CrowdStrike Falcon Reviews

It gives an overview and insights into my AD accounts. It shows if any identity, like an AD user, is compromised, has a weak password, or is logging in from an unusual system. Any anomalies.

I like the insights and detailed view of my AD structure. How protected it is, or is there any loophole or an area that needs more protection. 

Another feature I like is that it gives insights into all my domain controllers and ADCs. The configuration is also really easy.

The real-time monitoring feature is good. For example, a user account is hacked. It alerts me that it's been hacked and prompts me to look into it or have the user change their password. I can then log in to my AD, change the password, or notify the user that their account has been compromised and ask them to change their password.

AI capabilities of CrowdStrike are also good. 

When I use Identity Protection, I want the full stack, like going for XDR. If anything happens, like a laptop being compromised using a password, it gives me the entire attack flow. For example, the attack came from a particular user, like an IT admin. If their identity is hacked and they log into multiple systems, and those systems are affected, we can see those details and provide good support or recovery for customers and partners.

I'm concerned about the recent issue in July 2024. It involved a faulty content configuration update. What if another update causes the same problem again?

I have been using it for two years.

Stability, I would rate it as a seven out of ten. There are a few instances where our customers have complained about the digital signatures it uses. Sometimes, even if you create a policy, it still tends to block it. A few applications get flagged as malicious even though the customer trusts them. Even if you create an exception rule, it might still block it after a few weeks. Also, there's the recent issue we faced with CrowdStrike and Windows. So, based on that, I'd give it a seven out of ten.

There is room for improvement. They need to conduct more thorough R&D before releasing updates. I think they didn't do that this time, but it was just a one-time issue. However, what if it happens again? That's a concern.

Scalability-wise, I would give it a ten out of ten. It's simple because it's a SaaS solution. For example, this month, I have 50 users. Next month, I have 50 additional users. I just need to buy more licenses and add those systems to CrowdStrike. If I need to put them in certain groups with specific policies, that's easy too.

We work with all types of businesses, including small, medium, and enterprise businesses. Scalability is simple. I don't even need to install it on my laptop. One more good thing is that it offers an XDR view where I can add other components, like the email security solution Proofpoint. I can integrate it, so I'll get my emails and everything will be in a single pane of glass.  

We have a Technical Account Manager (TAM). We can directly call them and raise a ticket. Initially, it was a six or even a five because we had to send an email, and it would take three to four days for them to reply. Now, with the TAM, we can get issues resolved faster.

I have experience with CrowdStrike, apart from their Cloud Security offering, which is on GCP. I've worked with CrowdStrike Identity Protection, Device Control, Device Control, EDR, XDR - basically everything except their cloud solution.

The initial setup is straightforward. I don't need to install an agent in my AD, and I can get alerts from my read-only domain controller, which is also good.

I would rate my experience with the initial setup a ten out of ten, with ten being easy and one being difficult. 

It's not required to deploy on-premises. It's a SaaS solution. I just need to download the agent and install it on each of my devices, whether they're VMs or my laptop. 

One more good thing is that I don't need to be in my office network for it to keep protecting me. I can take the system home, and it will still be protected.

The deployment itself takes about a day to install everything if it's user-based. But for CrowdStrike to learn what to block and what not to block in your specific environment, it will take easily about two weeks. There will be some applications that it might consider a threat because it's a next-gen AV that uses AI. 

So, some applications the customer uses might be flagged. I can whitelist them or create a policy to allow them. That's also a very good feature of CrowdStrike. 

So, for the initial setup takes two weeks. For it to get to know your environment and work smoothly, just to install agents and set up the dashboard, policies, and all that, it takes about one day.

It offers seamless integration with the existing security infrastructure. We haven't faced any challenges because our customers use CrowdStrike only for endpoint and server security. They haven't gone to the XDR level yet. However, many other OEMs I've spoken to, like Zerto, have said that the CrowdStrike and Zerto integration is very seamless. So, if anything happens on my server end, I'll know when it happened and what the issue is from CrowdStrike. Or, for example a ransomware attack happens, I can restore from my Zerto application.

