CrowdStrike Falcon Reviews

We are using CrowdStrike Falcon for the EDR mainly.

The most valuable features of CrowdStrike Falcon are the AI in detecting and real-time detections.

CrowdStrike Falcon could improve the EDR functionality. Once the functionality of the solution improves, it will be even better in the market and able to compete with Carbon Black.

In a future release, if there were XDR features it would be beneficial.

I have been using CrowdStrike Falcon for approximately two years.

CrowdStrike Falcon is a stable solution. However, you need to good internet connection for functionality.

CrowdStrike Falcon is scalable. We have below 1,000 endpoints and it scales well.

We have approximately 700 to 800 people using the solution. Additionally, we have approximately 150 servers running with 815 clients.

We used the support at the initial stages of deployment and the support was good. I became familiar with the tool quickly and did not need their support anymore.

The initial setup of CrowdStrike Falcon is straightforward. Our deployment was done in a phased approach, we did it first with 200 servers, then 100 at a time after. We did not roll out the solution all at once throughout the company.

We did the deployment of CrowdStrike Falcon in-house. The amount of people needed for the deployment and maintenance of the solution depends on the tools used. We automate the deployment process.

The return on investment for CrowdStrike Falcon is good.

There are three to four licensing models available to choose from for CrowdStrike Falcon. The price of CrowdStrike Falcon depends on the distributor and the reseller partner. The price we received was good.

CrowdStrike Falcon is one of the leading solutions in the market. I would recommend this solution to others.

I rate CrowdStrike Falcon an eight out of ten.

We use the solution for security and in demonstrations to our partners.

The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product.

I have experience with a product called SentinelOne, which has a feature that allows for the customization of query languages. I would like to see such a feature for CrowdStrike. 

I want to be able to create independent groups, each managed by its own admin, so I can isolate the group I use for demonstration purposes.

I have heard about CrowdStrike collecting personal information for marketing purposes, but that's not something I was looking for.

I've been using this solution for about six months.

The stability of the solution varies, several weeks ago I had some difficulties deploying CrowdStrike. It may have been a bug in the latest update, but a few days later this problem was solved. Sometimes there are issues and CrowdStrike deals with them very quickly. 

It amazes me. For instance, we have an end-user with 15,000 users right now and we deployed it in one week. It's a very short time considering other solutions, some of which can take one to two years to deploy completely.

I have contacted customer support four times and they have a very quick response time which is really satisfying. I believe the support team is good.  

Positive

It's pretty straightforward but with Linux if there is a kernel conflict, you may have to change your kernel version and then restart. I can't say with certainty that you won't need to restart during installation. 
It took us 15 minutes to deploy the solution for eight users. 

I personally implemented the product.

In a week

It's an expensive solution but you get a very good product for the price. Since having threat hunters and analysts cost much more than the product itself. Compared to other products, SentinelOne is definitely cheaper and the Microsoft E5 package is probably more expensive. Not many companies are willing to purchase CrowdStrike Falcon in our region due to the cost, but the market is changing. Brand awareness is increasing day by day along with the knowledge of what CrowdStrike is capable of by users and user candidates.
This solution, as well as other EDR tools, are selling slowly in our region but this will speed up in the near future. Some companies are already asking for an MSSP version of the product. 

Our end-users and partners want to know which data are going to be collected. Financial institutions need to know what is included in the telemetry data.
As a distributor, in our region it's mandatory for us to implement, as it wouldn't make sense for us to go to partners and end users with other solutions. 

The solution is primarily being used at our endpoint, which includes roaming users with laptops. It is being used in all of our servers at our data center. Our security team can monitor everything centrally using the Falcon dashboard. If there is an incident, our team can actually go to the root cause of the incident to try to solve it there. 

The overall user experience is good. As of today, there have been no incidents that we've had to deal with and we've been using it for years. 

The solution has a very good graphical interface. It makes it easy to use. The central monitoring is excellent.

There's almost no maintenance required. It's very low if there's any at all.

The solution is an AI and ML-enabled tool for protecting our endpoints. We're still able to use Symantec as an endpoint as well.

The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ. 

I'd really like to have a complete solution. Right now most of the incidents happen on our endpoints. It is visible at the endpoint, the end server. If this can have a correlation tool that could actually give us a comprehensive dashboard, that would be useful. It could give us top-down visibility and could be from the firewall or any kind of security protection tool. It could be part of the DNS protection suite. However, that's why it's so important to have better integration capabilities.

If this endpoint is trying to get at this particular website and it is identified as DNS level protection, that also comes to this dashboard. Around 80% to 90% view of whatever it is happening with this endpoint, whatever action it is doing, can be inspected on the dashboard.

 If the endpoint is protected by CrowdStrike. I am only to access this application through a CrowdStrike protected device. 

