Falcon Sandbox is used to quarantine files, scan them, and ensure there are no malicious threats or IOCs related to these files. It provides threat feed to the CrowdStrike endpoint, assisting in detection and response. It is used in the client's environment, where Mahmoud's team implements and supports the product.
It benefits a lot by ensuring every file is clean, significantly reducing the attack surface for the organization. It automates file analysis, reducing manual work and improving security incident response times.
The most valuable features include malware detection, threat rating related to files, studying the metadata of the files, and providing threat feeds to the endpoint.
The product needs integration with SOAR products to add more integration points, which is important for various clients. Additionally, integrating behavior detection alongside IOCs and threat detection would enhance the product.
The solution has been used since the launch of the product, which is almost four years now.
The stability of Falcon Sandbox is rated at eight out of ten.
The scalability of the solution is rated at nine out of ten.
CrowdStrike customer service is very good, especially if you have tiered support like the world tier. They provide timely responses and informative support without delays.
Positive
The initial setup is easy, and it usually takes one day for full integration, including ensuring Threat Intelligence is delivering the right IOCs.
The implementation was handled by our team which included five engineers. One engineer is typically enough to deploy the product.
CrowdStrike is generally considered a bit expensive compared to other vendors. Falcon Sandbox is one of the modules of CrowdStrike, and the overall product's pricing is rated seven out of ten.
Mahmoud recommends CrowdStrike Sandbox as it is one of the best products on the market. However, additional modules are required for effective integration and usage. I'd rate the solution eight out of ten.