The benefit I've seen is their backend, which powers the EDR, XDR, and NGAV. It's really good because it can detect anything due to the wide range of customers they have. 

For example, one customer has a vulnerability because of a zero-day attack. All the other customers will benefit because it propagates to the cloud and analyzes if other customers are on the same version of the drivers or any other Windows patch. If they are, it will tell us that there's an issue and provide remediation steps. Many of our customers find this very helpful. It's called the CrowdStrike community.

I would rate it a seven out of ten, where one is cheap, and ten is expensive because it's a bit on the costlier side. Compared to Symantec or Trend Micro, CrowdStrike is more expensive.

Overall, I would rate the product an eight out of ten because of one recent issue that happened. 

I'm concerned about the recent issue that happened. What if another update causes the same problem again? Is it really as good as it seems? Even our customers have given very good feedback, they get more insights into what's happening, what they should do, and what remediation steps to take. So, in that way, it's very good.

I would recommend it, especially if you're going for endpoint security. I'd definitely recommend CrowdStrike first because it's more mature than SentinelOne and other EDR solutions in the APAC region.

We use the solution for endpoint security. We use the tool to ensure the endpoints are protected from abnormal activities, people don't run different scripts, and people don't compromise endpoints and use them to get into the network.

The solution's most valuable feature is that it is robust and can detect almost every malicious activity that occurs within the endpoint.

I would like a centralized deployment where I could roll out or push it to all endpoints.

I have been using CrowdStrike Falcon Surface for two years.

CrowdStrike Falcon Surface is a very stable solution.

CrowdStrike Falcon Surface is a very scalable solution. A lot of customers are using CrowdStrike Falcon Surface. One of our customers for the solution has 12,000 endpoints.

The solution's technical support is handled centrally by CrowdStrike, and the support was also good and knowledgeable.

I didn't deploy the solution, but I supported customers that use it. I think it took them up to six months to deploy the CrowdStrike Falcon Surface.

The solution somehow doesn't allow intrusion and minimizes fraud or cyber-attacks. Within the time we're using it, CrowdStrike Falcon Surface detected a lot of intrusion from malicious individuals. It was able to prevent a lot of insider threats where people internally will want to run some malicious scripts within the environment.

It detects those malicious attacks quickly, and we can prevent them. It minimized a lot of cyber and fraud-related activities that could have cost the bank a lot of money.

CrowdStrike Falcon Surface is a cloud-based solution. In light of the recent global IT outage that affected CrowdStrike, they should do proper change management.

Overall, I rate the solution a nine out of ten.

We use the product for cloud security. We use it for prevention, to watch for gaps in security. We work with customers seeking prevention for advanced apps. 

Sometimes a customer has multiple solutions that come at a higher cost. They have to pay for all of these other security features. With CrowdStrike, customers get one agent for all system operations. It offers more security for remote work and clients gain access to the latest protections.

The solution offers good features. The prevention and device control are useful. It offers helpful firewall management and identity protection.

They've reduced the complexity and provide better security outcomes. Customers tend to prefer CrowdStrike. 

It's easy to deploy and manage.

The solution isn't known in my market. The brand isn't as recognizable. Their shortcomings are more on the marketing side. Everyone knows Microsoft Defender. Customers need to hear more about CrowdStrike and all the advantages and features on offer. 

We've used the solution for three to four months. 

I haven't had any issues with bugs or glitches. I haven't had a problem with stability so far. 

The capability to scale so far has been good. 

Technical support is good. 

Positive

I'm also familiar with Microsoft Defender. However, Defender works best with Microsoft and not necessarily other legacy applications. With CrowdStrike, you can secure all system operations and versions. It's easier to deploy and operate. 

