The Insight feature is one we found the most useful. It does behavior-based analysis and gives us the most appropriate information.

The initial setup was easy.

It's pretty stable.

The scalability is good.

The most valuable feature is threat remediation. We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur.

CrowdStrike takes care of all of the updates, so we don't even think about it or see it. This is great because we definitely spent a lot of time doing that kind of thing with our previous solution. Now that we haven't had to do it in four months, it's not even something we consider anymore.

We use both the endpoint and cloud workload protection and the detection and prevention it provides are excellent. It's tuned well to the fact that there can be a lot of false positives, so there's not a lot of potential issues that we're getting alerted about that aren't real. This means that when we do get alerts, we know that they're real and they're already being remediated for us.

The CS falcon agent is a lightweight agent compared with other agents of EDR products. Moreover, the following is the list of valuable features which I found very useful:
1 - Lateral Movement  
2 - Overwatch detections
3 - Custom IOC blocking
4 - Suspicious Process and Registry operations
5 - Azure/AWS agent installation and easy integration with SIEM
6 - Triage of the complete incident is well created in the CS dashboard. It helps to show complete details about the incident.
7 - It is an agent-based license not machine-based, so once the machine gets outdated/old, installation of the same agent license in another machine is possible.

I like the herd immunity, their Falcon X version. If another organization somewhere else gets hit by a piece of malware that has not been seen before, we will get that protection in however long it takes them to analyze it and push that detection to everybody else. I find that extremely helpful.

The second most useful feature to me is the intelligence modules.

I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good.

I like that it has a centralized cloud, and all the agents provide visibility on our remote sites. It offers good central management. It can be accessed through external networks.

The management is taken care of. It's a complete solution that's taken care of by CrowdStrike. We don't have to do anything. 

Everything is automatic. I install the sensor and renew the service. Periodically, I get a notice that they've shut something down. It couldn't be less painful, and it couldn't be more reassuring. I never need to do anything with it. I don't tweak it or update it. 

You place a sensor on your computers that requires a very small amount of memory. It's about 39k or so to run the sensor. It's not like other programs that slow down the computer. CrowdStrike is constantly scanning your computer from the cloud and responds in a millisecond when it detects anything. 

The Prevent, EDR, and OverWatch are some of the biggest features for us. They stand out as being useful because:

1. Their high efficacy rate on detecting items.
2. The ability to detect malicious activity and take action with a machine that may not be on our network.
3. Do remediation or automated actions, especially for things like ransomware, where it would automatically stop from running and quarantine the machine.

The introduction of CrowdStrike Overwatch service has reduced security risk. It mines through data by threat hunting. Overwatch has been able to point out things to us that were potentially risky activities going on that probably wouldn't have been detected by our old solution allowing us to take some actions and reduce some risk from that perspective.

They have been able to offer Spotlight and other modules, which is great. They take the information they have and turn it into solutions.

CrowdStrike endpoint detection and response (EDR) is excellent. It blocks the bad stuff without user interaction, allowing us to stay in business. For example, one of our service providers has been down for five days now with ransomware. Also, four of our partners have been down over the past two months with cyberattacks, and we can't do business with our partners.

CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools. 

It's integrated with multiple threat intelligence sources, such as the AbuseIPDB. That integration helps because we can easily cross-check between CrowdStrike and other solutions like an MDR or Azure AD. Hybrid analysis is integrated with CrowdStrike in our environment. There's also sandbox analysis. It's more informative. We perform a routine activity in our test environment where we simulate the process and file.

I like Falcon's threat detection and endpoint investigation features. It's a user-friendly solution. We determine the root cause of an alert and contact the end user via our Slack channel if necessary to gather additional information to determine whether they know about the activity. We can download and investigate the malicious file in the sandbox to see what's happening. We check to see if it has been executed. We can easily delete it in the CrowdStrike console if it hasn't.

It's important for the customer to have surety that all the workstations are protected. 

The anomaly detection is the most valuable feature.

It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff, like look for old versions of applications that maybe you forgot about or find stuff that people are running that maybe you don't want on your network, and it lets you get rid of those. Also, its ability to do on-keyboard remote response and run PowerShell script through the sensor is pretty sick. It's ability to quarantine devices is also pretty great.

CrowdStrike is behavioral-based; therefore, it has a behavioral-based detection method. It's not a signature-based tool. It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints.

