CrowdStrike Falcon Reviews

We are a CrowdStrike Falcon distributor that helps clients monitor their environments for malicious activity coming from the internet.

Both users and administrators find CrowdStrike Falcon easy to use.

I like the vulnerability assessment and proactive hunting features of CrowdStrike Falcon.

To simplify the budgeting process for our clients, CrowdStrike should consider offering bundled packages that include essential features. The separate model pricing structure can make it challenging for clients to gain approval for their security needs.

CrowdStrike could consider regional pricing models to better reflect the economic realities of different markets.

I have been using CrowdStrike Falcon for 2 years.

CrowdStrike Falcon is stable.

CrowdStrike Falcon is scalable.

We have also used Sophos. CrowdStrike Falcon is a better solution but Sophos is more affordable.

The deployment is straightforward.

The cost of CrowdStrike Falcon in Latin America seems high relative to the economic conditions in the region.

I would rate CrowdStrike Falcon 9 out of 10.

To realize the benefits of CrowdStrike Falcon, it's recommended to conduct a proof of concept first. You should then start to see the advantages within a few months.

No maintenance is required from our end.

To ensure the successful implementation of CrowdStrike Falcon, it's essential to have a complete network map and inventory of all resources and devices.

Our organization relies on CrowdStrike, a standalone endpoint security solution, to safeguard our bare-metal machines. CrowdStrike continuously monitors for threats on all endpoints. If it detects any suspicious activity, such as malware or malicious processes, it immediately alerts us for investigation. 

The malware protection is the most valuable feature of CrowdStrike Falcon.

The current database schema presents challenges and has potential for improvement.

The technical support response time can be improved.

There are a lot of false positives reported.

I have been using CrowdStrike Falcon for almost four years.

CrowdStrike Falcon is stable. 

CrowdStrike Falcon is scalable.

The technical support is good but the response time can be improved.

Positive

We previously used VMware Carbon Black Endpoint. CrowdStrike Falcon is more of an EDR solution.

I would rate CrowdStrike Falcon a seven out of ten.

The maintenance is straightforward.

CrowdStrike Falcon is deployed independently in our environment and we have 30 users.

While CrowdStrike Falcon offers valuable security tools for larger organizations with extensive infrastructure, its complexity might not be ideal for smaller businesses with limited IT resources.

Our primary use case is IPS and IDS.

CrowdStrike Falcon is extensively used by all 2,000 employees.

The most valuable features are the complete IPS and IDS. Both the feature provide good measures for threat detection and prevent network intrusions. 

Forensic controls have room for improvement, and CrowdStrike Falcon can add more features here.

Another improvement could be the support for this product could be cheaper.

I have been using CrowdStrike Falcon for two years. We are using version 6.5.1.

It is a stable solution. I would rate it a nine out of ten.

The scalability of CrowdStrike Falcon is quite good. There are around 2,000 users in our organization. I would rate it an eight out of ten. There are a few things, such as the forensic part and the investigation, that can be improved.

I have worked on many other IDS solutions, but I found CrowdStrike Falcon to be the best.

The setup is pretty straightforward. The deployment took some time because we didn't have an NBM solution. We installed it two years ago. But now it's clear, and we don't need much time to deploy it.

The tech support is good but can be expensive when it goes out of the subscription.

I have seen a good return on investment.

There is a license-based model. We use the yearly license. I would rate pricing a seven out of ten, where one is cheap, and ten is very expensive.

I highly recommend people use CrowdStrike Falcon. Overall, I rate it a nine out of ten.

The solution is primarily utilized for EDR and XDR capabilities, with some identity management features integrated through Falcon. In essence, it is employed like other endpoint protection platforms.

CrowdStrike Falcon no longer stands out compared to other endpoint protection platforms like Carbon Black or Microsoft Defender. Therefore, neither is superior to the other when used in our organization.

Regarding features, I appreciate its integration capabilities with identity providers, but it would have been better if they had their own identity product. The documentation is well-done in the solution.

CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition.

I would like to see CrowdStrike become closer to an agentless solution where I wouldn't have to deploy software and maintain the version of the solution.

I have been using CrowdStrike Falcon for a year. Also, I am using the solution's latest version.

There is no doubt about the stability of the solution. Stability-wise, I rate the solution a ten out of ten.

