Security Systems Analyst at a retailer with 5,001-10,000 employees
Real User
Allows us to sleep better at night
Pros and Cons
  • "I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
  • "I would also like to see the endpoint firewall component produce some level of logging and feedback."

What is our primary use case?

CrowdStrike is a malware protection solution that is deployed on a private cloud across all areas of our organization. We have deployed the solution to 10,000 users. Roles-based it's the security team. 

We recently upgraded to a new feature that is set to roll out. CrowdStrike is a requirement, it's our standard. If you have a new OS deployed or a new server deployed, this is a required component. It has been automated as we grow and as we add more systems.

How has it helped my organization?

CrowdStrike allows us to sleep better at night.

What is most valuable?

I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution.

What needs improvement?

This solution lacks basic functionality, such as being able to perform on-demand scanning. This presents a challenge when it comes to the payment card industry, PCI which has that as built-in requirements for the PCI DSS standard.

I would also like to see the endpoint firewall component produce some level of logging and feedback. 

Buyer's Guide
CrowdStrike Falcon
March 2024
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.

For how long have I used the solution?

I have been using CrowdStrike Falcon for three years.

What do I think about the stability of the solution?

CrowdStrike is very stable, we've had very few technical issues. The false positive rate is average. It has been very easy to manage and to determine where issues are.

What do I think about the scalability of the solution?

This solution is very scalable. It is easy to roll out more agents and is fairly automated. We have it deployed in multiple environments such as hybrid versus cloud versus private. 

How are customer service and support?

We have had very positive interactions with not only our manage service provider, but the vendor directly. They've offered good support when we've had some questions and concerns. Their documentation is fairly extensive.

Which solution did I use previously and why did I switch?

We follow trends to make sure we have the best product for our organizations. The one we were using fell behind a bit. We wanted something that was completely cloud-based so that the infrastructure wasn't on-prem and we wouldn't be required to manage the upgrades of servers and applications. 

How was the initial setup?

The initial setup was moderate. There is a lot to think about and a lot to plan out, however once that is done the actual deployment is straightforward. We used a tiered deployment, deploying the product in a learning mode or logging mode only. We also did a tiered deployment by division and then enabled features by division to make sure that if there was an impact, we could at least contain it to one area and revert back as quickly as possible.

What about the implementation team?

We deployed with an integrator. They were very knowledgeable and knew what they were doing. They involved the vendor when required. We use half of an FTE to maintain the solution. We also have a managed service provided that also integrated the log files from this product into our SIM. We are pointing all the logs to a log reporting utility that allows us to react to alerts. 

What was our ROI?

Because we are information security, we come with a price tag, unfortunately. When we look at it as a whole, we are able to sleep at night, we have a good solution and it is protecting us from the zero-days and the latest malware. I don't know what you put the cost of breach prevention at.  We feel we are using a product that is at the top of the industry. We are doing as much as we can to protect our organization, so there is the return on investment that way.

What's my experience with pricing, setup cost, and licensing?

We pay yearly for the solution. It makes it easier for budgeting purposes. We did incur additional costs when we implemented their firewall solution, calling it the endpoint firewall. 

Which other solutions did I evaluate?

We're constantly looking for other options the industry's top solutions and where the industry is going next. In cybersecurity, we ensure we are protected today but also make sure that we are thinking towards the future and analyzing other solutions to see if they are better, or potentially better in the future.

What other advice do I have?

If you are looking at CrowdStrike, plan appropriately. Make sure you have planned it out and do your testing. We found that it was legacy-friendly. We have a lot of legacy applications and we were concerned about that. We ran into some minor issues but we did find that it was friendly, however, there were some newer applications that the product did not interact with as well as we expected. They were easy fixes, but you should do your due diligence so you run into fewer surprises.

I would rate CrowdStrike a 9 out of 10.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chief Information Security Officer at a hospitality company with 5,001-10,000 employees
Real User
Stable and easy to set up, and has reduced our need to re-image machines
Pros and Cons
  • "The most valuable feature is that we don't need to re-image machines as much as we had to."
  • "They need to strengthen the forensic capabilities of this product, for e-discovery."