The deployment is seamless and users get immediate protection. It's lightweight. There's one agent deployed to endpoints in minutes. The product offers consistent coverage. There's no complex integrations and it doesn't need fine-tuning. In comparison, Defender can be more complex.

CrowdStrike can be deployed on any operating system, not just Microsoft. 

There isn't really maintenance, it's set and forget. The agent updates automatically and receives continuous security updates, enabling immediate enforcement across endpoints. 

The solution is well worth the cost.

The costs are predictable. There are no surprises. 

In Chile, there are not a lot of CrowdStrike partners of the managed service; therefore, it's a little more expensive than Microsoft, as there are so many more managed partners for Microsoft. That said, if you look at the total cost of ownership, CrowStrike is better than Microsoft.

We're a reseller. We're still new to CrowdStrike. 

I'd rate the solution eight out of ten. The cost is good and they offer better tech support. Also, the protection is wonderful. 

We use Falcon to investigate threats and reduce risks in our environment. It covers multiple departments within the same building and company. All units are attached to one controller, so we can manage them from one point. 

We can implement different kinds of policies on sensitive data for various departments. For example, I can limit how data can be changed if I'm dealing with financial data. It's the same for production or logistics. We can set rules for data sharing and access because some departments need to share data with customers.

CrowdStrike's AI-driven analytics have improved our security considerably. It's sharing information from across the infrastructure and applying machine learning to prevent issues. This is a powerful, proactive approach to cybersecurity. It takes action in time to prevent the problem, so we don't need to remedy it after the fact. Sometimes, by the time you take action, it's already too late. 

Before deploying Falcon, I would avoid taking action due to potential risks. With CrowdStrike, I don't worry about recovering data, so I can focus on preventing situations. In two years, I have never had that problem. When I look at the platform, I can see all the notifications and the actions taken. I can see how potential attacks can possibly reach the server and create a significant incident. Thus, I can directly measure the quality of the service.

Falcon is easy to integrate with our infrastructure because we can control the entire network through our fiber router and switch. CrowdStrike can interface with all devices easily and provide integrated security. Falcon gives you greater control without any problems.

The agent will recognize issues immediately, and we can follow up to create a plan for if this problem reappears or is still present on the infrastructure. Falcon enables instant remediation. It doesn't take two or three days. It's in real-time.

Falcon has the capacity to identify potential problems quickly. The administrator can deploy the agent, and the users cannot change it. This assures you that the agent remains on this device. Also, the agent can act preemptively to provide alerts about potential problems. 

When there's a problem, you can follow the rules. For example, you can put a file that might be infected into quarantine or lock the device, preventing it from propagating the threat to other devices or networks. The agents are collecting information and feeding that back into the CrowdStrike platform, so you have 24/7 control and visibility. 

Falcon's deep learning capabilities are flexible and work across multiple operating systems. You can control everything from the same place, whether you're dealing with a Windows, Linux, or Mac device. You can define your policies precisely and decide how you want the platform to respond in any situation. 

CrowdStrike's AI approach is interesting because it improves the capacity to correlate information based on all the deployments on devices worldwide. It analyzes this data to identify something anomalous that could potentially be a problem in your environment. Falcon can isolate the issue to determine if it's a real threat. You will get an email saying the platform has identified a potential problem they are investigating. 

Falcon explains the steps they are taking. After the issue has been resolved, you will get another message showing CrowdStrike's analysis and evidence that the problem is now under control. I get about 20 emails from CrowdStrike daily. 

I want more ability to customize how you summarize the data. The default views are fine, but it would be interesting to be able to customize them based on the kind of data you want to see immediately. This can help the administrator gain an immediate overview and reduce the investigation time.

We have used Falcon for two years.

I rate CrowdStrike support 10 out of 10. They have one of the best teams that I've worked with. They're very fast and professional, with a high level of skill and knowledge. 

