly complex.

We rolled the solution out to our entire estate which took just over one week. We had up to 300 endpoints and required a team of five people to complete the deployment.

CrowdStrike Falcon enables us to save on resources which in turn provides a 20 percent return on investment.

CrowdStrike Falcon offers excellent value for the money for our organization, particularly given our lean IT team. We lack the resources to replicate the full security services they provide without hiring additional personnel. The cost of Falcon is likely comparable to, or even less than, the salary and benefits we'd need for an extra employee. Furthermore, their on-call experts have more expertise, further enhancing the value proposition.

After a year, we reevaluated our endpoint security solution. We considered several options, including Arctic Wolf, SentinelOne, and Darktrace, alongside our existing Fortinet solutions. We participated in demos and ultimately determined that CrowdStrike's offering, both current and future, remained the best fit. While we hadn't initially explored other options before choosing CrowdStrike, external factors subsequently forced our hand. However, after a year of use and further evaluation, we reaffirmed our decision, concluding that CrowdStrike was still the most suitable solution for our needs.

I would rate CrowdStrike Falcon a nine out of ten.

We have around 300 endpoints and three people who have access to the solution.

Three people are required for maintenance.

CrowdStrike Falcon was recommended by our head office in Germany.

I recommend CrowdStrike Falcon. 

It gives an overview and insights into my AD accounts. It shows if any identity, like an AD user, is compromised, has a weak password, or is logging in from an unusual system. Any anomalies.

I like the insights and detailed view of my AD structure. How protected it is, or is there any loophole or an area that needs more protection. 

Another feature I like is that it gives insights into all my domain controllers and ADCs. The configuration is also really easy.

The real-time monitoring feature is good. For example, a user account is hacked. It alerts me that it's been hacked and prompts me to look into it or have the user change their password. I can then log in to my AD, change the password, or notify the user that their account has been compromised and ask them to change their password.

AI capabilities of CrowdStrike are also good. 

When I use Identity Protection, I want the full stack, like going for XDR. If anything happens, like a laptop being compromised using a password, it gives me the entire attack flow. For example, the attack came from a particular user, like an IT admin. If their identity is hacked and they log into multiple systems, and those systems are affected, we can see those details and provide good support or recovery for customers and partners.

I'm concerned about the recent issue in July 2024. It involved a faulty content configuration update. What if another update causes the same problem again?

I have been using it for two years.

Stability, I would rate it as a seven out of ten. There are a few instances where our customers have complained about the digital signatures it uses. Sometimes, even if you create a policy, it still tends to block it. A few applications get flagged as malicious even though the customer trusts them. Even if you create an exception rule, it might still block it after a few weeks. Also, there's the recent issue we faced with CrowdStrike and Windows. So, based on that, I'd give it a seven out of ten.

There is room for improvement. They need to conduct more thorough R&D before releasing updates. I think they didn't do that this time, but it was just a one-time issue. However, what if it happens again? That's a concern.

Scalability-wise, I would give it a ten out of ten. It's simple because it's a SaaS solution. For example, this month, I have 50 users. Next month, I have 50 additional users. I just need to buy more licenses and add those systems to CrowdStrike. If I need to put them in certain groups with specific policies, that's easy too.

We work with all types of businesses, including small, medium, and enterprise businesses. Scalability is simple. I don't even need to install it on my laptop. One more good thing is that it offers an XDR view where I can add other components, like the email security solution Proofpoint. I can integrate it, so I'll get my emails and everything will be in a single pane of glass.  

We have a Technical Account Manager (TAM). We can directly call them and raise a ticket. Initially, it was a six or even a five because we had to send an email, and it would take three to four days for them to reply. Now, with the TAM, we can get issues resolved faster.

Positive

I have experience with CrowdStrike, apart from their Cloud Security offering, which is on GCP. I've worked with CrowdStrike Identity Protection, Device Control, Device Control, EDR, XDR - basically everything except their cloud solution.

The initial setup is straightforward. I don't need to install an agent in my AD, and I can get alerts from my read-only domain controller, which is also good.

I would rate my experience with the initial setup a ten out of ten, with ten being easy and one being difficult. 

It's not required to deploy on-premises. It's a SaaS solution. I just need to download the agent and install it on each of my devices, whether they're VMs or my laptop. 

