IT Central Station is now PeerSpot: Here's why

CrowdStrike Falcon Room for Improvement

Jeffrey-Anderson - PeerSpot reviewer
Security Analyst II at a healthcare company with 10,001+ employees

When we first went to CrowdStrike and purchased it, a lot of my team members all had the same issue: There was too much information. Initially, when the user logged in, they were getting dumped on, like a five-gallon bucket of ice. Trying to sort through it all, you can get lost easily. Until you have really had time in the solution to really digest how to use things, it is information overload. We didn't get that from Palo Alto XDR.

I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup. 

View full review »
Erik Hart - PeerSpot reviewer
Chief Information Security Officer at a real estate/law firm with 10,001+ employees

There is so much data in their dashboarding and other stuff like, but there is also still some work to do on, "How do you boil it up to certain higher levels/executives?" There is a lot of good technical detail, but in the position that I sit in, sometimes it is a little hard when I am not in it day in, day out to come to what is the real executive level sorts of things. For example, CrowdStrike shows incidents, but what are the things that I really need to worry about as a CISO at a company? That is the one area for improvement.

Finally, they bought a company that is doing SIEM, which is interesting to me. When I first started with CrowdStrike in my previous organization, four or five years ago, I went to CrowdStrike, and said, "I don't want to have to buy or continue to support our SIEM product. I would rather use you guys. Can I pay you extra money to hold that data and do those things so we can have that functionality? Then, I can get one rid of a solution." At that time, they told me, "No, we're not a SIEM company." I did not like the answer, but I respected it. Now that they bought one, and I am like, "Wow, I guess I was just a few years too early." So, I'm glad to see those sorts of things. I am glad to see them evolving into those areas where I saw it years ago, where they are strong, and displace others.

I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization. Then, I can have less vendors and put more effort into one solution that we really want to operationalize.

View full review »
Jim McCartney - PeerSpot reviewer
Information Security Analyst at a insurance company with 1,001-5,000 employees

It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful.

View full review »
Buyer's Guide
CrowdStrike Falcon
June 2022
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
608,713 professionals have used our research since 2012.
Michael Getz - PeerSpot reviewer
Enterprise Cybersecurity Architect at Swagelok Company

There is nothing existing today that I would change very much about the solution. Because of the capability of the data that they are ingesting, they have the ability to create tools leveraging that data to enhance the capability of the platform. The possibilities are endless.

View full review »
NormanCyman - PeerSpot reviewer
IT Security Analyst at U.S. Venture, Inc.

I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool. 

View full review »
Mark Krishnan - PeerSpot reviewer
Associate Director - Infrastructure Engineering at AFT

If an operating system is stopped by support by the original vendor like Microsoft, or maybe Apple, within a few weeks, CrowdStrike will also decide they no longer support it, and they kind of move on. I understand their model. However, if we still have the OS, it's hard to keep it protected. So, for example, if Microsoft decides to stop supporting or patching a solution, Crowdstrike too will stop supporting it and making updates. It's still a useable product, it's just not getting updates or patches and therefore may be vulnerable. 

The result is that we can't guarantee we're going to be able to protect that hardware or operating system. We either have to upgrade to a newer platform, which sometimes is not possible because you have a legacy application. Whatever that constraint is, sometimes we're not able to move things. We still have to rely on other products to support that. That's the only quandary I have with them. 

Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about.

When a file is infected or it detects a ransomware file network, when it does remediate, it should self-heal as Sophos does. That's a good feature to have, but I don't know enough pros and cons about that to kind of recommend that because if it is a false positive, that may be a problem. If it detected a valid file and if for some reason it decides, "Oh, this looks like an infection," and maybe it's not actually infected, and if it goes in and remediates it by replacing it with an older file, that may be a problem. However, I don't know, because I've never used that feature or heard anybody say that's a problem.

