CrowdStrike Falcon Reviews

We are using it as an EDR solution for endpoint protection. 

Everything is changing rapidly nowadays, and new threats can come into the organization from any source. I have found this product to be very useful. 

If I want to drill down into an unusual activity or something else, I can do that. I can go deep into what processes were involved, what network operations were involved, and what unauthorized users wanted to do. I can see how CrowdStrike processed and blocked the operation. The investigation is very easy for me. I can go to the tree level and see what is going on. It is very useful.

The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that. In my previous experience, when anything was getting scanned, our PCs would become slow. Users would complain about PCs getting slow. This is a positive point of CrowdStrike Falcon.

The dashboard area must be improved. We have integration with Splunk, and we are creating a dashboard there. Their dashboard area must be up to date. It should have more details and more options to create the reports and things like that.

I have some concerns about their support. I am not happy or satisfied with their support. Something happened, and we opened a ticket. Their support engineer just vanished, and after a month, he came back and told us that he was off work and could not pursue the ticket. He said that he now has the time, but logs are gone because there is a time limit. We were asked to repeat the test. This is very unusual for me. 

In my organization, we have been using it for the last one and a half years. I have been using it for the last two to three months because I recently joined the organization.

From my understanding and observation, it is a stable product, but I have been using this product only for the last two to three months. I am just in the learning phase.

We have almost 3,000 users using this solution. 

I would rate CrowdStrike's support team a three out of ten. Their support is unacceptable for us. We are doing some testing ourselves. When we found an issue where CrowdStrike should have blocked something but did not, we opened a ticket with CrowdStrike. They tried to communicate with us and looked at the files that we shared. We had updated signatures, and we shared with them the SHA values, but after that, they suddenly vanished. Just two days ago, I got an email from them that the engineer was on leave and he is back now. They asked us to perform the activity again, which is unacceptable.

When any issue happened with Symantec, we opened a ticket, and they would accept their mistake if something was not caught by Symantec. They would then update the definitions and send us the latest updates. This is the way to work on the latest technology trends.

Negative

I have experience with Symantec endpoint protection. As compared to Symantec, CrowdStrike is a very good product. I have also worked with Microsoft Defender.

Every product has some advantages and disadvantages. I have worked with Microsoft Defender and Symantec, and now, I am working with CrowdStrike. Every organization's needs are very different. It depends on what the organization wants. For example, the security requirements of the banking sector are very high. The banking sector has different requirements, the retail sector has different requirements, and a software development organization has different requirements. An organization should weigh the pros and cons and decide based on the requirements.

Overall, I would rate CrowdStrike Falcon an eight out of ten.

We use the solution for endpoint security. We use the tool to ensure the endpoints are protected from abnormal activities, people don't run different scripts, and people don't compromise endpoints and use them to get into the network.

The solution's most valuable feature is that it is robust and can detect almost every malicious activity that occurs within the endpoint.

I would like a centralized deployment where I could roll out or push it to all endpoints.

I have been using CrowdStrike Falcon Surface for two years.

CrowdStrike Falcon Surface is a very stable solution.

CrowdStrike Falcon Surface is a very scalable solution. A lot of customers are using CrowdStrike Falcon Surface. One of our customers for the solution has 12,000 endpoints.

The solution's technical support is handled centrally by CrowdStrike, and the support was also good and knowledgeable.

I didn't deploy the solution, but I supported customers that use it. I think it took them up to six months to deploy the CrowdStrike Falcon Surface.

The solution somehow doesn't allow intrusion and minimizes fraud or cyber-attacks. Within the time we're using it, CrowdStrike Falcon Surface detected a lot of intrusion from malicious individuals. It was able to prevent a lot of insider threats where people internally will want to run some malicious scripts within the environment.

It detects those malicious attacks quickly, and we can prevent them. It minimized a lot of cyber and fraud-related activities that could have cost the bank a lot of money.

CrowdStrike Falcon Surface is a cloud-based solution. In light of the recent global IT outage that affected CrowdStrike, they should do proper change management.

Overall, I rate the solution a nine out of ten.

The tool helps to increase security because the threats we face keep changing, so we need better protection. In the past, we've faced some attacks on our network, and while we managed to deal with them, we realized we needed even stronger protection. That's why we decided to implement CrowdStrike Identity Protection.