Positive

I previously used Sophos. It's a good solution that works well with other Sophos infrastructure, like firewalls, etc. For example, if the firewall is from Sophos, it can interact with the software to identify a problem. However, CrowdStrike is more powerful when using hardware from different vendors. It doesn't rely on specific hardware because it works with an agent, so you're more flexible and less constrained. 

Overall, Falcon is more powerful than other solutions. It is light on resource consumption. It has a minimal effect on the client when you have installed the system because everything is controlled by our cloud platform where you can see the portfolio of devices.

The installation was quite easy. The platform is based in the cloud, but you need to download agents based on your operating system. After you install the agents, you only need to configure the various devices on the cloud platform. CrowdStrike's platform is managed by the vendor. You can log in and manage your portfolio of devices and define your policy or apply profiles to groups of users and devices. 

We feel like Falcon is worth what we pay.  The cost of the solution is minimal compared to restoring data from a potential attack. 

Falcon's price is accessible, and it's a good value for the level of quality we get. We don't have any objections based on the cost, and we understand that you will pay more for an enterprise solution. There is no objection to the cost. It's appropriately priced for the service that we receive.

I rate CrowdStrike Falcon 10 out of 10.

Our organization uses CrowdStrike Falcon for a variety of security tasks, including incident response, investigations, malware analysis, and threat hunting. This comprehensive platform excels at detecting malware across various technologies and endpoints within our environment.

CrowdStrike Falcon functions as a threat detection platform. It identifies malware based on pre-defined signatures and rules. Upon detection, it triggers a response and provides a dashboard for further analysis. This allows us to assess if the malware poses a risk to our organization or if it's a false positive. For confirmed threats, we can then delve deeper for a thorough investigation to uncover any underlying malicious intent.

Our primary goal is to prevent malware-related risks proactively. By leveraging CrowdStrike Falcon, a premium endpoint detection and response tool, we can safeguard our organization from malware exploitation attempts employed by hackers.

The primary advantage of CrowdStrike Falcon is twofold: reducing malware risk and providing advanced investigation capabilities. Traditional antivirus solutions struggle to keep pace with ever-evolving malware threats. CrowdStrike Falcon utilizes cutting-edge technology to proactively prevent these threats, minimizing the risk of infection. Falcon also features a threat intelligence platform that keeps us informed about the latest global malware threats and compromised tactics. This real-time awareness empowers us to proactively prevent threats before they impact our environment.

Recently CrowdStrike Falcon detected and mitigated malware that would have compromised several vulnerabilities in our environment.

Falcon's real-time response capability ensures we can quickly access any compromised host. This is a valuable advantage over other EDR tools.

The most valuable features of CrowdStrike Falcon include Falcon Fusion workflows and endpoint detection capabilities.

I've found that CrowdStrike's technical support could benefit from increased technical expertise. In my experience, their representatives haven't been able to resolve my issues as effectively as I would have liked.

I have been using CrowdStrike Falcon for 1.5 years.

I would rate the stability of CrowdStrike Falcon nine out of ten.

I would rate the scalability of CrowdStrike Falcon eight out of ten.

I've found the technical support staff to be less knowledgeable than I'd expect. Ideally, they should have expertise in all CrowdStrike modules, as we utilize a wide range of them.

Neutral

We previously used security solutions from Symantec, Trend Micro, Trellix, and Mandiant. However, CrowdStrike Falcon stood out as a more premium offering. Its advanced capabilities and comprehensive approach to security ultimately led us to switch providers after careful consideration of several factors.

The initial deployment was straightforward and took less than 15 days to complete.

There were between 30 to 40 people involved in the deployment. 

Our security engineering team implemented CrowdStrike Falcon entirely in-house. We also received some support from our internal desktop team and leveraged the expertise of an internal managed service provider team. No third-party vendors were involved in the deployment.

CrowdStrike Falcon is more expensive than other EDR solutions with similar features.

I would rate CrowdStrike Falcon nine out of ten.