One more good thing is that I don't need to be in my office network for it to keep protecting me. I can take the system home, and it will still be protected.

The deployment itself takes about a day to install everything if it's user-based. But for CrowdStrike to learn what to block and what not to block in your specific environment, it will take easily about two weeks. There will be some applications that it might consider a threat because it's a next-gen AV that uses AI. 

So, some applications the customer uses might be flagged. I can whitelist them or create a policy to allow them. That's also a very good feature of CrowdStrike. 

So, for the initial setup takes two weeks. For it to get to know your environment and work smoothly, just to install agents and set up the dashboard, policies, and all that, it takes about one day.

It offers seamless integration with the existing security infrastructure. We haven't faced any challenges because our customers use CrowdStrike only for endpoint and server security. They haven't gone to the XDR level yet. However, many other OEMs I've spoken to, like Zerto, have said that the CrowdStrike and Zerto integration is very seamless. So, if anything happens on my server end, I'll know when it happened and what the issue is from CrowdStrike. Or, for example a ransomware attack happens, I can restore from my Zerto application.

The benefit I've seen is their backend, which powers the EDR, XDR, and NGAV. It's really good because it can detect anything due to the wide range of customers they have. 

For example, one customer has a vulnerability because of a zero-day attack. All the other customers will benefit because it propagates to the cloud and analyzes if other customers are on the same version of the drivers or any other Windows patch. If they are, it will tell us that there's an issue and provide remediation steps. Many of our customers find this very helpful. It's called the CrowdStrike community.

I would rate it a seven out of ten, where one is cheap, and ten is expensive because it's a bit on the costlier side. Compared to Symantec or Trend Micro, CrowdStrike is more expensive.

Overall, I would rate the product an eight out of ten because of one recent issue that happened. 

I'm concerned about the recent issue that happened. What if another update causes the same problem again? Is it really as good as it seems? Even our customers have given very good feedback, they get more insights into what's happening, what they should do, and what remediation steps to take. So, in that way, it's very good.

I would recommend it, especially if you're going for endpoint security. I'd definitely recommend CrowdStrike first because it's more mature than SentinelOne and other EDR solutions in the APAC region.

I used the tool since my company wanted a product with next-generation antivirus and EDR, as it can help with the detection of malicious activities and behavior detection, and the MI and machine learning part in the tool also helps.

Only for the customized IOCs, there is a need to highlight certain aspects, and based on it, we get to block only the hash values but is not based on the file name, like .exe, or other extensions, so I can't block them, making it in an area where the solution needs to improve.

My company had raised a concern with CrowdStrike's support team when one of the antivirus applications that communicates with CrowdStrike started misbehaving. For both the aforementioned tools, the same support ticket had to be raised. If my company had to provide any suggestions regarding the whitelisting part, there was a delay of over a month when dealing with the product's support team. If the tool's support team suggests users follow certain steps, and if it is not followed or is not in progress, then after two or three days, the tool's support team needs to join a video call and provide a resolution to the users.

Some policies in the tool need to be fine-tuned. Customized IOCs need to be improved since they have certain shortcomings. With the customized IOCs, it can be made possible to block a file extension with a filename or file extension type of blocking. Providing users with the ability to customize policies would be a good improvement to the solution.

I have been using CrowdStrike Falcon Threat Intelligence for a year. I am a user of the tool.

Stability-wise, I rate the solution an eight and a half out of ten.

Scalability-wise, I rate the solution an eight out of ten.

My company's cybersecurity and IT security team use the tool. In my company, there are 15,000 users. For servers, there are 1,500 users.

Right now, there is no need to increase the usage of the tool.

The solution's technical support is not good. I rate the technical support a four to five out of ten.

Neutral

I have experience with Palo Alto.

The detection and other functionalities in CrowdStrike and Palo Alto are the same, but cost-wise, CrowdStrike is reasonable. Technically, I would prefer Palo Alto over CrowdStrike.

The product's deployment phase is easy. I rate the setup phase of the tool as a ten on a scale where one is difficult and ten means it is an easy process.

The solution can be deployed in the cloud and on an on-premises model.

The solution can be initially deployed in a minute.

Considering the number of users, servers, cloud, and on-premises environment, it hardly takes 15 to 20 days. When there are laptop and desktop users who are online, and there is a need to install the agent, then there can be some issues, and with such minor things, ten days are more than enough for the installation.