The main feature we rely on is the product's intelligence. We appreciate the advice from the team during implementation. One of the main reasons we chose this product is its compatibility with Office 365.

Improvement is always possible. It's challenging to gauge how much future mitigation is provided, especially since we've only been using the product for about one and a half years. Every product faces this challenge because nothing is ever completely foolproof. So, besides relying on technology, we also focus on increasing our staff's awareness of security issues. Feedback from my colleagues suggests that the reporting and dashboarding of incidents could be improved.

I have been working with the product for one and a half years. 

I rate the tool's stability an eight out of ten. 

Scalability isn't a problem for us. Many big multinational companies use CrowdStrike Identity Protection, so it's designed to handle environments like ours without any issues. My company has 500 users. 

The tool's deployment is easy. Thanks to the installation scripting we utilized, the technical rollout took about two weeks. Then, there was some additional time, around two to four weeks, for customization and configuration. After that, the systems were up and running. So, all in all, it took about three months to have our mitigation strategies in place. We have one engineer for maintenance. 

I rate the overall product an eight out of ten. I would recommend it to others. However, it's crucial to understand areas where the product might not provide coverage and how to mitigate those gaps. For example, it covers endpoints, networks, and Office 365 environments, but are there other areas in the attack surface that it doesn't address well? It's essential to be aware of any potential gaps upfront.

The solution helps in preventing incidents. However, it's challenging to quantify the exact impact because we don't know what would have happened without it. It's similar to having insurance for your house. 

The following is a list of use cases that were tested and evaluated against Crowd Strike along with different competitors.

1 - Execution of Fileless Ransomware - The test was conducted using PowerShell script execution, the script was executed using privileges rights and it was successful. Although all the preventive controls were enabled in the CS falcon dashboard, CS falcon had raised a red flag regarding fileless execution, however, the moment it let us know our system got encrypted.

2 - Uploading large volume of Data over the cloud - Using customized script in the USB, a test was conducted to copy (.docx, .xlsx, .pptx, .png, .jpg, .pdf, .txt, .rtf) files from the system. It performs a copy operation from the whole disk and creates a password-protected .zip file in APPDATA of the complete files, once the protected file is created it then checks the internet connectivity. As soon as the script finds connectivity with 8.8.8.8, 8.8.4.4. it starts sending the protected .ZIP file over its CnC cloud.

3 - Disabling of CS Falcon Agent - I have conducted a test to disable the Falcon agent from the Windows-based OS. The agent was successfully disabled by booting up another OS and renaming of agent files from the system.

4 - Perform Privilege Task in Crowd strike - CS roles have some additional privileges. While performing host containment, it has the ability to perform the following operations without informing the user: 

* Host Containment 
* Isolating the host from the network;
* Copying data from the host machine into the CS cloud;

Considering the above situation it may cause a breach of user privacy due to which user can file a complaint against InfoSec team.

The solution fits well in the organization and took out valuable output as expected from Endpoint Detection and Response solution.

This solution supersedes the requirement of an Endpoint Protection solution. The cost of EPP can be saved while using EDR.

One good thing is the active association of the Crowd Strike team in terms of support and coordination. 

Features that require further evaluation include:

Let's take an example of ten machines that require CS falcon agent installation. Apart from agent compatibility and ease of installation, one of the most important areas is the network bandwidth which would require whenever an agent updates the server through the cloud. 

An estimated network bandwidth utilization takes 0.4 MB/hour for a single machine to update its probes over the cloud. If we estimate the total working hours in our case it is eight hours, the formula would be 0.4 X 8 = 3.2 MB per host per day is the data uploading requirement on the cloud. It is highly recommended to assess a number of agents and the network bandwidth requirements.

The CS falcon agent is a lightweight agent compared with other agents of EDR products. Moreover, the following is the list of valuable features which I found very useful:
1 - Lateral Movement  
2 - Overwatch detections
3 - Custom IOC blocking
4 - Suspicious Process and Registry operations
5 - Azure/AWS agent installation and easy integration with SIEM
6 - Triage of the complete incident is well created in the CS dashboard. It helps to show complete details about the incident.
7 - It is an agent-based license not machine-based, so once the machine gets outdated/old, installation of the same agent license in another machine is possible.

