What is our primary use case?
As a security analyst, I primarily focus on creating rules, conducting investigations, and integrating new devices with our CrowdStrike system. After these integrations, I also check the status to ensure everything is functioning properly.
What is most valuable?
For threat detection, CrowdStrike provides queries and searches. If I need to find any IOCs, I would say that is my best option. During a cyber war, once we gather some IOCs, we can ingest them into CrowdStrike. This ensures that if we encounter an attack using those IOCs in the future, we receive alerts, allowing us to investigate further. Also, the detection capability of CrowdStrike is quite real-time. If we enforce a policy preventing users from inserting USBs into the PC and it triggers, it happens in real-time without delay.
What needs improvement?
Currently, users manually input IOCs, and it would be beneficial if IOCs released by major companies were automatically integrated into CrowdStrike. We retrieve files from vendors, which incurs costs. Automating this process could be cost-effective and time-saving.
For how long have I used the solution?
I think I have been using it for around seven and a half years.
What was my experience with deployment of the solution?
There is no maintenance required because I, as a user of CrowdStrike, am part of the security team. I mainly configure new threat detections or explore new dashboards.
What do I think about the stability of the solution?
The stability is quite impressive, and I am enjoying it.
What do I think about the scalability of the solution?
It is stable, and I haven't encountered any issues. It is manageable and comfortable.
Which solution did I use previously and why did I switch?
I am a security analyst, and CrowdStrike is utilized as part of EDR. For websites, other attacks, and banking systems, we have used QRadar, ELK, Sentinel, and some locally built detection systems.
How was the initial setup?
For me, as a security analyst, it doesn't require months or days. Many tasks can be completed in hours. With experience, even critical tasks can be done in minutes.
What about the implementation team?
Whenever our company hires a new employee, they provide him with credentials. He installs the agent and inputs the credentials. The process is entirely console-based.
What was our ROI?
It depends on the size of the company and the tasks we undertake.
What's my experience with pricing, setup cost, and licensing?
I don't have much information about the setup costs, but it was manageable. CrowdStrike offers three or four packages depending on the company's size, and we purchased the most expensive one for better operations.
What other advice do I have?
I would recommend that if you need a quick response against real-time attackers, you should consider purchasing CrowdStrike. Windows Defender doesn't match up, so configuring it on EC2 instances is better for small and large-scale companies as well. Overall rating: nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.