View full review »
Chief Security Officer at a financial services firm with 201-500 employees

The deployment process is an area that needs to be improved. For some reason, CrowdStrike does not provide any help in terms of how to deploy the agent in a more efficient manner. They just don't provide the support there, which leaves their customers to figure out how to push agents out, either through GPO or through BigFix or through SCCM, and there was no support on that side. Not being able to complete the deployment in an efficient manner is one of the huge weaknesses.

It would be good if they had a feature to remove agents. We're in a transaction processing environment and if CrowdStrike is affecting a transaction processing server, we need to uninstall that agent pretty fast. Right now, the uninstall has to be done manually, which is not great. If we have a dashboard capability to uninstall agents, I think that would be great.

The dashboard seems a little bit too clunky in the sense that it's spread out in so many ways that if you don't log in on a daily basis, you're going to forget where things are. They can do a better job in organizing the dashboard.

View full review »
Adam Shusterman - PeerSpot reviewer
Cyber Security Engineer at a legal firm with 501-1,000 employees

There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it.

View full review »
Dy General Manager at a real estate/law firm with 501-1,000 employees

The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ. 

I'd really like to have a complete solution. Right now most of the incidents happen on our endpoints. It is visible at the endpoint, the end server. If this can have a correlation tool that could actually give us a comprehensive dashboard, that would be useful. It could give us top-down visibility and could be from the firewall or any kind of security protection tool. It could be part of the DNS protection suite. However, that's why it's so important to have better integration capabilities.

If this endpoint is trying to get at this particular website and it is identified as DNS level protection, that also comes to this dashboard. Around 80% to 90% view of whatever it is happening with this endpoint, whatever action it is doing, can be inspected on the dashboard.

 If the endpoint is protected by CrowdStrike. I am only to access this application through a CrowdStrike protected device. 

View full review »
Stephen Hand - PeerSpot reviewer
Director, IT & Systems Security at Tilson Technology Management

The console is a little cluttered and at times, finding what you're looking for is not intuitive. Once you find it, it's great, but it's not always very intuitive as to how to find exactly what you're looking for sometimes.

View full review »
Director of IT at a tech services company with 51-200 employees

It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.

View full review »
Sr. IT Support Executive at a hospitality company with 1,001-5,000 employees

I'm new to the solution. Currently, I'm comparing it to other EDR solutions to see if anything is missing, however, I'm still learning the ins and outs of the product.

It may be due to the fact that I am new, however, I'm having trouble understanding their licensing.

It does take more time to scan than other solutions.

The solution should continue to make the learning curve as short as possible by providing even more training and documentation.

View full review »
Tom Smolinsky - PeerSpot reviewer
Executive Technology Advisor at Vitso

I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it. It's got a pretty good engine to do that on its own but it's one of the things that are important to us, so I'm just trying to increase the time-to-issue identification.

By comparison to buying into the Microsoft suite, it was definitely less costly. CrowdStrike can be costly.

View full review »
Service at Four-U Office Inc

The solution doesn't have a whole lot of email security on offer. We did know that going into the purchase, however. We decided to get a different solution for that aspect of security.

They have a sandbox feature, but it's all they do. They have different grades. There's the Socket Pro and then there's an ADR. Then there's another one where they pretty much watch your system for you. And it's all different. It's all based on the price you want to spend. I wasn't going to drop a large amount of money.

They don't really have anything when it comes to scanning attachments. That would be something I would like.

View full review »
Senior Cyber Security Analyst with 1,001-5,000 employees

Any kind of integration that you want to do, such as using the API to connect to a SIEM, is complex and it will be expensive to do. It is quite a pricey product.

View full review »
Security Systems Analyst at a retailer with 5,001-10,000 employees

This solution lacks basic functionality, such as being able to perform on-demand scanning. This presents a challenge when it comes to the payment card industry, PCI which has that as built-in requirements for the PCI DSS standard.

I would also like to see the endpoint firewall component produce some level of logging and feedback. 

View full review »
Director - IT Security Operations at a manufacturing company with 10,001+ employees

CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it.

View full review »
Chief Technical and Solution Architect Individual Contributor at a tech vendor with 51-200 employees

The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool.