The solution has been successfully deployed in thousands of enterprises, so it is proven to be scalable. Major customers are using it, indicating that scalability is not a concern.

There are two numbers to reach out to the technical support team. Considering the time taken to reach out to them with a request and get a response, I rate them a ten. Based on the technical skills of the customer support team to solve a problem, I rate them between a six and seven.

Positive

The initial setup process of the solution was straightforward. However, it is important to note that I was only setting up the solution in a POC (Proof of Concept) environment and not in a production one.

That's a difficult question to answer because CrowdStrike Falcon was implemented to replace a previous solution. While it was cheaper than the previous solution, the only initial return on investment was cost savings, as we have not yet developed key performance indicators to measure the security benefits of using CrowdStrike Falcon.

The effectiveness of a solution is not always easily measurable by simply avoiding a hack on a given day. Instead, it often requires analyzing reporting data to determine its environmental impact. This data must then be used to calculate the return on investment and compare it to the cost of ownership. In my experience, the only clear return on investment has been in the initial deployment of the solution. The solution's price has typically been lower than that of previous solutions.

In my opinion, the pricing of CrowdStrike Falcon seems aggressive.

I recommend anyone planning to use CrowdStrike Falcon to ensure that they have an integration team. This is because the solution does not have many built-in features, and it relies on partnership integration with other significant players, such as identity and network vulnerability solutions. Consequently, when deploying CrowdStrike, hiring additional personnel is necessary to comprehend the integration process. If CrowdStrike is ranked number one, then Microsoft is above CrowdStrike due to its fully integrated features. If Microsoft ever got details of incorrect licenses, it would run CrowdStrike out of business. Overall, I rate the product eight point nine out of ten.

We primarily use the product for the security of the endpoints to protect against viruses and malware. It protects our devices from infection. 

The solution offers a very low footprint and provides very good protection. 

The resources that it uses are much lower than any other EDR or antivirus solution. The amount of RAM that it uses and the CPU that it uses are much lower than the other antivirus solutions.

It is an easy product to deploy. 

We've found the product to be scalable. 

It is stable and reliable. 

We can't do scanning audits or device blocking or application control. There are traditional antivirus features missing in XDR, and that is an issue. 

I've been using the solution for 15 months. 

It is a very stable solution. There are no bugs or glitches, and it doesn't crash or freeze. 

We have 55 people currently using the solution. 

This is a scalable product.

We have yet to contact technical support. I can't speak to how their services are. 

We were using another antivirus previously. However, it was heavier. We liked how this solution used much fewer resources and the fact that we didn't need to update our machines. 

The solution is simple to set up and deploy. It's cloud-based, which makes everything easy. It is already configured; you just need to prepare it on the endpoint. 

You can deploy the solution within a day. 

We are a partner and therefore get the solution for free. 

We are Crowdstrike partners. 

I'm not sure which version of the solution I'm using; however, it is likely the latest. 

From the theoretical perspective, it's a good product. They just need more features. You can't just replace an antivirus with it; you first need to ensure it's covering all of your requirements.

I'd rate the product nine out of ten. 

We primarily use the solution for antivirus and endpoint security.

I like its detection capabilities, number one. It's also very light. It doesn't slow down my machine.

The solution is stable.

It's quite scalable. 

The pricing is a bit too high. They need to adjust their target market.

I'd like to see a risk assessment or vulnerability management feature to show the company risk factors for the endpoints that have Crowdstrike deployed. 

I'm not sure if they offer patch management. If they don't, they really should. For larger enterprises, managing all those endpoints and trying to figure out which needs a patch can get tedious.

I've used the solution for a few months. We're still in the initial engagement.

The stability is very good. I can't complain about it. The only concern would be pricing. For this market, it's mostly SMEs and mid-market that we would target, and many would be those looking for antivirus or endpoint security.

The product is scalable. We have about 15 people working on it right now. 

We just went through training and were able to do most things ourselves. We haven't needed technical support.

I'm also working with Bitdefender. 

I switched companies. My previous company was using Crowdstrike and my new one is on Bitdefender. It uses multiple Bitdefender products.

They do have relatively high pricing. 

The target market is large enterprises. Maybe they could work on something that can be offered to even small and medium markets.

