CrowdStrike Falcon Reviews

I use it for cloud workload protection and threat detection in AWS environments.

The pay-as-you-go model enabled me to deploy quickly from the AWS Marketplace management account.

It scaled protection for workloads without upfront commitments and reduced the initial operational overhead.

It provides real-time visibility into cloud threats, helping stop breaches faster in dynamic AWS setups.

I find the seamless AWS integration and single lightweight agent to have minimal performance impact.

The cloud-native SIEM and runtime security leverages threat intelligence for proactive detection.

Flexible billing through AWS is ideal for startups testing security without long-term locks.

I believe that AI-powered SOAR workflow suggestions could streamline incident response.

I have been using it for 1 month.

We are a new startup, so we did not use any previous solutions.

The pay-as-you-go model excels for startups with variable AWS workloads, avoiding large upfront costs and scaling with usage.

I evaluated Prisma Cloud, Wiz, and Orca Security alongside native AWS options.

CrowdStrike Falcon for AWS (pay-as-you-go) delivers strong cloud-native protection via AWS Marketplace, which is ideal for startups scaling workloads.

I deal with endpoint security, firewall, and XDR solutions. I use Sangfor and work with Trend Micro and CrowdStrike. I use CrowdStrike Falcon for enterprise companies, which is what I typically recommend.

CrowdStrike Falcon has helped my customers predict and prevent potential breaches because of its proactive approach.

The most valuable features in CrowdStrike Falcon are its AI capabilities. The lightweight agent has a positive impact on system performance and visibility through ease of use. I utilize its Threat Graph for threat hunting.

To improve my recommendation to a perfect score, I would focus on better selling skills and improved integration with different vendors.

I have been working with CrowdStrike Falcon for approximately five years.

I have previously worked with a Total Information Management Corporation solution.

I work with competitors as well, and there is good competition to Sangfor at the moment.

I have experience with these products from prior use. I work with security vendors and some of my customers use Trend Micro and CrowdStrike as well. My experience has been positive and I have been satisfied. The pricing might be a little expensive, but I find it cost-effective. I do not find CrowdStrike Falcon to be the most expensive when comparing pricing with competitors. I would rate this solution an 8 out of 10.

It gives an overview and insights into my AD accounts. It shows if any identity, like an AD user, is compromised, has a weak password, or is logging in from an unusual system. Any anomalies.

I like the insights and detailed view of my AD structure. How protected it is, or is there any loophole or an area that needs more protection. 

Another feature I like is that it gives insights into all my domain controllers and ADCs. The configuration is also really easy.

The real-time monitoring feature is good. For example, a user account is hacked. It alerts me that it's been hacked and prompts me to look into it or have the user change their password. I can then log in to my AD, change the password, or notify the user that their account has been compromised and ask them to change their password.

AI capabilities of CrowdStrike are also good. 

When I use Identity Protection, I want the full stack, like going for XDR. If anything happens, like a laptop being compromised using a password, it gives me the entire attack flow. For example, the attack came from a particular user, like an IT admin. If their identity is hacked and they log into multiple systems, and those systems are affected, we can see those details and provide good support or recovery for customers and partners.

I'm concerned about the recent issue in July 2024. It involved a faulty content configuration update. What if another update causes the same problem again?

I have been using it for two years.

Stability, I would rate it as a seven out of ten. There are a few instances where our customers have complained about the digital signatures it uses. Sometimes, even if you create a policy, it still tends to block it. A few applications get flagged as malicious even though the customer trusts them. Even if you create an exception rule, it might still block it after a few weeks. Also, there's the recent issue we faced with CrowdStrike and Windows. So, based on that, I'd give it a seven out of ten.

There is room for improvement. They need to conduct more thorough R&D before releasing updates. I think they didn't do that this time, but it was just a one-time issue. However, what if it happens again? That's a concern.

Scalability-wise, I would give it a ten out of ten. It's simple because it's a SaaS solution. For example, this month, I have 50 users. Next month, I have 50 additional users. I just need to buy more licenses and add those systems to CrowdStrike. If I need to put them in certain groups with specific policies, that's easy too.