Area of Improvement

The products still require improvement in the Apple environment (Mac). Currently, this solution (as of July 2022) is not compatible with MAC OS (X), Catalina, or Big Sur.

Similarly, the product is also not compatible with Unix-based systems including AIX, Darwin, and FreeBSD.

CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine.

Additional Features required in the Next release:

The product requires an add-on feature which should be a turnkey feature if it requires to be turned on to XDR no changes should be required to be made on the user end as the agent is already installed.

The solution has been used for around two years, including the demo version with full features and final version with specific features.

This solution has been used without any compatibility issue and/or technical failure due to anti-virus installation.

When we procured Crowd Strike as an EDR it was on the Gartner top ranking as well.

The agent was being utilized in Windows Servers (2016, 2019), Linux Servers (Fedora, Red hat, Cent OS), Windows Endpoints (10, 11), and Mac. 

The solution is stable and we have used it for more than 2500+ hosts.

It is a cloud-based solution - so scalability is not an issue.

When it comes to customer service and support is that the principal engages whenever required.

Positive

This was the first product that we evaluated out of 6 (six) products.

The setup was straightforward and it's easy to use.

A vendor team was engaged in the installation of the complete solution.

Licensing is relatively low than other EDR solutions.

We evaluated Carbon Black and FireEye.

Crowd Strike is a good solution. However, it requires you to build more features in protecting Endpoint agents for example:

DOM Improvement
DLL's Injections
Detection of CNC in Network Neighbors
Detection of similar attack surfaces in the network.

The Insight feature is one we found the most useful. It does behavior-based analysis and gives us the most appropriate information.

The initial setup was easy.

It's pretty stable.

The scalability is good.

Most organizations are currently looking for a scheduled scan to meet their compliance needs. Other players like Symantec and Trend Micro, FireEye, et cetera, are still providing the signature-based regular scheduled scans also, which is not available in CrowdStrike. That is one parameter that we feel should be there in CrowdStrike. CrowdStrike is only working on the dynamic or the files under execution. CrowdStrike is not scanning the static files.

The product could be more accurate in terms of performance.

We'd like to have a single-click recovery option. With some machines getting corrupted by malware, we need an easy way to start with a blank slate if things happen. That one feature should be there in the EDR.

I've been working with the solution for three years. 

With CrowdStrike, we have found that there are a few missed detections. We would not say it is completely reliable or 100% reliable, however, the ratio of missed detection is more in CrowdStrike. In SentinelOne, we found that it was more accurate. We are seeing it act more efficiently.

We haven't had any issues with scalability. Being a cloud solution, it can scale well. 

Technical support is average. We are not seeing any extraordinary service and not many issues also. It's average, it is as expected.

I'm also familiar with Symantec, Trend Micro, SentinelOne, and FireEye.

The initial setup was pretty straightforward. It's not overly complex. You still need expertise, however, it's pretty reasonable. 

We did not need any outside assistance. 

The pricing of the solution is average. 

We are a managed security service provider.

We are using a SaaS offering and therefore, in terms of the version, we are not bothering so much on worrying which we are on. It is automatically getting updated. We are running on the latest version at all times.

While I would recommend the solution, CrowdStrike, when it first came into the market, it was sort of a single choice for many customers. Now, we can see there are many other competitors also. Those are providing pretty good functionalities in a more efficient way. We could see that other solutions are better than CrowdStrike.

I'd rate the solution seven out of ten.

We use the solution for end-user devices.

The reporting console is phenomenal, and I can get a lot of data out of it. The reporting capabilities are much better than anything I've used before. With CrowdStrike Falcon, we can track machines much better.

One of the things that we built and used quite regularly is a remote wipe capability within CrowdStrike Falcon. The solution should have included remote wipe capability out of the box.

If we have a compromised or stolen machine, we can quarantine it within the CrowdStrike console. However, it doesn't include a feature that enables you to remotely wipe that machine via the console. We had to build that in separately.

I have been using CrowdStrike Falcon for two years.

We haven’t faced any issues with the solution’s stability.