In a future release, the mobile space can use improvement. However, some of those constrained are by Apple and other platforms as to what they can do on the platform. Some of the limitations are industry-based.

View full review »
Dan Brunnquell - PeerSpot reviewer
Director Of Information Technology at a financial services firm with 11-50 employees

CrowdStrike Falcon by itself does not supply in-depth reporting. 

Falcon Protect does what it does. It's endpoint security — nothing more, nothing less. 

What it does, It does well. However, if you need more information on what it found and how it got there (including board reporting and compliance reporting), that's not there. Some of the other solutions that are available give you that, right out of the box.

View full review »
Garnett Kirk - PeerSpot reviewer
Information Security, Sr. Analyst at a wholesaler/distributor with 10,001+ employees

We would like to be able to perform on-demand scanning, rather than relying on the scheduler. Right now, CrowdStrike does not have an on-demand scanner. They have the always-on, but we have found instances where artifacts are being blocked from running, but they're not being removed. With an on-demand scanner, we would have the ability to remove those artifacts from an end user's machine.

I would like to see the multi-site environment functionality added in the next release. Currently, we are working under a single-site environment, and on the roadmap, they mentioned having the ability to have a multi-site environment.

View full review »
Dan Brunnquell - PeerSpot reviewer
Director Of Information Technology at a financial services firm with 11-50 employees

I miss a feature for the USB control that they have as an add-on. I haven't gotten to the point where I want to pay for it, but the features that I miss are available.

The biggest issue with Falcon as a standalone product is it doesn't have very much reporting.
Out of the box, the only weakness is the level of reporting.

All the analytics and the telemetry are there, it's just a matter of getting to it. Other vendors offer some of that stuff right out of the box.

CrowdStrike Falcon has been very low maintenance. There are features on it that I haven't touched yet. I've got a SIEM that I haven't really had time to explore fully. I have a patch management system that does what it does. I have a firewall and IDS that do what they do, and I have an endpoint security system that does what it does.

MSPs keep asking how one person can keep up to the different solutions and alerting, if you don't have any problems, then it's pretty easy to keep up. Everything does what it does.  I don't experience any of the issues that apparently a lot of people have on their network. How can I tell you what to improve if it's doing what it's supposed to do? 

View full review »
Product Manager at a tech vendor with 51-200 employees

I have experience with a product called SentinelOne, which has a feature that allows for the customization of query languages. I would like to see such a feature for CrowdStrike

I want to be able to create independent groups, each managed by its own admin, so I can isolate the group I use for demonstration purposes.

I have heard about CrowdStrike collecting personal information for marketing purposes, but that's not something I was looking for.

View full review »
Chief Information Security Officer at a hospitality company with 5,001-10,000 employees

They need to strengthen the forensic capabilities of this product, for e-discovery.

View full review »
President and CEO at a tech services company with 51-200 employees

The price is too high.

View full review »
Security Officer

An improvement would be to extend support to legacy and unsupported servers. In the next release, CrowdStrike should include patch and vulnerability management, which would allow us to rely on just one solution.

View full review »
Saifuddin Ebrahim - PeerSpot reviewer
Senior System Engineer at a computer software company with 1,001-5,000 employees

The solution overall is a good product, and we don't see too much room for improvement.

Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply.

The solution could use better device control.

View full review »
Chintan-Vyas - PeerSpot reviewer
Associate Director at KPMG

Most organizations are currently looking for a scheduled scan to meet their compliance needs. Other players like Symantec and Trend Micro, FireEye, et cetera, are still providing the signature-based regular scheduled scans also, which is not available in CrowdStrike. That is one parameter that we feel should be there in CrowdStrike. CrowdStrike is only working on the dynamic or the files under execution. CrowdStrike is not scanning the static files.

The product could be more accurate in terms of performance.

We'd like to have a single-click recovery option. With some machines getting corrupted by malware, we need an easy way to start with a blank slate if things happen. That one feature should be there in the EDR.

View full review »
Business Development Manager - Security at a computer software company with 201-500 employees

Setting up and installing CrowdStrike Falcon is not easy, so an area for improvement is for that process to be simplified.