We work with all types of businesses, including small, medium, and enterprise businesses. Scalability is simple. I don't even need to install it on my laptop. One more good thing is that it offers an XDR view where I can add other components, like the email security solution Proofpoint. I can integrate it, so I'll get my emails and everything will be in a single pane of glass.  

We have a Technical Account Manager (TAM). We can directly call them and raise a ticket. Initially, it was a six or even a five because we had to send an email, and it would take three to four days for them to reply. Now, with the TAM, we can get issues resolved faster.

Positive

I have experience with CrowdStrike, apart from their Cloud Security offering, which is on GCP. I've worked with CrowdStrike Identity Protection, Device Control, Device Control, EDR, XDR - basically everything except their cloud solution.

The initial setup is straightforward. I don't need to install an agent in my AD, and I can get alerts from my read-only domain controller, which is also good.

I would rate my experience with the initial setup a ten out of ten, with ten being easy and one being difficult. 

It's not required to deploy on-premises. It's a SaaS solution. I just need to download the agent and install it on each of my devices, whether they're VMs or my laptop. 

One more good thing is that I don't need to be in my office network for it to keep protecting me. I can take the system home, and it will still be protected.

The deployment itself takes about a day to install everything if it's user-based. But for CrowdStrike to learn what to block and what not to block in your specific environment, it will take easily about two weeks. There will be some applications that it might consider a threat because it's a next-gen AV that uses AI. 

So, some applications the customer uses might be flagged. I can whitelist them or create a policy to allow them. That's also a very good feature of CrowdStrike. 

So, for the initial setup takes two weeks. For it to get to know your environment and work smoothly, just to install agents and set up the dashboard, policies, and all that, it takes about one day.

It offers seamless integration with the existing security infrastructure. We haven't faced any challenges because our customers use CrowdStrike only for endpoint and server security. They haven't gone to the XDR level yet. However, many other OEMs I've spoken to, like Zerto, have said that the CrowdStrike and Zerto integration is very seamless. So, if anything happens on my server end, I'll know when it happened and what the issue is from CrowdStrike. Or, for example a ransomware attack happens, I can restore from my Zerto application.

The benefit I've seen is their backend, which powers the EDR, XDR, and NGAV. It's really good because it can detect anything due to the wide range of customers they have. 

For example, one customer has a vulnerability because of a zero-day attack. All the other customers will benefit because it propagates to the cloud and analyzes if other customers are on the same version of the drivers or any other Windows patch. If they are, it will tell us that there's an issue and provide remediation steps. Many of our customers find this very helpful. It's called the CrowdStrike community.

I would rate it a seven out of ten, where one is cheap, and ten is expensive because it's a bit on the costlier side. Compared to Symantec or Trend Micro, CrowdStrike is more expensive.

Overall, I would rate the product an eight out of ten because of one recent issue that happened. 

I'm concerned about the recent issue that happened. What if another update causes the same problem again? Is it really as good as it seems? Even our customers have given very good feedback, they get more insights into what's happening, what they should do, and what remediation steps to take. So, in that way, it's very good.

I would recommend it, especially if you're going for endpoint security. I'd definitely recommend CrowdStrike first because it's more mature than SentinelOne and other EDR solutions in the APAC region.

We use CrowdStrike Falcon to investigate security detections for malicious activities in our environment.

CrowdStrike utilizes machine learning algorithms and detection rules to generate alerts for suspicious activity within our environment. We then investigate these detections individually, analyzing the details of each event.

In addition to automated detection, CrowdStrike allows for custom queries. For instance, if we need to investigate a specific host, we can leverage a cloud security language to examine its activity. Similarly, we can use CrowdStrike to search for activity related to particular users or hosts.

CrowdStrike Falcon provides significant additional value. It excels at identifying suspicious activity the moment an application appears in the environment, immediately bringing these incidents to the attention of our response team. Upon receiving an alert, our team can investigate and take appropriate action if anything malicious is found. In essence, CrowdStrike Falcon acts as a strong barrier against attackers.