After deployment, there are some simple maintenance tasks to keep everything functioning well.

New users should learn about the different modules of CrowdStrike Falcon and their functionalities to work effectively with the tool.

We use CrowdStrike Falcon for both our server and endpoint security, including our users' laptops and PCs.

CrowdStrike Falcon has made a significant difference for us, especially in mitigating ransomware and zero-day attacks. Its proactive and defensive response approach effectively isolates threats, setting it apart from other endpoint solutions.

Integrating CrowdStrike Falcon into our environment was seamless. Once we set the policy the software was activated immediately and distributed on all our endpoints.

The real-time response is highly effective. It automatically takes immediate action whenever it detects suspicious activity, alerting us to the problem and providing clear mitigation steps. In some cases, it even pushes through updates to resolve the issue proactively.

The usability and interface of CrowdStrike Falcon for daily operations are good. 

The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action.

CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR.

The pricing has room for improvement.

I have been using CrowdStrike Falcon for three years.

In the three years of using CrowdStrike Falcon, we have not encountered any stability issues.

CrowdStrike Falcon scales well. We are using it in a large environment with no problems.

The technical support is responsive.

Positive

We previously used both Symantec Endpoint Detection and Response and Kaspersky Endpoint Detection and Response but found that they lacked the 24/7/365 monitoring and response offered by CrowdStrike Falcon. Additionally, their detection capabilities, particularly for ransomware and zero-day attacks, were not as effective.

The initial deployment was straightforward and non-disruptive. The deployment took one week to complete.

We required two people from our organization for the deployment on-site and the CrowdStrike team worked remotely.

The CrowdStrike team helped with the implementation.

CrowdStrike Falcon is one of the more expensive endpoint solutions on the market.

I would rate CrowdStrike Falcon an eight out of ten.

We deployed CrowdStrike Falcon across all our locations, including subsidiaries and remote sites in various regions.

Maintaining CrowdStrike Falcon is simple because it only requires a client agent to be installed on the machine at the kernel level, below the operating system.

We're installing the solution on some of our external servers. It has a cloud portal, and we can control everything through the cloud. It's good for remote sites.

I like that it has a centralized cloud, and all the agents provide visibility on our remote sites. It offers good central management. It can be accessed through external networks.

The management is taken care of. It's a complete solution that's taken care of by CrowdStrike. We don't have to do anything. 

We'd like to see more integration capabilities. 

We need more log storage as CrowdStrike will dump all logs to the centralized server. 

I've been using the solution for five years. 

The solution is stable enough. We have not had any downtime. The only issue is if we have issues with the internet connectivity. 

We get support from their local vendors. We have a lot of local support. If they cannot handle the case, they directly forward the issue to CrowdStrike. The downside is that support asks for too many logs. We, of course, have to investigate first and try to solve the problem ourselves. 

Neutral

I've worked with Kaspersky. They are a similar solution. I've also used Microsoft Defender, which is also very similar. We do use a lot of Microsoft products, and Defender is readily available everywhere. They are the market leaders right now. Their software has very good integration across the whole Microsoft product offering. CrowdStrike, however, we have high trust with, as they are focused specifically on security, unlike Microsoft. CrowdStrike offers updates quicker than Microsoft or other services. 

The initial setup is a very fast process. Cloud solutions are fast to set up. They just give you access to their cloud and they have an API integration. It will be up and running within a few minutes. 

The tool is very expensive. It's similar to Microsoft Defender. That said, it's not overpriced. It's worth it for the level of security. We need it for our company. 

I'd rate the solution nine out of ten. 

The following is a list of use cases that were tested and evaluated against Crowd Strike along with different competitors.

1 - Execution of Fileless Ransomware - The test was conducted using PowerShell script execution, the script was executed using privileges rights and it was successful. Although all the preventive controls were enabled in the CS falcon dashboard, CS falcon had raised a red flag regarding fileless execution, however, the moment it let us know our system got encrypted.