What is our primary use case?

We have various use cases. We are protecting servers and endpoints that are utilizing this product to focus on advanced, persistent threats, with the goal of reducing the overhead on the endpoint for early detection.

Right now, we have not put enforcement, and we're moving to the next level of detection.

How has it helped my organization?

Using this solution has reduced my need for imaging. We can mitigate the issue and address it immediately, for people both on and off of the network.

What is most valuable?

The most valuable feature is that we don't need to re-image machines as much as we had to.

What needs improvement?

They need to strengthen the forensic capabilities of this product, for e-discovery.

For how long have I used the solution?

We started testing and deploying CrowdStrike Falcon about a year and a half ago, in the early part of 2019.

What do I think about the stability of the solution?

In terms of stability, it's a great tool.

What do I think about the scalability of the solution?

At this time, we have between 5,000 and 6,000 endpoints.

How are customer service and technical support?

We have been in touch with CrowdStrike technical support and they have been very supportive.

Which solution did I use previously and why did I switch?

Prior to CrowdSrike, we used a signature-based solution from Symantec.

How was the initial setup?

The initial setup was very straightforward and very easy. We've been bringing stuff into the SWOT platform and getting that data. It has been pretty good.

What about the implementation team?

The implementation was done in-house. We had, in part, help from a strategic partner, EY.

Which other solutions did I evaluate?

CrowdStrike is what we did for the time and for the moment. It is number two when you look at the magic quadrant, and we have implemented that for the time being. When we selected it, that was right for us to get away from a Symantec signature-based environment for endpoint detection response.

We have moved over to CrowdStrike for now. When you look at the quadrant, the number one is Microsoft. With Defender built into the operating system, there is less overhead on the endpoint. We will eventually, most likely, migrate to that.

I have experience with Cylance, as well. They gave that the advanced persistent threat leader title, at one point in the market. I implemented that for one client and now, being in this CISO role, I went with CrowdStrike over Cyberreason and Cylance/Blackberry. The main reason for CrowdStrike is the Falcon technologies and what they do with their strategy.

We're moving to Office 365, and it will make sense for me to adopt Microsoft Defender because it's integrated into the platform. One of the differences between Defender versus CrowdStrike or any other of them is that they have to sit outside. Microsoft Defender can go deep down into the kernel, and that's a good thing for the endpoint. You can do a lot and detect a lot, which makes it far safer against advanced persistent threats.

What other advice do I have?

Overall, this product has been pretty good and I recommend it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
CrowdStrike Falcon
March 2024
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Director Of Information Technology at DLZ Construction Svs.
Real User
Very good for endpoint security; we've remained infection free without any downtime
Pros and Cons
  • "We haven't had any infections or down time."
  • "Too many false positives."

What is our primary use case?

We use CrowdStrike for our endpoint security and we're about to tie it into vScaler. It's on every endpoint in the company and is used by everyone in the organization. It's anti-virus security software, so we'll continue to put it on every machine whether our company grows or shrinks.I'm the director of information technology in our company and we're a customer of CrowdStrike. 

What is most valuable?

We rely on our environmental security and we haven't had any infections so that's valuable for us. It means we haven't lost any time due to the system being down from ransomware or anything like that, so it's quite positive. 

What needs improvement?

Improvement could be made in the number of false positives we get, there are more than there needs to be. Typical Windows functions sometimes get stopped by CrowdStrike. In general, I'd rather err on the side of safety but some of these are really straightforward functions that should get through.

For the future, I think they need to keep building on their extensibility, the capability to be extended, so that it's not lost and we can utilize the knowledge that we're gaining from the endpoints. 

For how long have I used the solution?

I've been using this solution for a little over a year. 

What do I think about the stability of the solution?

This is a stable solution, I'm unaware of any failures. 

What do I think about the scalability of the solution?

Scalability is expensive but it works. We've installed it on more than 900 machines in the corporation and it covers every role from civil engineers, architects, HR people, office workers and the server. Maintenance takes the equivalent of one full-time position but it's a shared responsibility among the IT team. 

How are customer service and technical support?

The technical support do a good job. 

How was the initial setup?