View full review »
Technical Architect at a consultancy with 10,001+ employees

In the six months that I have been using CrowdStrike, it has not been able to detect anything. We have been using Trend Micro and it has detected some malicious activities.

We have CrowdStrike conduct some inner forensic investigations in hopes that it will be more advanced and detect things that may have been missed by Trend Micro.

It would be helpful to have some prebuilt search queries based on the top ten queries in the industry for detection.

View full review »
Sandeep Sehrawat - PeerSpot reviewer
Information Technology Security Consultant at Sify Technologies

CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats.

View full review »
Waleed Omar - PeerSpot reviewer
Cyber Security Specialist at Arab Open University

There could be more flexibility in terms of policy defining and certain features, like USB controls, should come standard with the license. Many CrowdStrike Falcon competitors are cheaper and offer a slew of features in the standard license.

CrowdStrike Falcon is not so flexible. We need a specific admin control or maybe supervised controls to change or modify the settings.

View full review »
Head Of Infrastructure at a insurance company with 201-500 employees

The reporting part is basic. It's not that intuitive and you cannot go further backward in terms of historical information.

The Integration with tools, SOC tools, could be better. 

View full review »
AbhishekBirkett - PeerSpot reviewer
Senior Manager - Enterprise Accounts at Hitachi Systems, Ltd.

In a future release, I would like to see more integrations for data breaches and security features.

View full review »
Thomas Zeulner - PeerSpot reviewer
Chief Information Security Officer at a manufacturing company with 10,001+ employees

The management reporting functionality needs to be improved.

We would like to see more features for vulnerability management included.

View full review »
Consultant at a computer software company with 51-200 employees

On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant.

View full review »
Especialista em Segurança da Informação - DFIR at a financial services firm with 501-1,000 employees

CrowdStrike Falcon could improve if it became an XDR. When we look only to an end-point, we lost the context of the environment. I know it's another line of design of the product. However, if CrowdStrike becomes an XDR, it could be very good.

View full review »
Information Security Officer at a financial services firm with 51-200 employees

In the future release of CrowdStrike Falcon, they should add a sandbox feature.

View full review »
Specialist, Lead Desktop Support at a energy/utilities company with 5,001-10,000 employees

The overall cost of CrowdStrike Falcon could be reduced.

View full review »
Lead Engg. Information Assurance at ACPL Systems Pvt Ltd

CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time.

View full review »

I would like to see equal support across all versions. Aside from that, I would say most of the features are there. 

View full review »
Marcelino Bocanegra - PeerSpot reviewer
Cybersecurity solution architect Individual Contributor at IQSEC SA

There are some areas where some customers would prefer a different service.

View full review »
Analista de segurança de TI at a tech services company with 1-10 employees

The solution could improve by providing more types of reports because it's in the detection span you cannot re-export anything. If it could be exported to a CSV file directly there it would help a lot. I currently need to do this by API to get what I need.

In the next release, it would be beneficial to have a DLP or CASB solution.

View full review »
Akash Jogbond - PeerSpot reviewer
Team Lead at Foresight Software Solutions

This solution could be improved with greater scope for admins to make changes to the solution. Human input and intelligence has little value as the solution is built on artificial intelligence. 

View full review »
Security Analyst at a computer software company with 10,001+ employees

The management of the solution could improve.

View full review »
Junior Security Engineer at Altron

Falcon could be improved with more function on the mobile end of things and better optimization with mobile devices. In the next release, CrowdStrike should include the ability to send logs to SIM tools.

View full review »
Engineering manager at a consultancy with 1,001-5,000 employees

CrowdStrike should add support for ransomware protection.

Additional antivirus functionality should be included. However, this is not a big problem.

View full review »
JavierFernandez - PeerSpot reviewer
Head of IT at Alantra

CrowdStrike Falcon could improve the logs by making them free to the API.

View full review »
Buyer's Guide
CrowdStrike Falcon
June 2022
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
608,713 professionals have used our research since 2012.