I was working for a vendor, and we were sharing pricing with a large enterprise, and it was around $800,000 USD or thereabout.

I was a Crowdstrike partner and was working with the vendor. I've since changed jobs. 

Whether or not it makes sense to use the solution depends on your budget and your pocket. The features are pretty similar to other options. Whether or not it makes sense to use depends on what you're looking for in endpoint security.

I'd rate the solution eight out of ten.

We are using Crowdstrike Falcon XDR for security.

The most valuable features of Crowdstrike Falcon XDR are Spotlight and Discovery, they are helpful. Additionally, the console is user-friendly, with fewer false positives than other solutions.

Crowdstrike Falcon XDR can improve the integration. There are some locks on the cloud to on-premise integrations.

I have been using Crowdstrike Falcon XDR for approximately one year.

Crowdstrike Falcon XDR is a highly stable solution.

Crowdstrike Falcon XDR is scalable for what we use it for. We are using the maximum number of endpoints, which is 1,000.

The support from Crowdstrike Falcon XDR is of a middle level. It is not good and it is not bad.

I rate the support from Crowdstrike Falcon XDR a six out of ten.

Neutral

We were previously using FireEye EDR. We switched to Crowdstrike Falcon XDR because we were facing a lot of issues, such as false positives.

The initial setup of Crowdstrike Falcon XDR is easy. We installed it manually, and it took us approximately one month to complete the implementation of the solution.

I rate the setup of Crowdstrike Falcon XDR an eight out of ten.

We did the implementation of Crowdstrike Falcon XDR in-house. We use two engineers for the maintenance and it is simple. 

We evaluated SentinelOne before choosing Crowdstrike Falcon XDR.

My advice to others is this solution is easy to deploy, and there is no planning required.

I rate Crowdstrike Falcon XDR a nine out of ten.

Our main use case was looking for an endpoint solution that was able to follow our users anywhere. We have over 52,000 employees, and a majority of our people work in various places. Many employees are not in an office every day: They are at a client's sites, some work at home, some are traveling, etc. We really needed something that would give us visibility no matter where and when an employee was working.

It has improved the way that we function by giving visibility to machines that we could not see before. With our previous product, you had to be VPN'd and connected to our network. Now, we can see alerts when people are just working at home. For example, they may have clicked on something that may be malicious, now we can take action and stop things from getting worse at the end of the day with its level of visibility. We have also seen installing CrowdStrike has a lot less resource issues versus what our previous solution had on local machines.

It is very important that our security solutions are cloud-native as continue to grow our company. I have been here for almost three years and we were 40,000 employees then, and we are over 52,000 now three years later. For us, the cloud has been important because we don't have to worry about infrastructure, connectivity, or other things like that to grow our business.

Even as we had to pivot with the pandemic to more employees working from home, we have been able to maintain the same level of security visibility. One of the big concerns for management when the pandemic stated was how we maintain security asking, "What do we have to change for security?" and it was nothing, "Let people go home. Let them work from wherever they need to." We had already taken the remote working ability into our security model. Our security operations did not change anything when employees pivoted from working at client sites (or in offices) to working at home.

As long as the machine is connected to the Internet, and CrowdStrike is running, then it will be on and we will have visibility; no VPNing in or making some type of network connection. CrowdStrike always there and running in the background; for us, that is big. We wanted something that could give us data as long as the machines connected to the Internet and be almost invisible to the employees.

Having this type of security operations gives our management a level of comfort. We know we have ransomware protection and there are automatic actions that will happen to keep those incidents from spreading. As things like SolarWinds or the Microsoft Exchange issues have come out, we have been able to use the CrowdStrike logging to do look backs through the logs that we have been maintaining for over a year to see if there were any indicators of compromise that previously occurred before this was known issue. This has been great for us to be able to report to various management. even if we may have been running a vulnerable version of this for a period of time, e.g., like the SolarWinds software.

The Prevent, EDR, and OverWatch are some of the biggest features for us. They stand out as being useful because:

1. Their high efficacy rate on detecting items.
2. The ability to detect malicious activity and take action with a machine that may not be on our network.
3. Do remediation or automated actions, especially for things like ransomware, where it would automatically stop from running and quarantine the machine.