The solution's scalability has been amazing. We started by deploying it to 30 users, and over three months, we expanded to 5,000 users with no issues.

For technical support, I open a ticket with the MSP, and they deal with it. Our MSP is excellent at resolving support tickets.

We previously used Symantec Endpoint Protection. We switched to CrowdStrike Falcon because it was a new vendor with new technology.

The solution's initial setup was very easy because we did an SCCM push for deployment.

Our MSP did a lot of the deployment work for us. The solution was deployed by a small team in three months. It took four of us to deploy the tool to 5,000 users.

The solution's pricing is great for us.

It took us about three months to adjust to the new client and switch from a file-level scanner to an AI-based CrowdStrike scanner to see where we felt the differences. CrowdStrike Falcon is deployed on the cloud in our organization. From an end-user perspective, the solution does not require any maintenance after deployment.

New users should be prepared for unexpected alerts. CrowdStrike Falcon views things very differently than many conventional antivirus tools.

Overall, I rate the solution a nine out of ten.

It also helps you with access, like we have dark web monitoring and admin protection management. So, the use cases can vary from organization to organization, but every organization has different value in it.

It helps to prevent unauthorized access or identity theft from external sites. If your identity is stolen, you can ban it.

Real-time monitoring is important because it runs multiple things on a single platform, like IDA, EDR, XDR, and SIM solutions. It captures all technology with one agent, which makes it easier for us to fix customer issues. 

Having a single console is helpful, especially when customers have multiple vendors for their products. It's easier to manage one partner. In this case, CrowdStrike Falcon helps.

One thing that is not yet available is attack simulation. For example, if someone tries to attack your Active Directory on inactive accounts, a cyber attacker could hack those accounts and try to get into your company. This could be a feature to add. It would give a fake reply each time someone tries to hack it. Multiple companies that I know of would like that.

I have been using it for two years. 

It is a stable product.

I would rate the scalability a nine out of ten.  It's a scalable solution that is very easy to deploy.

It is suitable for every kind of business, including small, medium, or enterprise businesses.

Technical support depends on a system integrator.

CrowdStrike technical support regarding Identity Protection has a team, but if there's no issue with the agent, you can work it out yourself.

The support is good.

Positive

The initial setup is easy. We only have one option available right now: on the cloud. It gets applied to endpoints, but it's cloud-based.

It is very easy to integrate this product into our existing environment.

It's a premium product.

From my end, it works. But it can be recommended or viewed by a personal customer. We are not the sole user of CrowdStrike Falcon. It's the end user.

I would recommend using it. For me, it is the best product ever. Overall, I would rate it an eight out of ten.  

We use CrowdStrike Falcon for endpoint protection and cybersecurity.

We implemented CrowdStrike Falcon to ensure our systems were secure and there were no infiltrations to our system.

We deploy CrowdStrike Falcon across a variety of platforms, including cloud and edge environments. We ensure it meets rigorous security standards, is properly certified, and adheres to our data management policy.

We integrated CrowdStrike Falcon with our end-user systems and servers.

Since implementing CrowdStrike Falcon, we haven't experienced any serious threats, and we've seen a decrease in phishing and ransomware emails. This suggests it's been very effective in mitigating those threats.

The UI is easy to use and comprehensive.

CrowdStrike Falcon's performance has improved our user productivity.

CrowdStrike Falcon offers a comprehensive dashboard that is highly effective in protecting against and blocking external infiltration attempts.

The pricing structure should allow for some flexibility.

I have been using CrowdStrike Falcon for almost 3 years.

CrowdStrike Falcon is stable.

I would rate the scalability of CrowdStrike Falcon 8 out of 10.

The technical support is good. We have not had any issues with them.

Positive

The initial deployment was straightforward. The deployment doesn't take more than one day. Those involved with the deployment are system engineers, IT analysts, and software engineers.

The implementation was completed in-house.

The price is fixed with no room for negotiation.

I would rate CrowdStrike Falcon 8 out of 10.

We have deployed CrowdStrike Falcon in multiple departments, locations, and satellite offices.

CrowdStrike Falcon doesn't require maintenance from our end other than the updates.

I recommend CrowdStrike Falcon to others.