CrowdStrike Falcon Reviews

CrowdStrike Falcon is used for incident response.

It is very easy to hunt a threat in the organization. It keeps logs, making it very easy to investigate any kind of incident using CrowdStrike by looking at the processes that are running on a machine. There's more visibility over the endpoint through CrowdStrike.

The ability to remote into other devices for investigation and the way it presents a graphical representation of the detection, like the parent-child process, are valuable features.

The new interface, the UI, seems a bit messy. The previous one was quite clear. It might be because of my adaptation to it. That's what I see as needing improvement.

I have been using CrowdStrike Falcon for more than three years, around three and a half years.

It is quite stable. I would rate it eight or nine out of ten.

I would rate customer service and support a ten. I am very satisfied with the support.

Positive

I have used antiviruses like Symantec before. Compared to all of that, I found CrowdStrike quite striking. Even compared to Defender, I find CrowdStrike more appealing.

On the terms of investigating, I find it's quite easy to investigate an event and have a broader look at the event using CrowdStrike. I would rate the time saved around eight, nine, or even ten out of ten. Compared to Defender, it makes it faster to investigate.

I think the pricing is quite reasonable with the services they provide.

For an incident investigator, it's quite easy to use, and it provides great visibility over the processes.

I'd rate the solution ten out of ten.

We are a CrowdStrike Falcon distributor that helps clients monitor their environments for malicious activity coming from the internet.

Both users and administrators find CrowdStrike Falcon easy to use.

I like the vulnerability assessment and proactive hunting features of CrowdStrike Falcon.

To simplify the budgeting process for our clients, CrowdStrike should consider offering bundled packages that include essential features. The separate model pricing structure can make it challenging for clients to gain approval for their security needs.

CrowdStrike could consider regional pricing models to better reflect the economic realities of different markets.

I have been using CrowdStrike Falcon for 2 years.

CrowdStrike Falcon is stable.

CrowdStrike Falcon is scalable.

We have also used Sophos. CrowdStrike Falcon is a better solution but Sophos is more affordable.

The deployment is straightforward.

The cost of CrowdStrike Falcon in Latin America seems high relative to the economic conditions in the region.

I would rate CrowdStrike Falcon 9 out of 10.

To realize the benefits of CrowdStrike Falcon, it's recommended to conduct a proof of concept first. You should then start to see the advantages within a few months.

No maintenance is required from our end.

To ensure the successful implementation of CrowdStrike Falcon, it's essential to have a complete network map and inventory of all resources and devices.

Our organization relies on CrowdStrike, a standalone endpoint security solution, to safeguard our bare-metal machines. CrowdStrike continuously monitors for threats on all endpoints. If it detects any suspicious activity, such as malware or malicious processes, it immediately alerts us for investigation. 

The malware protection is the most valuable feature of CrowdStrike Falcon.

The current database schema presents challenges and has potential for improvement.

The technical support response time can be improved.

There are a lot of false positives reported.

I have been using CrowdStrike Falcon for almost four years.

CrowdStrike Falcon is stable. 

CrowdStrike Falcon is scalable.

The technical support is good but the response time can be improved.

Positive

We previously used VMware Carbon Black Endpoint. CrowdStrike Falcon is more of an EDR solution.

I would rate CrowdStrike Falcon a seven out of ten.

The maintenance is straightforward.

CrowdStrike Falcon is deployed independently in our environment and we have 30 users.

While CrowdStrike Falcon offers valuable security tools for larger organizations with extensive infrastructure, its complexity might not be ideal for smaller businesses with limited IT resources.

Our primary use case is IPS and IDS.

CrowdStrike Falcon is extensively used by all 2,000 employees.

The most valuable features are the complete IPS and IDS. Both the feature provide good measures for threat detection and prevent network intrusions. 

Forensic controls have room for improvement, and CrowdStrike Falcon can add more features here.

Another improvement could be the support for this product could be cheaper.

I have been using CrowdStrike Falcon for two years. We are using version 6.5.1.

It is a stable solution. I would rate it a nine out of ten.

The scalability of CrowdStrike Falcon is quite good. There are around 2,000 users in our organization. I would rate it an eight out of ten. There are a few things, such as the forensic part and the investigation, that can be improved.

I have worked on many other IDS solutions, but I found CrowdStrike Falcon to be the best.

The setup is pretty straightforward. The deployment took some time because we didn't have an NBM solution. We installed it two years ago. But now it's clear, and we don't need much time to deploy it.

The tech support is good but can be expensive when it goes out of the subscription.

I have seen a good return on investment.

There is a license-based model. We use the yearly license. I would rate pricing a seven out of ten, where one is cheap, and ten is very expensive.