They have a service called Overwatch. It's an incident response feature, which CrowdStrike usually provides for most of the customer's premium customers. They will be looking for particular instances. If anything really suspicious or malicious happens, they will inform us. That is one kind of feature that is really great as compared to other tools.

The ransomware protection and behavior-based detection are the best features. 

The solution has effective prevention policies. They help prevent cyber attacks or any other malicious activity.

The real-time response capability supported our incident response efforts. Whenever there is a case of any critical incident or any security breach, at the time of security breach, we can utilize RTR (real-time response) features to know what process is running. Then, we can kill the process. We can get to know, for example, what active connections are. Also, in case of quarantine, if we quarantine a particular machine with CrowdStrike, we still have access to that machine with the real-time response feature. That's quite useful.

The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action.

The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate. Essentially, they're an extension of my team and I like that. We're a small company and we only have a base of approximately 260 employees. As such, we cannot afford to hire skilled security people. So this makes sense for a smaller company like us.

There is a helpful feature to look into the vulnerability of the endpoint, which allows us to see which PCs have been patched and which ones have not. That helps my team to focus on those PCs that require their attention.

The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed.

It is important to us that this cloud-native solution provides us with flexibility and always-on protection because we have a 100% distributed workforce, in place even before COVID. To manage 600 remotely-deployed laptops requires a cloud-managed solution.

We primarily use the Falcon feature. It is very dependable for us. We have done multiple tests against it and thrown everything we could at it. It does seem to pick up quite a bit, if not everything, that we have tested with it. So, we rely heavily on it. Right out-of-the-box, the main Falcon component is the biggest feature that we utilize and rely on.

We are a heavy laptop environment. So, it was nice to know that our users would be protected and we would know what was going on, on the endpoint, regardless of how they were connected. That has been very valuable. This is one of the reasons why we chose to go with this solution.

The fact that this is a cloud-native solution means that we don’t need to worry about updates. They take care of all the back-end and architecture. The only updates that we need to worry about are the sensors themselves. If you set them to auto update, like we do, then you don't even have to worry about that. It definitely frees us up to do more important things. If it wasn't for them doing this, we would need at least a part-time FTE, if not a full-time, to operate and manage CrowdStrike keeping it up-to-date as well as the hygiene. We had half of an FTE assigned to our antivirus prior to CrowdStrike. Now, that is just included in our dailies. It lessens that burden so much that we don't even need a slotted requirement for that. Overall, this solution saves us at least a good 10 hours a week that we would have been using before.

Their threat dashboards are very helpful. For instance, with this zero-day that just came out from Microsoft, they already have a dashboard where you can see the assets in your environment affected or at risk. That is just an added value. 

The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint.

This is unlike any other EDR solution that I am familiar with. It provides very good protection and the ability to crosscheck environments. It's really helpful in investigating any alerts and is easy to use. You can use some of the Splunk language to search. 

The solution is silent and sits on your system as one single agent.

Only one or two MB of memory are consumed which is much less than other products. 

The solution is AI-driven so it self-activates to find issues and provide alerts or notifications rather than running all the time.

The portal is very user-friendly so it is not difficult to manage. 

The solution doesn't require system restarts. That is one disadvantage of Symantec or Kaspersky because they require restarts when you uninstall or reinstall. 

The most valuable features of CrowdStrike Falcon include Falcon Fusion workflows and endpoint detection capabilities.

The most valuable aspects of CrowdStrike Falcon for me are its device observability, identification, and software and OS recognition. It also excels in external media control, particularly USB access. The ability to disable USB access to flash drives significantly improves security.

Furthermore, Falcon helps identify patches needed for Windows, Mac, and other operating systems. This provides valuable reports and insights into our system vulnerabilities, allowing us to proactively address them.

The NGAV portion is the most valuable feature. The primary reason that we went with the product was their reputation. In practice, it has been a definite step up from where we were previously.

We are using Falcon Investigate, which is their EDR tool. The EDR has made it infinitely easier to investigate into more detail on end user workstations and servers. Any sort of detection where I can go back into the EDR tool and dig down deeper into the endpoint is great. This was a function that we did not have previously.

Its integration capability is valuable. It integrates easily with any OS. 

We appreciate Falcon's network visibility feature as it allows us to monitor the evolution of threats on PCs and within the company network. The solution's real-time incident response is notably swift. Initially, we encountered numerous false positives during the project initiation phase. However, we managed to resolve most of them independently or with assistance from CrowdStrike support. Consequently, our security levels were significantly improved, and we elevated all parameters to their maximum. Currently, we seldom encounter false positives. Most of these were low-level alerts, while the high-level alerts were automatically quarantined.