We have been using CrowdStrike as a tool now for the last three months.

The stability may be too early to judge, as we are still in a POC. However, when we see the product, it is very, very stable.

We didn't go with the Basic version. We went with Superior. Even the insurance companies are also sold on this product. 

We find that the solution is very, very scalable as a tool and it can completely manage and protect the endpoint. It offers around 99.99% of your protection and assurance and can scale up however much you like.

We have implemented it for approximately 200 users as a POC. We are ready to have a contract with CrowdStrike and we will be implementing it for 700 users in the end, so we will scale it from the POC when we begin to officially use it.

Due to the fact that we are still running a POC, we have direct access to the principal on the contract. They have given us a lot of confidence in the product and they are always available alongside the system integrator. We basically have two layers of support.

At this initial stage, if there is any troubleshooting needed, or any type of support is required, the system integrator will provide this to us. If we need to escalate to support for some reason, we have agreed to have CrowdStrike themselves look into any issues.

So far, it's been an effective system and we are satisfied with the level of support we've received.

We were using Symantec products, which were Symantec EndPoint Four and Five. We found that the latest modules needed additional tools to protect us. There were multiple tools needed at various levels. There was complexity in increasing users on this platform. It also took a more traditional approach to security, and we were looking for something more advanced that had advanced AI and ML capability.

We evaluated CrowdStrike and we found it satisfactory in our environment. Therefore, we decided to change to it from Symantec.

The initial setup is very, very straightforward, and very easy to use. So far, we've found it very easy to drill down to the root cause.

This is a new area and product for us, so we decided to start using it as a POC. We started in March, or the end of February, of this year, and we have done a POC for some of our users. We'll be going forward with a full implementation and increasing our usage.

In terms of maintenance, I don't find there's much of a requirement for it. It is very easy to maintain. For monitoring and reporting purpose, we have access to a dashboard. Our security can take a look at everything themselves. We also have team members that are capable of configuring this product. That will help us to reduce the requirement of manpower in the long run.

We had a system integrator partner that assisted us with the POC.

I'm not sure what the exact cost of the solution is.

We're a customer. We don't have a business partnership with this solution.

I'm not sure which version of the solution we're using right now. It is the latest, as far as I know. We're currently running a POC with it.

In today's environment, it's very crucial to protect a company from ransomware, and malware. We focus mainly on avoiding these types of attacks. We're always interested in the latest tools that have the latest techniques and are effective in our environment.  

On top of that. we've noticed during the pandemic, there are even more threats happening. We need to focus most of our energy on the endpoints which are basically connected to an unprotected network.

The focus on the endpoints has to be increased at this point in time to ensure we have maximum protection. We prefer to have a cloud-based product rather than an on-premise-based product to protect our data and our endpoints. Therefore, we may need to move to a cloud-based protection suite. Other companies should also consider this. Whether they choose a product like CrowdStrike, Cortex, or Cylance is up to them.

I'd rate the solution eight out of ten.

We are using Crowdstrike Falcon XDR for security.

The most valuable features of Crowdstrike Falcon XDR are Spotlight and Discovery, they are helpful. Additionally, the console is user-friendly, with fewer false positives than other solutions.

Crowdstrike Falcon XDR can improve the integration. There are some locks on the cloud to on-premise integrations.

I have been using Crowdstrike Falcon XDR for approximately one year.

Crowdstrike Falcon XDR is a highly stable solution.

Crowdstrike Falcon XDR is scalable for what we use it for. We are using the maximum number of endpoints, which is 1,000.

The support from Crowdstrike Falcon XDR is of a middle level. It is not good and it is not bad.

I rate the support from Crowdstrike Falcon XDR a six out of ten.

Neutral

We were previously using FireEye EDR. We switched to Crowdstrike Falcon XDR because we were facing a lot of issues, such as false positives.

The initial setup of Crowdstrike Falcon XDR is easy. We installed it manually, and it took us approximately one month to complete the implementation of the solution.

I rate the setup of Crowdstrike Falcon XDR an eight out of ten.

We did the implementation of Crowdstrike Falcon XDR in-house. We use two engineers for the maintenance and it is simple. 

We evaluated SentinelOne before choosing Crowdstrike Falcon XDR.

My advice to others is this solution is easy to deploy, and there is no planning required.

I rate Crowdstrike Falcon XDR a nine out of ten.

We use CrowdStrike for endpoint protection. 

As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage. 

I would like to see equal support across all versions. Aside from that, I would say most of the features are there. 

We have been working with the solution for six months. 

Yes, CrowdStrike is stable.

The solution is scalable, we have 1900 users. 

We have only required our local support, they have been sufficient for our needs. 

We previously used a Symantec product, but there was no local vendor support so we switched to CrowdStrike Falcon. 