2 - Uploading large volume of Data over the cloud - Using customized script in the USB, a test was conducted to copy (.docx, .xlsx, .pptx, .png, .jpg, .pdf, .txt, .rtf) files from the system. It performs a copy operation from the whole disk and creates a password-protected .zip file in APPDATA of the complete files, once the protected file is created it then checks the internet connectivity. As soon as the script finds connectivity with 8.8.8.8, 8.8.4.4. it starts sending the protected .ZIP file over its CnC cloud.

3 - Disabling of CS Falcon Agent - I have conducted a test to disable the Falcon agent from the Windows-based OS. The agent was successfully disabled by booting up another OS and renaming of agent files from the system.

4 - Perform Privilege Task in Crowd strike - CS roles have some additional privileges. While performing host containment, it has the ability to perform the following operations without informing the user: 

* Host Containment 
* Isolating the host from the network;
* Copying data from the host machine into the CS cloud;

Considering the above situation it may cause a breach of user privacy due to which user can file a complaint against InfoSec team.

The solution fits well in the organization and took out valuable output as expected from Endpoint Detection and Response solution.

This solution supersedes the requirement of an Endpoint Protection solution. The cost of EPP can be saved while using EDR.

One good thing is the active association of the Crowd Strike team in terms of support and coordination. 

Features that require further evaluation include:

Let's take an example of ten machines that require CS falcon agent installation. Apart from agent compatibility and ease of installation, one of the most important areas is the network bandwidth which would require whenever an agent updates the server through the cloud. 

An estimated network bandwidth utilization takes 0.4 MB/hour for a single machine to update its probes over the cloud. If we estimate the total working hours in our case it is eight hours, the formula would be 0.4 X 8 = 3.2 MB per host per day is the data uploading requirement on the cloud. It is highly recommended to assess a number of agents and the network bandwidth requirements.

The CS falcon agent is a lightweight agent compared with other agents of EDR products. Moreover, the following is the list of valuable features which I found very useful:
1 - Lateral Movement  
2 - Overwatch detections
3 - Custom IOC blocking
4 - Suspicious Process and Registry operations
5 - Azure/AWS agent installation and easy integration with SIEM
6 - Triage of the complete incident is well created in the CS dashboard. It helps to show complete details about the incident.
7 - It is an agent-based license not machine-based, so once the machine gets outdated/old, installation of the same agent license in another machine is possible.

Area of Improvement

The products still require improvement in the Apple environment (Mac). Currently, this solution (as of July 2022) is not compatible with MAC OS (X), Catalina, or Big Sur.

Similarly, the product is also not compatible with Unix-based systems including AIX, Darwin, and FreeBSD.

CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine.

Additional Features required in the Next release:

The product requires an add-on feature which should be a turnkey feature if it requires to be turned on to XDR no changes should be required to be made on the user end as the agent is already installed.

The solution has been used for around two years, including the demo version with full features and final version with specific features.

This solution has been used without any compatibility issue and/or technical failure due to anti-virus installation.

When we procured Crowd Strike as an EDR it was on the Gartner top ranking as well.

The agent was being utilized in Windows Servers (2016, 2019), Linux Servers (Fedora, Red hat, Cent OS), Windows Endpoints (10, 11), and Mac. 

The solution is stable and we have used it for more than 2500+ hosts.

It is a cloud-based solution - so scalability is not an issue.

When it comes to customer service and support is that the principal engages whenever required.

Positive

This was the first product that we evaluated out of 6 (six) products.

The setup was straightforward and it's easy to use.

A vendor team was engaged in the installation of the complete solution.

Licensing is relatively low than other EDR solutions.

We evaluated Carbon Black and FireEye.

Crowd Strike is a good solution. However, it requires you to build more features in protecting Endpoint agents for example:

DOM Improvement
DLL's Injections
Detection of CNC in Network Neighbors
Detection of similar attack surfaces in the network.