The introduction of CrowdStrike Overwatch service has reduced security risk. It mines through data by threat hunting. Overwatch has been able to point out things to us that were potentially risky activities going on that probably wouldn't have been detected by our old solution allowing us to take some actions and reduce some risk from that perspective.

They have been able to offer Spotlight and other modules, which is great. They take the information they have and turn it into solutions.

There is so much data in their dashboarding and other stuff like, but there is also still some work to do on, "How do you boil it up to certain higher levels/executives?" There is a lot of good technical detail, but in the position that I sit in, sometimes it is a little hard when I am not in it day in, day out to come to what is the real executive level sorts of things. For example, CrowdStrike shows incidents, but what are the things that I really need to worry about as a CISO at a company? That is the one area for improvement.

Finally, they bought a company that is doing SIEM, which is interesting to me. When I first started with CrowdStrike in my previous organization, four or five years ago, I went to CrowdStrike, and said, "I don't want to have to buy or continue to support our SIEM product. I would rather use you guys. Can I pay you extra money to hold that data and do those things so we can have that functionality? Then, I can get one rid of a solution." At that time, they told me, "No, we're not a SIEM company." I did not like the answer, but I respected it. Now that they bought one, and I am like, "Wow, I guess I was just a few years too early." So, I'm glad to see those sorts of things. I am glad to see them evolving into those areas where I saw it years ago, where they are strong, and displace others.

I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization. Then, I can have less vendors and put more effort into one solution that we really want to operationalize.

I have been using it for two years at this organization. I also used it for about two years when I was at my previous organization. So, I have used it for four years in total. There was a little lull in-between when I came over to this organization as their CISO, because they were on another product and then we ended up switching in 2019 to CrowdStrike.

I have never had an issue with stability at my current organization. At my previous employer, there was one issue with an auto upgrade where it caused some issues, but it was resolved quickly.

CrowdStrike is a vast improvement compared to our previous solution, where we had to spend a lot of time. For example, when the client had to be upgraded, it was a three-to-six-month project with people having to spend dedicated time to roll it out in waves, then deal with issues when a client's machine didn't upgrade correctly. Now, upgrades happen automatically. We turned auto updates on and have never needed to look back. Nobody has to spend any time on it.

I honestly cannot tell you the last time I have heard about a CrowdStrike agent issue causing an outage on a machine or server at the end of the day.

We have had no problems with scalability. CrowdStrike can scale as much as we need them to, they are the ones taking care of all the cloud, hosting, and processing on their end. So, we have never had an issue where we have seen a degradation in alerting timing, etc.

There are probably 10 to 15 people who access CrowdStrike or use its data regularly. It is funny because our IT people will use it to try to look for things that aren't necessarily security sorts of things, for example, "Hey, this isn't working," or, "That isn't loading," because of the level of visibility CrowdStrike has in some of the processing item. We have four or five people on the SOC. There are probably 20 or 30 accounts in there, but for the ones which are used regularly, it is probably about half that amount, like seven to 10.

My experience with the technical support has been great. Part of it is also the level of access that I have at CrowdStrike. I have been on their advisory board since the beginning and a customer. I participated in a panel at one of their last in-person sales kickoff with their CEO. I remember when the company was 200 to 300 employees and there were 1200 or 1300 at their sales kickoff.

For monitoring it, we have an outsourced IT provider (our partner) who has security operation center people. They are the ones who are really responding to the alerts at the end of the day. I think there are four or five people who cover the 24-hour time shifts.

This solution has been not nearly as compute resource heavy as some of our previous solutions. Compared to our previous solution, CrowdStrike is a lot easier to use, easier to get information out of it, and you are getting it in more real-time.

Deploying CrowdStrike's sensors to our endpoints has been fairly easy. You can do tens of thousands of hosts in less than a day. I know of another organization who deployed 60,000 endpoints over a weekend.

Each organization has to look how its IT operations function. We did our deployment in a phased approach, with lower risk systems and servers first. If you had an issue, then you could easily roll it back. Then, we rolled it out into more regions and higher risk things.

We had a desktop management employee pushing it out, then another person in our security operations center validating endpoints numbers. It is really having your support desk know as well as having your people who run endpoint management.

For monitoring it, we have an outsourced IT provider (our partner) who has security operation center people operating the solution 24/5. They are the ones who are really responding to the alerts at the end of the day. I think there are four or five people who cover the 24-hour time shift.