It is especially important to us that CrowdStrike Falcon is a cloud-native solution. We have a directive for cloud-first architecture at this point. Anything that is cloud-native, or has a cloud offering, will always get first billing over something that is on-prem. We are a small security team. Having the ability to have a service or application that is not wholly managed by us, but rather governed and used by us, is the ideal solution.

The flexibility comes from allowing us to do a mass push, if we need to. We would find always-on protection with pretty much any solution. However, the fact that it is in the cloud, that just makes it that much better.

They're very good at what they do. As far as the product is, in its current state, I don't have any complaints at all right now. They do a quarterly review with us, just so they can let us know how many viruses or how much malware they've stopped, etc. Those features are quite good. They also go through the portal step-by-step to describe whatever they improved or tightened up. They will explain everything clearly and in a way that a customer can understand.

They do also ask for feedback, which is nice. They'll ask things like "The last time we changed this, how was your experience?" or "Did you get a lot of false positives?" or "Did you get any complaints?" etc. That's pretty good. Not many companies do that.

The UI is simple and self-explanatory. Everything is easy to understand.

So far, in the past three years, they've been absolutely great. They've been more proactive than the solution we had previously was. They even introduced new products in their line and they came back and told us that they could add that product to our current solution. At first, we added them, then we decided we had sufficient resources in house to manage it ourselves and removed it. They were great about the change. 

They've caught quite a lot of viruses and malware that have been sent through improper links, which is very reassuring. 

They report any network isolation that has been done on certain endpoints if they detect a malicious file or malware on the device that couldn't be cleaned by automation. They isolate it or us. The end-user can contact the service desk and say, "Hey, I'm not able to surf the internet. I can't do anything, so can you help me?" or we're able to look at the endpoint and see "oh, your PC is infected, that's why you aren't allowed on." It's protecting us well.

Even though the users are somewhere else, even when they're not at headquarters, we are able to remediate everything before we put them on the network again. Those network isolations are great when we detect high threat malicious items. Those are valuable tools that we appreciate.

The most valuable features are the complete IPS and IDS. Both the feature provide good measures for threat detection and prevent network intrusions. 

Regarding features, I appreciate its integration capabilities with identity providers, but it would have been better if they had their own identity product. The documentation is well-done in the solution.

The most valuable feature of CrowdStrike Falcon is its accuracy.

I started using EDR, but now they have different offerings relating to theft, security, ID theft security and XPR. Their channel management team is very good and we like working with them.

One of the most valuable features of CrowdStrike Falcon is when there are upgrades there are no additional fees.

Every time that I have deployed it, it was more about Falcon Insight and its EDR protection. Then, the team in the company would be so pleased with the results that there was minimal resistance adding additional stack elements. Prior to their announcement of several new modules last Fall, we had acquired the entire stack. 

Each element of the stack continues to further develop their capability and empowerment of team members. For example, CrowdStrike Falcon Spotlight was an interesting tool to assess vulnerability management, but the capability of that module alone has just continued to develop in a very favorable direction. Also, the discover tool is extremely valuable. 

Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that.

As a cloud-native solution, it provides us with flexibility and always-on protection, which is critically important.

The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that. In my previous experience, when anything was getting scanned, our PCs would become slow. Users would complain about PCs getting slow. This is a positive point of CrowdStrike Falcon.

The solution offers a very low footprint and provides very good protection. 

The resources that it uses are much lower than any other EDR or antivirus solution. The amount of RAM that it uses and the CPU that it uses are much lower than the other antivirus solutions.

It is an easy product to deploy. 

We've found the product to be scalable. 

It is stable and reliable. 

The EDR and XDR features have been most valuable.

I like its detection capabilities, number one. It's also very light. It doesn't slow down my machine.

The solution is stable.

It's quite scalable. 

CrowdStrike Falcon's most valuable features are the lightweight agent which has absolutely zero performance issues. There is no performance deterioration on the laptop on the network. It is a signature-less antivirus and anti-malware solution, it doesn't depend on signatures which better protects the systems.

The solution comes with many competitive modules, such as the Discover Module. It is helpful to us with regard to the application search. For example, which users are using which application, what is the application involved in, how many administrators and local users are there, and do the users have administrator privileges. It can give us a lot of information. Additionally, it can inform us if the user's password has changed. The solution is very useful for administrators and is overall easy to use and manage.