The initial setup occurred before I began working here although I believe it is quite straightforward. The install process for machines is pretty good. If we want to de-install it's not so great, but overall it's tolerable.

What's my experience with pricing, setup cost, and licensing?

I believe that we pay about US$ 65,000 annually which covers 900 machines in the company. There are no other costs but there are additional features that can be purchased but we haven't done that. 

What other advice do I have?

CrowdStrike do their job well and can be compared to other solutions on the market such as SentinelOne and Huntress. They do need to be more extensible because right now they don't play well with others and it's a bit of a challenge on the management side.

I would rate this solution an eight out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Neeruganti Santhosh Kumar - PeerSpot reviewer
Security Analyst at a tech services company with 501-1,000 employees
Reseller
Offers robust protection and excellent visibility in a highly scalable solution with great technical support
Pros and Cons
  • "The feature I like the most is the solution's detection."
  • "The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool."

What is our primary use case?

We use CrowdStrike Falcon to detect and alert us to any malware in our system. In our organization, we integrated CrowdStrike with a SIEM tool, which does the alerting. If the solution detects malware and issues an EDR alert, it notifies us and begins gathering data about the detection, including the hostname, user name, the hash value of the downloaded file, and the file's reputation. Then, we can ask the user the delete the file from the PC and drives, such as USB drives, if necessary. Following removing any malicious files, we can use CrowdStrike to run an AV scan on the affected device or devices.

How has it helped my organization?

We use the solution's Horizon module to protect multi-cloud work environments and integrate with SIEM tools. Detections in CrowdStrike trigger a response from the SIEM tool, allowing us to face threats via a coordinated approach.

Horizon simplifies security management of multi-cloud environments, and the improvement has been significant. Integration with a SIEM tool makes alerting and detection very rapid, which significantly helped.

To give an example, one of our employees mistakenly downloaded a malicious phishing video. The solution quarantined the file, protecting our organization from attack.

What is most valuable?

The feature I like the most is the solution's detection.

The fact that CrowdStrike Falcon is a cloud-native solution provides us with a lot of flexibility and always-on protection. This is very important to us because it enables automatic detection and quarantining of malicious files, and that's one of the features we like most about working with the tool. 

The visibility provided by the solution in multi-cloud environments is excellent; it's one of the best features. 

What needs improvement?

The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool. 

For how long have I used the solution?

I've been using the solution for about three years. 

What do I think about the stability of the solution?

The product's stability is good. 

What do I think about the scalability of the solution?

The scalability is excellent; top tier. There are about 15 end users in our company, and they are members of the security team. We plan to increase our usage of the solution. 

How was the initial setup?

It isn't challenging to deploy the solution's sensor to endpoints, and it becomes even more straightforward with some experience and understanding of the tool. 

The deployment is relatively quick, though it takes a little longer than other products.

What about the implementation team?

We implemented via an in-house team as we had a lot of experience with the solution. 

What's my experience with pricing, setup cost, and licensing?

The solution isn't very costly; it's affordable.

Which other solutions did I evaluate?

We evaluated a McAfee solution, and CrowdStrike has a lot more automation. 

What other advice do I have?

I rate the product nine out of ten. 

CrowdStrike is excellent at preventing breaches, and our security operations are more robust as a result. The automatic quarantining of malicious downloads keeps our system safe and our information out of the hands of attackers.  

The solution reduces our security risk significantly; it's an advanced tool.  

We learned about the solution when some of our employees saw a promotion campaign. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Younghoon-Youn - PeerSpot reviewer
Director of Security Solution Business at a wholesaler/distributor with 1-10 employees
Real User
SaaS security solution that is efficient in running antivirus processes using little storage
Pros and Cons
  • "The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed."
  • "This solution is relatively expensive."

What is our primary use case?

We use this solution for next generation antivirus and EDR.

How has it helped my organization?

Developers previously complained their resources required regular scanning on their system. This made their system and response time slow. This has since been improved using this solution. 

What is most valuable?

The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed.

Based on the documentation CrowdStrike provide, the solution provides a number one detection ratio which we like. 

For how long have I used the solution?

We have used this solution for one year. 