I highly recommend people use CrowdStrike Falcon. Overall, I rate it a nine out of ten.

The solution is primarily utilized for EDR and XDR capabilities, with some identity management features integrated through Falcon. In essence, it is employed like other endpoint protection platforms.

CrowdStrike Falcon no longer stands out compared to other endpoint protection platforms like Carbon Black or Microsoft Defender. Therefore, neither is superior to the other when used in our organization.

Regarding features, I appreciate its integration capabilities with identity providers, but it would have been better if they had their own identity product. The documentation is well-done in the solution.

CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition.

I would like to see CrowdStrike become closer to an agentless solution where I wouldn't have to deploy software and maintain the version of the solution.

I have been using CrowdStrike Falcon for a year. Also, I am using the solution's latest version.

There is no doubt about the stability of the solution. Stability-wise, I rate the solution a ten out of ten.

The solution has been successfully deployed in thousands of enterprises, so it is proven to be scalable. Major customers are using it, indicating that scalability is not a concern.

There are two numbers to reach out to the technical support team. Considering the time taken to reach out to them with a request and get a response, I rate them a ten. Based on the technical skills of the customer support team to solve a problem, I rate them between a six and seven.

Positive

The initial setup process of the solution was straightforward. However, it is important to note that I was only setting up the solution in a POC (Proof of Concept) environment and not in a production one.

That's a difficult question to answer because CrowdStrike Falcon was implemented to replace a previous solution. While it was cheaper than the previous solution, the only initial return on investment was cost savings, as we have not yet developed key performance indicators to measure the security benefits of using CrowdStrike Falcon.

The effectiveness of a solution is not always easily measurable by simply avoiding a hack on a given day. Instead, it often requires analyzing reporting data to determine its environmental impact. This data must then be used to calculate the return on investment and compare it to the cost of ownership. In my experience, the only clear return on investment has been in the initial deployment of the solution. The solution's price has typically been lower than that of previous solutions.

In my opinion, the pricing of CrowdStrike Falcon seems aggressive.

I recommend anyone planning to use CrowdStrike Falcon to ensure that they have an integration team. This is because the solution does not have many built-in features, and it relies on partnership integration with other significant players, such as identity and network vulnerability solutions. Consequently, when deploying CrowdStrike, hiring additional personnel is necessary to comprehend the integration process. If CrowdStrike is ranked number one, then Microsoft is above CrowdStrike due to its fully integrated features. If Microsoft ever got details of incorrect licenses, it would run CrowdStrike out of business. Overall, I rate the product eight point nine out of ten.

We primarily use the product for the security of the endpoints to protect against viruses and malware. It protects our devices from infection. 

The solution offers a very low footprint and provides very good protection. 

The resources that it uses are much lower than any other EDR or antivirus solution. The amount of RAM that it uses and the CPU that it uses are much lower than the other antivirus solutions.

It is an easy product to deploy. 

We've found the product to be scalable. 

It is stable and reliable. 

We can't do scanning audits or device blocking or application control. There are traditional antivirus features missing in XDR, and that is an issue. 

I've been using the solution for 15 months. 

It is a very stable solution. There are no bugs or glitches, and it doesn't crash or freeze. 

We have 55 people currently using the solution. 

This is a scalable product.

We have yet to contact technical support. I can't speak to how their services are. 

We were using another antivirus previously. However, it was heavier. We liked how this solution used much fewer resources and the fact that we didn't need to update our machines. 

The solution is simple to set up and deploy. It's cloud-based, which makes everything easy. It is already configured; you just need to prepare it on the endpoint. 

You can deploy the solution within a day. 

We are a partner and therefore get the solution for free. 

We are Crowdstrike partners. 

I'm not sure which version of the solution I'm using; however, it is likely the latest. 

From the theoretical perspective, it's a good product. They just need more features. You can't just replace an antivirus with it; you first need to ensure it's covering all of your requirements.

I'd rate the product nine out of ten. 

We primarily use the solution for antivirus and endpoint security.

I like its detection capabilities, number one. It's also very light. It doesn't slow down my machine.

The solution is stable.

It's quite scalable. 

The pricing is a bit too high. They need to adjust their target market.

I'd like to see a risk assessment or vulnerability management feature to show the company risk factors for the endpoints that have Crowdstrike deployed. 

I'm not sure if they offer patch management. If they don't, they really should. For larger enterprises, managing all those endpoints and trying to figure out which needs a patch can get tedious.

I've used the solution for a few months. We're still in the initial engagement.

The stability is very good. I can't complain about it. The only concern would be pricing. For this market, it's mostly SMEs and mid-market that we would target, and many would be those looking for antivirus or endpoint security.