The initial setup is straightforward, we deployed in two to three weeks. 

We implemented the solution through our vendor, they proposed the solution. 

As the solution is a preventative measure, it's hard to say exactly what the ROI is. 

We have a yearly subscription and find the price to be good. I'd give it a rating of four out of five for price, we got a good discount. 

I would rate this solution an eight out of ten. There is still some grey area for us, as we haven't been using the product long enough to give a full evaluation of all the features. 

CrowdStrike Falcon is working on our production servers.

CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM.

In the future release of CrowdStrike Falcon, they should add a sandbox feature.

I have used CrowdStrike Falcon within the past 12 months.

The solution is stable.

CrowdStrike Falcon is scalable. We have approximately 400 servers using this solution.

We have plans to increase the usage of this solution in one or two years.

We used technical support for the implementation of the solution and it was a good experience. They know the products well and they were able to give us all the answers to the questions that we had.

The setup is really easy. The full deployment took two months.

For the deployment of the solution, we used a three-person team and for the maintenance, we use the whole infrastructure team of four people.

The price of CrowdStrike Falcon could be better. It is very expensive, we pay approximately $900 per month for the licenses. There are not any additional fees.

Before choosing CrowdStrike Falcon we evaluated Sophos and Microsoft solutions.

The product is really good, but there is a lot of additional features that you need to have for it to be a complete solution. Be sure that your budget is enough to acquire the complete solution that you need.

I rate CrowdStrike Falcon a ten out of ten.

I like that it's cloud-based instead of on-premise.

I miss a feature for the USB control that they have as an add-on. I haven't gotten to the point where I want to pay for it, but the features that I miss are available.

The biggest issue with Falcon as a standalone product is it doesn't have very much reporting.
Out of the box, the only weakness is the level of reporting.

All the analytics and the telemetry are there, it's just a matter of getting to it. Other vendors offer some of that stuff right out of the box.

CrowdStrike Falcon has been very low maintenance. There are features on it that I haven't touched yet. I've got a SIEM that I haven't really had time to explore fully. I have a patch management system that does what it does. I have a firewall and IDS that do what they do, and I have an endpoint security system that does what it does.

MSPs keep asking how one person can keep up to the different solutions and alerting, if you don't have any problems, then it's pretty easy to keep up. Everything does what it does.  I don't experience any of the issues that apparently a lot of people have on their network. How can I tell you what to improve if it's doing what it's supposed to do? 

I have been using CrowdStrike Falcon since June of 2019. 

The stability is good; we haven't experienced any glitches or bugs.

We're a small company so the scalability is fine for us.

I don't have to talk to their technical support often. When I need help, I contact them by email.  Sometimes it takes a little while to get through to them, but otherwise, when they respond the issue is resolved. Not a real concern. 

We had Vipre business on-premise, the product was being discontinued and I wanted to move away from an on-premise solution.  At the time Vipre did not seem to be quite as mature as other options.  I understand that they have improved quite a bit since I looked at them last.

The initial setup was straightforward. Initial agent deployment took roughly 15 minutes.  SIEM integration required some coordination between vendors, but was relatively uneventful when support teams were involved.

Licensing cost is negotiable. There are no additional costs.

On a scale from one to ten, I would give this solution a rating of nine. I'm sure there's always something that can be improved.

We evaluated Vipre, Carbon Black, and a few others.

There are half a dozen players out there that are the best of the breed. Pick one.

When it came to CrowdStrike versus Carbon Black, configuration and setup were deciding, driving factors. CrowdStrike was much easier to configure, but overall, is it better or worse? I can't make that judgment call.

All I know is what I've been told by other vendors that are trying to get my business. They tell me about issues that I've never encountered with the products that I have. In summary, take what a vendor says about another vendor's product with a grain of salt.

We use it for threat management.

We are now able to pick up more alerts than we were with McAfee. A lot of things were being missed by our security team using McAfee. 

We are happier with CloudStrike's ease of use and touch notification than McAfee's.

I noticed that the performance hits on our operating systems are a more minimal than they were on McAfee.

We have had to open a case with the technical support to get some issues and bugs resolved, but they were resolved relatively quickly.

The scalability has been good so far. We have been using it on-premise and on the cloud. We can move it to a different cloud platform, because it is cloud agnostic.

We just moved over from McAfee to CrowdStrike, which detected a lot of things that McAfee did not. We detected a malicious code on our on-premise system, even though we are migrating our application to the cloud. It was able to detect it right away to send us what the code had tried change and execute. 

Our company decided to make the switch between the two products, and I have seen the value-add since then.

It was pretty easy to set up. We baked it into our subscripts during the start-up process.

Its integration has been pretty seamless.

I would anyone to look at this product based on our company's experience so far.

We have both the on-premise and AWS versions of the product.