CrowdStrike is a reasonably priced tool.

In terms of the ability of the tool to deal with threats, I would say that the product does it by around 85 percent.

The real-time response of the tool is good, and I feel it is around 90 to 95 percent.

The tool's incident-handling capability is good.

Considering the influence of the product on our company over some time, I would say that the solution is cost-effective and offers good threat detection features. The tool's interface is also good.

The tool's AI features are good, but they are not useful for our company since the area of detection is not something in our bucket right now.

If you have a big budget, go with Palo Alto. If you have a low budget and want a tool that provides more accuracy during detection, then it is better to go with CrowdStrike.

I rate the tool a nine out of ten.

CrowdStrike Falcon is our platform for IT security, encompassing endpoint security, cloud security, and EDR capabilities.

CrowdStrike protected us from a cyberattack. That's why I believe it's a very effective product. It's already prevented attacks on 2 occasions. It successfully quarantined suspicious files, essentially making our organization much safer.

We also leverage CrowdStrike Falcon Overwatch, a managed threat-hunting service offered by CrowdStrike. This service complements CrowdStrike's EDR functionality, which provides automated detection and response capabilities against external attacks. In our case, CrowdStrike successfully identified and automatically contained a cyberattack launched against our organization.

Our CrowdStrike Falcon integration with our SIEM is proving to be flexible.

The most valuable aspects of CrowdStrike Falcon for me are its device observability, identification, and software and OS recognition. It also excels in external media control, particularly USB access. The ability to disable USB access to flash drives significantly improves security.

Furthermore, Falcon helps identify patches needed for Windows, Mac, and other operating systems. This provides valuable reports and insights into our system vulnerabilities, allowing us to proactively address them.

If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products.

I have been using CrowdStrike Falcon for 2 years.

I would rate the stability of CrowdStrike Falcon 8 out of 10.

We've deployed CrowdStrike Falcon across all 3,000 of our endpoints, and it has demonstrated excellent scalability. Therefore, scalability is not a concern for CrowdStrike in terms of performance or its ability to handle growth.

I would rate the scalability a 9 out of 10.

The deployment was straightforward, taking 2 months for 3,000 endpoints. We implemented it directly where needed. The process was simple and easy. We believe this approach offers advantages due to its lower complexity compared to other methods. Careful planning was essential, and with a clear plan for sensor installation, we were able to execute the deployment successfully.

While a third party handled the implementation, the OEM provided us with direct training on Falcon alongside CrowdStrike.

CrowdStrike Falcon has demonstrably provided a positive return on investment. We've already encountered two specific instances where, without CrowdStrike, the company would have faced millions in damages. In one case, we would have likely lost our entire SAP system.

The pricing of CrowdStrike Falcon is competitive.

After evaluating SentinelOne, we found CrowdStrike to be a superior solution. CrowdStrike offers advantages in dashboard compatibility and a feature called Overwatch, which gives it a competitive edge.

I would rate CrowdStrike Falcon 8 out of 10.

CrowdStrike Falcon is deployed in multiple branches across India.

No maintenance is required from our end.

I recommend CrowdStrike Falcon. It is not a solution we need to think twice about using.

We use the product for cloud security. We use it for prevention, to watch for gaps in security. We work with customers seeking prevention for advanced apps. 

Sometimes a customer has multiple solutions that come at a higher cost. They have to pay for all of these other security features. With CrowdStrike, customers get one agent for all system operations. It offers more security for remote work and clients gain access to the latest protections.

The solution offers good features. The prevention and device control are useful. It offers helpful firewall management and identity protection.

They've reduced the complexity and provide better security outcomes. Customers tend to prefer CrowdStrike. 

It's easy to deploy and manage.

The solution isn't known in my market. The brand isn't as recognizable. Their shortcomings are more on the marketing side. Everyone knows Microsoft Defender. Customers need to hear more about CrowdStrike and all the advantages and features on offer. 

We've used the solution for three to four months. 

I haven't had any issues with bugs or glitches. I haven't had a problem with stability so far. 

The capability to scale so far has been good. 

Technical support is good. 

Positive

I'm also familiar with Microsoft Defender. However, Defender works best with Microsoft and not necessarily other legacy applications. With CrowdStrike, you can secure all system operations and versions. It's easier to deploy and operate. 