The most valuable feature of CrowdStrike Falcon for me is its unified sensor, applicable across all models. This consistency simplifies operations, and while the analytics and server capabilities are significant, having a single sensor for all models stands out as the key advantage in managing security effectively.

I like the feature called RTC, the remote time connector. It allows us to connect to a computer via the command line and execute commands for various functions and investigations. This eliminates the need for any additional programs. We can launch the connection and its subcommands from a single console.

The containment feature is another valuable tool. It allows us to isolate any machine exhibiting suspicious behavior or facing a detected threat. Once activated, containment immediately severs the machine's network connection and blocks user access.

The solution integrates well with Arctic Wolf. 

Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue.

It's very scalable.

The stability is excellent.

I'm very impressed by its low pricing.

The initial setup was simple, and the deployment was fast.

I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution.

The most valuable feature is that we don't need to re-image machines as much as we had to.

We rely on our environmental security and we haven't had any infections so that's valuable for us. It means we haven't lost any time due to the system being down from ransomware or anything like that, so it's quite positive. 

The feature I like the most is the solution's detection.

The fact that CrowdStrike Falcon is a cloud-native solution provides us with a lot of flexibility and always-on protection. This is very important to us because it enables automatic detection and quarantining of malicious files, and that's one of the features we like most about working with the tool. 

The visibility provided by the solution in multi-cloud environments is excellent; it's one of the best features. 

The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed.

Based on the documentation CrowdStrike provide, the solution provides a number one detection ratio which we like. 

Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution.

CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details.

The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence.

The solution hasn't picked up a virus yet, so I don't know if I'm able to really discuss the most valuable aspect of the solution just yet. It's very new. 

It's not costly, and it's not constantly running, it's only looking for suspicious items when it starts to take action. There's nothing constantly scanning your device, so it's not slowing anything down in that respect. That's what I liked about it the most. 

It's not your traditional antivirus that just sits there constantly scanning your computer for Trojans and malware, etc. This doesn't take any action until it sees something actually going on.

The initial setup is very simple.

The malware protection is the most valuable feature of CrowdStrike Falcon.

The most valuable CrowdStrike Falcon feature is that the user is blocked from the network completely. I think that this is a good solution. We can do a threat analysis of any machine at any time, but that threat analysis is very limited. 

CrowdStrike Falcon's most valuable feature is the fact that it's not getting in the way of our workforce and their workflow.

The detection and response have been excellent overall. We've had no ransomware attacks. 

We found the initial setup to be straightforward. 

The solution is stable. 

Scalability hasn't been an issue for us.

We can protect against the worst level of attacks. We can see everything from the dashboard.

The vulnerability monitoring is great.

It's very easy to set up.

The most valuable features of the solution are the detection and prevention of unwanted applications and malware services.

The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment.

I am very happy with CrowdStrike Falcon because it does not use a lot of resources in the endpoint, it's a lightweight solution. It provides good protection and it is very effective. Additionally, it is easy to integrate, has great features, good capabilities, and the users have a positive experience.

Falcon Protect looks at processes and issues in real-time.

The most valuable feature is the indicator of compromise, which shows you what file was either quarantined or removed. It shows you the malicious files in question, as well as the exact time, the machine, the endpoint, and the host IP address. Everything you need to know is right there in a single dashboard.

Their endpoint is pretty flawless. There is no lag on the machines at all. Even though I have a good overview of all the machines, that's pretty much the most valuable feature of CrowdStrike Falcon. 

The machines are flawless. They don't have any issues. There I don't even recognize the machines which are on endpoints. Even when I go to the console to check these machines, they are working on a very good level, even though the wireless migration should detect those aspects. 

The AI features are pretty good.

They've recently introduced more webinars that make remote learning of the solution very easy. For people such as myself, or even a company looking to develop their skillsets and interested in better understanding the cloud, providing good web courses is really helpful.

The most valuable features of CrowdStrike Falcon are the AI in detecting and real-time detections.

The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product.

The overall user experience is good. As of today, there have been no incidents that we've had to deal with and we've been using it for years. 

The solution has a very good graphical interface. It makes it easy to use. The central monitoring is excellent.

There's almost no maintenance required. It's very low if there's any at all.

The solution is an AI and ML-enabled tool for protecting our endpoints. We're still able to use Symantec as an endpoint as well.

The most valuable features of Crowdstrike Falcon XDR are Spotlight and Discovery, they are helpful. Additionally, the console is user-friendly, with fewer false positives than other solutions.