The product is scalable. We have about 15 people working on it right now. 

We just went through training and were able to do most things ourselves. We haven't needed technical support.

I'm also working with Bitdefender. 

I switched companies. My previous company was using Crowdstrike and my new one is on Bitdefender. It uses multiple Bitdefender products.

They do have relatively high pricing. 

The target market is large enterprises. Maybe they could work on something that can be offered to even small and medium markets.

I was working for a vendor, and we were sharing pricing with a large enterprise, and it was around $800,000 USD or thereabout.

I was a Crowdstrike partner and was working with the vendor. I've since changed jobs. 

Whether or not it makes sense to use the solution depends on your budget and your pocket. The features are pretty similar to other options. Whether or not it makes sense to use depends on what you're looking for in endpoint security.

I'd rate the solution eight out of ten.

We integrate the data from this solution with ExtraHop, which is an NDR. Being able to move between both platforms and have network-level data and transactions over the network feed into XDR CrowdStrike is really powerful. It helps us make better decisions, it makes better decisions without human intervention, and it hones the analytics a little bit. The EDR aspect of it works almost exactly the same as the regular Falcon product. I will say that it's probably a lot better at scale than what we're using it for. I work at a school district, so for the individual schools, it's nice to see and isolate issues and have reports built by individual school locations rather than just everything looking like a whole hodgepodge of computers.

It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff, like look for old versions of applications that maybe you forgot about or find stuff that people are running that maybe you don't want on your network, and it lets you get rid of those. Also, its ability to do on-keyboard remote response and run PowerShell script through the sensor is pretty sick. It's ability to quarantine devices is also pretty great.

The ability to receive text alerts natively in the console would be kind of cool. Some people put their email on quiet hours, so having it natively in the system would be nice.

I know that they offer an identity piece and a firewall piece and we haven't subscribed to or purchased either of those, but having some of that data in the base program would be good, and then if you want more control, you pay for it. There's times where I want to look at an internet history of a device that's remote, or I want to see logins, successful or unsuccessful. I don't want to manage identity and I don't want CrowdStrike to alert on it, but it would be nice if the ability to see the data was included with the base product. Then that could kind of get your foot in the door with having the ability to look at that information, but not being able to do anything actionable with it.

I have been using this solution for two years. 

The solution has never failed. The only false positives that we get are ones that we test with. I do true and false positive testing every month to make sure stuff is working correctly and the solution picks up on it. 

The solution is very scalable. Our proof of concept was a few devices and now at full scale we have 50,000 devices. It's a cloud console, so if you do the implementation right and the sensor is put on in an automated process, it doesn't matter how many computers you have. It just runs. They have sensors for every kind of device: Macs, Windows, Linux, and I think even Android.

The support is great. They're quick to respond and you see the same names pretty consistently. They probably do it by region or account or something like that, so it's not just a random person every time.

The setup is as complex as you want to make it. They have engineers that help you. We did a proof of concept first and that was pretty seamless. If you want to build out a bunch of dynamic groups and have different policies affect the different groups separately, you can. If you want to purchase a bunch of licenses for integration with different products, they partner with a bunch of different security vendors and you can make it as complex or simple as you want. If you just want NextGen AV, you can just have NextGen AV and it's super simple and the sensor just sits on a computer, but if you have a bunch of data and want it to be really complicated and want to be able to do whatever you want, you can do that too. It's pretty flexible, in that sense.

Getting it off the ground took myself, one CrowdStrike engineer, and we could have done it with one systems engineer, but we had two because one was on the client side for the Windows hosts and one was for enterprise for the data center and servers. We did it with four people, and me and one other guy manage it ourselves.

We pay for Overwatch, which is kind of like a sock where someone that works for CrowdStrike monitors certain aspects of your network, and then they can make notes and quarantine devices for you, and they'll alert you at 2:00 in the morning. It's really great, but it takes two people to manage the alerts after a bit of tuning to make sure that the stuff that is on your network that you want to be there, that's getting picked up by CrowdStrike, is excluded. I get maybe ten alerts a day, but that comes from having good hygiene in other areas. If you're not preventing those alerts or fixing the problems that CrowdStrike is picking up, you're going to have a lot of work to do, but if you use CrowdStrike as a hygiene tool, it's a lot easier to manage.

My advice would be to automate as much of the management as you can. Sensor deployment can be really annoying, but if you figure out how to automate it in your environment, that will make it way easier. That way, as the devices are provisioned, they have the sensor on them and they just pop up into your console. I know some people do it by hand and that's a nightmare.

I would rate this solution as a nine out of ten. It's really good.