The amount of compute resourcing used on a machine has been significantly less than the previous produce. The biggest ROI is the operational cost reduction. We would have a project manager spend three months to roll out an upgrade of a very heavyweight, security endpoint client. At the end of the day, this could cause a one to two percent error rate where machines would have an issue, then we would need to have a tech spend a lot of time on correcting this versus having automatic updates now that take care of themselves.

You are looking at saving six to seven months of a person's time, collectively, which would have been spent on just doing this one function alone.

Years ago, when we bought CrowdStrike, you got everything it had. I was a little concerned when they broke this out into a la carte modules where you can buy EDR, Spotlight, etc., picking and choosing off the menu. I was a little worried that the solution would get watered down. However, I realized in my previous organization when we had the full suite that there were a bunch of features in it that we didn't have time to operationalize. So, I warmed up to it. I get the whole, "Look, you can pick and choose. Okay, everybody buys a steak, but do you want mashed potatoes, or do you want lobster mac and cheese?" So, you can pick the sides that you want, so you can buy the solution that you want and operationalize versus paying a lot of money and getting a bunch of things, but not using 60 percent of the tools in the box.

There are licensing and maintenance fees.

At my previous company, I did a PoC. The guy who led all the Midwest sales was somebody I knew for around a decade. So, it was, "Hey, I want to try this out because it sounds interesting." So, it was fairly easy. You got the trial. You installed it, then you connected to their cloud portal. That was it. You opened it up to be able to communicate to port 443 outbound, and that was it. It was super easy to get CrowdStrike up and running.

The PoC was important because we were able to test \ and see visibility that we weren't able to before when a system was off-network, just sitting at home, connected on an Internet, and not VPN'd in. It was those sorts of things where, "Look, this is what we can see now that we couldn't see before," as a result of doing that trial.

At my current company, we did not do any type of trial because of past experience. We did test but then just started kind of rolling it out because our other product was just too heavy to continue to operationalize.

In my previous organization had very much the same issue that my current one had. We had an endpoint solution where you didn't get any alerting from the endpoint security if you were off-network. We had salespeople who traveled, and even more people connected via VPNs, which was common. A lot of things were internal, but we were shifting to some cloud-based things. We had the issue where a salesperson connected to the network every once in a while, and we wouldn't see the alerts. By the time we got the alert, it's well past and who knows what has happened. Therefore, I started doing some searching on the Internet and found the company, CrowdStrike. I looked it up and was like, "Oh, a friend of mine, in sales, was there." So, I called him up and said, "Hey, can we talk?" That is where it started.

We continue to look at other solutions such as what Microsoft has to offer. Some of it is part of our licensing and some of it is not. We continue to listen to some of the other players who are out there such as Cylance and SentinelOne. When I first looked for CrowdStrike, there was nobody else in this market space who was doing endpoint security purely from the cloud. Even when I talked to our previous solution provider about the cloud their answer was, "Oh, we can put servers on Amazon." I told them, "No, I don't want to have to manage servers, period. I want the provider to take care of this. We'll pay for that." That was kind of this weird notion for them to be a truly software as a service model. Now, it is common, and everybody is doing this service model.

A number of other solutions have caught up, mainly by copying CrowdStrike’s cloud-first framework model. A lot of them have been catching up from that perspective overall. Now, it has become a little bit of a crowded field and much more of a commodity but CrowdStrike was the industry leader when we were making our decision.

CrowdStrike is currently across all our technology stack, servers, and workstations.

When we did our proof-of-concept testing, our administrators liked that installing it was easy and did not need to reboot the system (and causing an outage). Our administrators also loved that once they did this, they didn’t have to deal with doing client upgrades once or twice a year, where you have to take servers down and reboot them. You install this once, and now you won't have to worry about this ever again. I sold this to administrators as, "You want me to make your life easier? Here is the one thing you need to do." Now, they reap the benefits.

We are looking at the cloud workload options over a course of time, as more technologies shift to cloud and we acquire other companies with more endpoints. From that perspective, we will continue to look at some of the other modules that they have but operationalizing some of modules are not in our risk profile. Some of the modules don't add as much value as they would to some other companies depending on their risk exposures.

We will look into the solution’s Horizon module in the future.

I would rate this solution as a nine out of 10.