The deployment is seamless and users get immediate protection. It's lightweight. There's one agent deployed to endpoints in minutes. The product offers consistent coverage. There's no complex integrations and it doesn't need fine-tuning. In comparison, Defender can be more complex.

CrowdStrike can be deployed on any operating system, not just Microsoft. 

There isn't really maintenance, it's set and forget. The agent updates automatically and receives continuous security updates, enabling immediate enforcement across endpoints. 

The solution is well worth the cost.

The costs are predictable. There are no surprises. 

In Chile, there are not a lot of CrowdStrike partners of the managed service; therefore, it's a little more expensive than Microsoft, as there are so many more managed partners for Microsoft. That said, if you look at the total cost of ownership, CrowStrike is better than Microsoft.

We're a reseller. We're still new to CrowdStrike. 

I'd rate the solution eight out of ten. The cost is good and they offer better tech support. Also, the protection is wonderful. 

We use CrowdStrike Falcon for both our server and endpoint security, including our users' laptops and PCs.

CrowdStrike Falcon has made a significant difference for us, especially in mitigating ransomware and zero-day attacks. Its proactive and defensive response approach effectively isolates threats, setting it apart from other endpoint solutions.

Integrating CrowdStrike Falcon into our environment was seamless. Once we set the policy the software was activated immediately and distributed on all our endpoints.

The real-time response is highly effective. It automatically takes immediate action whenever it detects suspicious activity, alerting us to the problem and providing clear mitigation steps. In some cases, it even pushes through updates to resolve the issue proactively.

The usability and interface of CrowdStrike Falcon for daily operations are good. 

The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action.

CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR.

The pricing has room for improvement.

I have been using CrowdStrike Falcon for three years.

In the three years of using CrowdStrike Falcon, we have not encountered any stability issues.

CrowdStrike Falcon scales well. We are using it in a large environment with no problems.

The technical support is responsive.

Positive

We previously used both Symantec Endpoint Detection and Response and Kaspersky Endpoint Detection and Response but found that they lacked the 24/7/365 monitoring and response offered by CrowdStrike Falcon. Additionally, their detection capabilities, particularly for ransomware and zero-day attacks, were not as effective.

The initial deployment was straightforward and non-disruptive. The deployment took one week to complete.

We required two people from our organization for the deployment on-site and the CrowdStrike team worked remotely.

The CrowdStrike team helped with the implementation.

CrowdStrike Falcon is one of the more expensive endpoint solutions on the market.

I would rate CrowdStrike Falcon an eight out of ten.

We deployed CrowdStrike Falcon across all our locations, including subsidiaries and remote sites in various regions.

Maintaining CrowdStrike Falcon is simple because it only requires a client agent to be installed on the machine at the kernel level, below the operating system.

We're installing the solution on some of our external servers. It has a cloud portal, and we can control everything through the cloud. It's good for remote sites.

I like that it has a centralized cloud, and all the agents provide visibility on our remote sites. It offers good central management. It can be accessed through external networks.

The management is taken care of. It's a complete solution that's taken care of by CrowdStrike. We don't have to do anything. 

We'd like to see more integration capabilities. 

We need more log storage as CrowdStrike will dump all logs to the centralized server. 

I've been using the solution for five years. 

The solution is stable enough. We have not had any downtime. The only issue is if we have issues with the internet connectivity. 

We get support from their local vendors. We have a lot of local support. If they cannot handle the case, they directly forward the issue to CrowdStrike. The downside is that support asks for too many logs. We, of course, have to investigate first and try to solve the problem ourselves. 

Neutral

I've worked with Kaspersky. They are a similar solution. I've also used Microsoft Defender, which is also very similar. We do use a lot of Microsoft products, and Defender is readily available everywhere. They are the market leaders right now. Their software has very good integration across the whole Microsoft product offering. CrowdStrike, however, we have high trust with, as they are focused specifically on security, unlike Microsoft. CrowdStrike offers updates quicker than Microsoft or other services. 

The initial setup is a very fast process. Cloud solutions are fast to set up. They just give you access to their cloud and they have an API integration. It will be up and running within a few minutes. 

The tool is very expensive. It's similar to Microsoft Defender. That said, it's not overpriced. It's worth it for the level of security. We need it for our company. 

I'd rate the solution nine out of ten.