In the past 3 years, we have encountered many scenarios where CrowdStrike Falcon has helped mitigate potential security breaches.

The detection and response console is the most valuable feature.

We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike. In these cases, the access disable process can be quite slow.

I'm using CrowdStrike Query Language, and I've noticed an issue with event backups. Searches exceeding a certain event threshold aren't capturing all results. For instance, if I run a search that returns 10,000 events in a single day, only 2,000 events are backed up. This limitation with CrowdStrike Query Language needs to be investigated.

I have been using CrowdStrike Falcon for over 3 years.

CrowdStrike Falcon is generally stable, although event searches may occasionally experience slow performance.

CrowdStrike Falcon's scalability is dependent on the license acquired.

The technical support live chat can experience long wait times. Submitting a ticket may result in a quicker response.

The company was using Carbon Black before I joined. When I came on board, they decided to switch to CrowdStrike.

I would rate CrowdStrike Falcon 9 out of 10.

CrowdStrike Falcon is deployed across multiple end-user systems and locations.

I recommend CrowdStrike Falcon. It's a wonderful security platform that's easy to use and requires minimal effort to maintain.

A lot of customers face ransomware and malware attacks. The solution helps protect endpoints and servers from ransomware and malware attacks.

The solution has multiple layers of security, including web security. We can monitor endpoints, conduct root cause analysis, and find geolocations. If the tool finds any suspicious activity, it blocks and remediates it.

The solution makes our security operations easier. After an incident, we get complete reports and insights. The product provides good monitoring features. The product also has teams that help customers find suspicious activities. The team calls and asks us to check the updates and remediate issues. If the system can remediate it, the team does it through the system. The detection and response are in real-time. There are no security breaches. Resolving issues doesn’t take much time.

The tool is more expensive than other products in the market.

I have been using the solution for more than 3 years.

I did not have any stability issues.

It is easy to scale up. We just need to add the licenses. The product is suitable for small, medium, and large businesses. We must buy a minimum of 50 licenses.

The support is excellent. We rarely need support.

Positive

The initial setup is pretty simple and clear. The time taken for deployment depends on the endpoints. It's a cloud solution. We can use Active Directory or the group policies to deploy it.

The product has a lot of use cases. There are companies that need to run their operations 24/7. It will be a big challenge if their server or infrastructure goes down. They cannot afford downtime. They need to choose the right solution for their needs.

The price depends on the kind of service we need. If we need excellent service, we must pay a reasonable price. We can choose any pricing model if we do not want excellent service. The product is excellent. We need to pay a premium price for the tool.

Microsoft Defender Threat Intelligence, IBM, and Cisco are some competitors. CrowdStrike entered the market with a USP to protect endpoint servers. It has a different approach. Malwarebytes has a similar setup. I prefer CrowdStrike, though.

I will recommend the tool to others depending on their budget. If customers have a good budget and need a premium product, they can choose CrowdStrike. No product is perfect. Overall, I rate the tool an 8 out of 10.

We use the solution for endpoint security. We use the tool to ensure the endpoints are protected from abnormal activities, people don't run different scripts, and people don't compromise endpoints and use them to get into the network.

The solution's most valuable feature is that it is robust and can detect almost every malicious activity that occurs within the endpoint.

I would like a centralized deployment where I could roll out or push it to all endpoints.

I have been using CrowdStrike Falcon Surface for two years.

CrowdStrike Falcon Surface is a very stable solution.

CrowdStrike Falcon Surface is a very scalable solution. A lot of customers are using CrowdStrike Falcon Surface. One of our customers for the solution has 12,000 endpoints.

The solution's technical support is handled centrally by CrowdStrike, and the support was also good and knowledgeable.

I didn't deploy the solution, but I supported customers that use it. I think it took them up to six months to deploy the CrowdStrike Falcon Surface.