What do I think about the stability of the solution?

This is a stable solution as it is cloud based. We have 3000 users making use of it. 

How are customer service and support?

The support team responses are often a little bit slow. I would rate them a three out of five. 

Which solution did I use previously and why did I switch?

We previously used Cisco AMP.

How was the initial setup?

The initial setup is straightforward. I would rate it a five out of five. The deployment was a replacement project and it took three months.

What about the implementation team?

We used a third party for installation. 

What was our ROI?

We don't need to maintain onsite servers and deep end user updates with the new vulnerabilities. Considering the required server hardware and maintenance workload, the ROI will be achieved in a year or one and a half years.

What's my experience with pricing, setup cost, and licensing?

This solution is relatively expensive. 

What other advice do I have?

I would advise others to first evaluate AV or EDR and then investigate the current endpoint protection solution that are already using in their organization. They should then check what kind of tools can be placed with CrowdStrike. 

I would rate this solution a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Customer but recently joined partnership programme
PeerSpot user
Cybersecurity Analyst at a computer software company with 51-200 employees
Real User
Seamlessly integrates, is stable, and is suitable for all sized organizations
Pros and Cons
  • "Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution."
  • "The detection time has room for improvement."

What is our primary use case?

We use CrowdStrike Falcon for endpoint protection against malicious activity.

What is most valuable?

Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution.

What needs improvement?

The detection time has room for improvement.

For how long have I used the solution?

I have been using CrowdStrike Falcon for two years.

What do I think about the stability of the solution?

I would rate the stability of CrowdStrike Falcon ten out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of CrowdStrike Falcon a nine out of ten.

How are customer service and support?

The technical support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We are an MSP and have used and provided IBM QRadar, Bit Defender, and CrowdStrike Falcon based on each client's requirements. 

CrowdStrike Falcon is the most popular choice for our clients because of its price.

How was the initial setup?

Deploying CrowdStrike is straightforward. We initially had a technical representative guide us through the process, but now we can handle it ourselves for our clients. 

One architect and two engineers are used for the deployments.

What about the implementation team?

We implement the solution for our clients.

What's my experience with pricing, setup cost, and licensing?

The licenses are offered on a one-year and two-year basis. The more endpoints an organization adds the cheaper the cost.

What other advice do I have?

I would rate CrowdStrike Falcon a ten out of ten.

Our clients range from small up to enterprise level.

The maintenance is simple. We just need to stay on top of the updates.

CrowdStrike Falcon is user-friendly and the analysis provided is good making it an efficient solution.

Disclosure: My company has a business relationship with this vendor other than being a customer: MSP
Flag as inappropriate
PeerSpot user
Sandeep Sehrawat - PeerSpot reviewer
Information Technology Security Consultant at Sify Technologies
Real User
Top 5
Your dashboards will tell you the number of the endpoints being protected and the incidents.
Pros and Cons
  • "CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details."
  • "CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats."

What is our primary use case?

CrowdStrike Falcon is an Endpoint Detection and Response system that uses agents deployed on each endpoint. It works on mobile or wired devices. The operator provides you real-time and online protection against the latest malware and wireless attacks.

What is most valuable?

CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details.

What needs improvement?

CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats.

For how long have I used the solution?

I've been using CrowdStrike Falcon for two years. 

What do I think about the stability of the solution?

CrowdStrike is highly stable.

What do I think about the scalability of the solution?

CrowdStrike is a cloud-based solution, so it's always scalable. You can adjust your endpoint licenses at any time, so if your endpoint is decommissioned, you can reduce the licenses. If you want to add few more endpoints, you only need to deploy the agents. We have provided CrowdStrike Falcon EDR solutions for many clients, and the largest is about 2,000 licenses. 

How are customer service and support?

CrowdStrike support is great. Palo Alto and CrowdStrike both have outsourced support.

How was the initial setup?

Deploying CrowdStrike is straightforward. You can mass-deploy it using any management solution like WSS. It's a light agent that only requires 30 to 40 MB of space, so it's deployed in minutes.