As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage. 

CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM.

I like that it's cloud-based instead of on-premise.

I noticed that the performance hits on our operating systems are a more minimal than they were on McAfee.

CrowdStrike Falcon offers a comprehensive dashboard that is highly effective in protecting against and blocking external infiltration attempts.

The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution.

It gives you that capability.

I am satisfied with the features that I currently use.

The interface is good, I have no complaints.

Falcon's best feature is its detection and blocking of threats.

I like the detection rates of mobile threats.

The policies allow us to define the level of protection.

The dashboards are good, as well as user management.

The threat intelligence on offer is the solution's most valuable aspect.

The solution is very stable.

The solution can scale easily.

The pricing is very competitive.

The features I like the most are the response time and the dashboard are both excellent.

All the features are beneficial.

The most valuable features in CrowdStrike Falcon are the full EDR with antivirus, hunting, reporting, and RTR remote control.

Because it is security product and acts like an AIML smart product, not merely based on daily/weekly updates and signatures.

Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches.

The detection is very effective.

This solution consistently releases improvements. They have communicated their next two years of development which is powerful and covers all of our needs.

The features we showcase to potential customers are prevention, malware protection, zero-day protection, and application scripting. Vulnerability assessment is another valuable feature.

Most of the entry-level security provisions are based on identification, but CrowdStrike Falcon is a market changer because it does not need any kind of signature to identify or update threats.

All organizations face the big challenge of maintaining and updating their security processes. They need to do the update, but then it doesn't go beyond 90%, so CrowdStrike Falcon moved away from the update requirement, so there won't be a need to upgrade for certain types of technology, or for new technology. Not needing to update means the job of maintaining the updates will be taken off the plate of the IT department, which could mean big relief for the customers.

CrowdStrike Falcon is able to identify threats based on processes, rather than looking at signatures and this is what I like about this solution.

I like that it's easy to use, as expected from any cloud solution. CrowdStrike Falcon is an intelligent solution. It's as good as the top solution in the market.

We haven't seen anybody complaining about CrowdStrike Falcon, and we haven't had any customer using this solution who had been attacked by ransomware, so this is proof of how good this solution is.

It seems to do a pretty good job of protecting the host. Gives good insights when it has a detection. It's pretty incredible.

The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system. What does it usually do, and is it doing anything differently?

The UI is great, and the performance was great. The way it gathers and presents the information was very good and it integrates well with things with a central log aggregator, such as Splunk. You can do more big data analytics that includes security. It seems to be fully featured in all of those areas.

The most valuable feature is its forensics capability.

The threat intelligence is the most valuable feature.

The most valuable feature of CrowdStrike Falcon is its accuracy. That's very important for me. False-positive are very bad for everyone. As we are a financial institution, it's even worse. I like Falcon because it's very accurate.

The integration is very good. We have had no problem integrating the on-premise version with the cloud. We have an environment on-premise and an environment in the cloud. The integration with CrowdStrike is really very easy.

The most valuable feature is that our systems are monitored and we are alerted to any unusual behavior.

I like the Overwatch feature the most. 

Its performance is brilliant. It is a good, lightweight agent. I've seen it do really good things on the endpoints, and there is no problem with its performance.

Cyberattack detection is very good. We use it for detecting different vulnerabilities, such as ransomware, virus, and malware. It is a good product today when compared to Symantec that we used previously.

When something is detected you can log into the GUI and you can get very specific details about what happened. It's very helpful for investigating incidents and this sort of thing.

The most valuable feature is its threat analysis.

Visibility into the endpoint rate. Understanding what processes are running on the system, what registry keys have been enabled. Pretty much understanding the whole frantic side of the endpoint.

The CrowdStrike Falcon dashboard is good, and we haven't had any problems with it.

The detection is very reliable. Also, OverWatch is a great feature.

The EDR feature of CrowdStrike is fantastic. Also, in comparison to other solutions, it can connect remotely, so our security analysts can get into the system directly and do manual analysis as well. 

I also like the overall reports. They are crisp and to the point.

I have found the connection to search the hosts for detections very useful in CrowdStrike Falcon.

I find most of the features to be very generic.

• It can connect to host and isolate it from the network if needed; this feature helps us to investigate the endpoint without visiting the endpoint and then testing. 
• It saves time and helps to contain the threat in less time.
• complete visibility into the endpoint 

At this point what is most valuable is the interface, which is easy to navigate.

I think the automatic alert feature is the most important feature.