The solution somehow doesn't allow intrusion and minimizes fraud or cyber-attacks. Within the time we're using it, CrowdStrike Falcon Surface detected a lot of intrusion from malicious individuals. It was able to prevent a lot of insider threats where people internally will want to run some malicious scripts within the environment.

It detects those malicious attacks quickly, and we can prevent them. It minimized a lot of cyber and fraud-related activities that could have cost the bank a lot of money.

CrowdStrike Falcon Surface is a cloud-based solution. In light of the recent global IT outage that affected CrowdStrike, they should do proper change management.

Overall, I rate the solution a nine out of ten.

The tool helps to increase security because the threats we face keep changing, so we need better protection. In the past, we've faced some attacks on our network, and while we managed to deal with them, we realized we needed even stronger protection. That's why we decided to implement CrowdStrike Identity Protection.

The main feature we rely on is the product's intelligence. We appreciate the advice from the team during implementation. One of the main reasons we chose this product is its compatibility with Office 365.

Improvement is always possible. It's challenging to gauge how much future mitigation is provided, especially since we've only been using the product for about one and a half years. Every product faces this challenge because nothing is ever completely foolproof. So, besides relying on technology, we also focus on increasing our staff's awareness of security issues. Feedback from my colleagues suggests that the reporting and dashboarding of incidents could be improved.

I have been working with the product for one and a half years. 

I rate the tool's stability an eight out of ten. 

Scalability isn't a problem for us. Many big multinational companies use CrowdStrike Identity Protection, so it's designed to handle environments like ours without any issues. My company has 500 users. 

The tool's deployment is easy. Thanks to the installation scripting we utilized, the technical rollout took about two weeks. Then, there was some additional time, around two to four weeks, for customization and configuration. After that, the systems were up and running. So, all in all, it took about three months to have our mitigation strategies in place. We have one engineer for maintenance. 

I rate the overall product an eight out of ten. I would recommend it to others. However, it's crucial to understand areas where the product might not provide coverage and how to mitigate those gaps. For example, it covers endpoints, networks, and Office 365 environments, but are there other areas in the attack surface that it doesn't address well? It's essential to be aware of any potential gaps upfront.

The solution helps in preventing incidents. However, it's challenging to quantify the exact impact because we don't know what would have happened without it. It's similar to having insurance for your house. 

We use CrowdStrike Falcon for both our server and endpoint security, including our users' laptops and PCs.

CrowdStrike Falcon has made a significant difference for us, especially in mitigating ransomware and zero-day attacks. Its proactive and defensive response approach effectively isolates threats, setting it apart from other endpoint solutions.

Integrating CrowdStrike Falcon into our environment was seamless. Once we set the policy the software was activated immediately and distributed on all our endpoints.

The real-time response is highly effective. It automatically takes immediate action whenever it detects suspicious activity, alerting us to the problem and providing clear mitigation steps. In some cases, it even pushes through updates to resolve the issue proactively.

The usability and interface of CrowdStrike Falcon for daily operations are good. 

The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action.

CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR.

The pricing has room for improvement.

I have been using CrowdStrike Falcon for three years.

In the three years of using CrowdStrike Falcon, we have not encountered any stability issues.

CrowdStrike Falcon scales well. We are using it in a large environment with no problems.

The technical support is responsive.

Positive

We previously used both Symantec Endpoint Detection and Response and Kaspersky Endpoint Detection and Response but found that they lacked the 24/7/365 monitoring and response offered by CrowdStrike Falcon. Additionally, their detection capabilities, particularly for ransomware and zero-day attacks, were not as effective.

The initial deployment was straightforward and non-disruptive. The deployment took one week to complete.

We required two people from our organization for the deployment on-site and the CrowdStrike team worked remotely.

The CrowdStrike team helped with the implementation.

CrowdStrike Falcon is one of the more expensive endpoint solutions on the market.

I would rate CrowdStrike Falcon an eight out of ten.

We deployed CrowdStrike Falcon across all our locations, including subsidiaries and remote sites in various regions.

Maintaining CrowdStrike Falcon is simple because it only requires a client agent to be installed on the machine at the kernel level, below the operating system.