One person is enough to manage the solution. A single admin can create a group based policy and deploy on hundreds of systems in a day if they are connected with their AD or WSS. If they are out of the network and out of the reach, then you need to do it manually, and that takes times for the endpoint availability.

What other advice do I have?

I rate CrowdStrike Falcon eight out of 10. I strongly recommend it. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Park Armstrong - PeerSpot reviewer
Chief Technical and Solution Architect at Vertigo Inc.
Real User
Top 5Leaderboard
Beneficial crowdsourcing intelligence, robust, and useful multi-tenant architecture
Pros and Cons
  • "The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
  • "The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."

What is our primary use case?

I use CrowdStrike Falcon for endpoint security and compliance auditing.

How has it helped my organization?

We use CrowdStrike Falcon for discovery when anything goes wrong because it gives us a full history of what's happening. It acts as a preventative model for inappropriate activity. Additionally, we use it for compliance reasons.

What is most valuable?

The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence.

What needs improvement?

The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool.

In a future release, the mobile space can use improvement. However, some of those constrained are by Apple and other platforms as to what they can do on the platform. Some of the limitations are industry-based.

For how long have I used the solution?

I have been using CrowdStrike Falcon for approximately one year.

What do I think about the stability of the solution?

The stability of CrowdStrike Falcon is great, I have never had the slightest problems.

What do I think about the scalability of the solution?

CrowdStrike Falcon is highly scalable.

CrowdStrike Falcon is implemented company-wide on every device.

I have approximately one hundred protected endpoints, but the number of users that log on to the tools is approximately four.

How are customer service and support?

CrowdStrike Falcon needs to better its SE sales engineer team. The people didn't fully understand all the different parts of their solution. It's the endpoint protection and it is the essence of what we're trying to receive, they should know their solution very well.

I rate the support from CrowdStrike Falcon a three out of five.

Which solution did I use previously and why did I switch?

I previously used an anti-virus solution, but it didn't do all the things I needed regarding endpoint protection. That's why I added the CrowdStrike Falcon piece to the puzzle. I still have the anti-virus running. I don't need it technically, but I still have it running.

How was the initial setup?

The initial setup of CrowdStrike Falcon is in the medium range of difficulty. You will need a coach and be guided through it.

The time it took to do the full implementation from the beginning to end, from when the contract was turned on, and by the time I turned it on and had everything up was fairly fast because we piloted CrowdStrike Falcon at first. When I bought the solution, it was almost fully implemented. The full process took approximately two months.

I rate the ease of deployment for CrowdStrike Falcon a two out of five.

What about the implementation team?

We had some coaching help from the vendor to do the implementation of the solution. We have three people that can manage this solution.

What was our ROI?

This is not a tool you buy because it gives a return on investment. It's a tool you buy because the cost of not having it is far greater than the cost of having it if you have a problem.

What's my experience with pricing, setup cost, and licensing?

There are approximately a hundred different modules you have to purchase, depending on what you want to do. I have most of the modules. How it works is you buy the portfolio, you have to decide all the components you want in it, and then they price out a bundle for you. I have almost all of the package features in my bundle. You only need to pay for the modules you want.

The cost of CrowdStrike Falcon annually is approximately $10,000.

I rate the price of CrowdStrike Falcon a three out of five.

Which other solutions did I evaluate?

I studied the entire industry before choosing CrowdStrike Falcon. I evaluated many other solutions, such as Manage Engine, Malwarebytes, Checkpoint, McAfee, and Microsoft.

We choose CrowdStrike Falcon because it was fit for the purpose of our business. I needed a cloud solution and I needed it to be a SAS offering that was easy to use. It boiled down to features and fit for purpose, not features and functionality.

CrowdStrike Falcon platform was more robust. It was a true multi-tenant architecture, not a hosted instance. The crowdsourcing nature of CrowdStrike Falcon is a large benefit, all of the threat data is real-time and applied to you real-time from all around the world.

What other advice do I have?

My advice to others is to take a serious look at CrowdStrike Falcon. It's a good solution.

I rate CrowdStrike Falcon an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free CrowdStrike Falcon Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Buyer's Guide
Download our free CrowdStrike Falcon Report and get advice and tips from experienced pros sharing their opinions.