CrowdStrike Falcon Cloud Security Reviews

We use it for EDR as well as cloud security posture management. We also use file integrity and vulnerability management.

By implementing CrowdStrike Falcon Cloud Security, we wanted a 360-degree view of the security landscape of our enterprise. We wanted the complete view in one single dashboard, and our requirement was almost met with this solution.

We gained a lot of control and visibility into our cloud infrastructure using CrowdStrike Falcon Cloud Security. Within 30 days of deployment, we started seeing its value.

Cloud security posture management (CSPM) is most valuable.

There should be cloud storage scanning. We would like to have cloud storage vulnerability and threat management on any cloud storage.

I have been using this solution for three years.

It is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

In terms of our environment, we have multiple sites, multiple delivery centers, and multiple clouds. CrowdStrike Falcon Cloud Security is covering all aspects.

We had McAfee, and we replaced McAfee with CrowdStrike because of the features such as EDR. We got multiple security features from a single vendor.

It is deployed on the public cloud. We use AWS and Azure.

Its initial setup was straightforward. Its implementation took about 15 days.

We did the agent installation on a test bed or less critical devices. We monitored the performance, and we monitored the data coming into CrowdStrike from those deployments. Once we were satisfied, we followed a phased approach. Phase by phase, we covered all our resources under the CrowdStrike umbrella.

We implemented it in-house. We had two senior engineers involved.

In terms of maintenance, it does not require any maintenance from our side.

It is worth the money.

Its price is moderate.

I would recommend trying its features, evaluating it, and seeing if it fits your requirements. Only then proceed with the purchase. 

I would rate CrowdStrike Falcon Cloud Security a ten out of ten. It is good.

We use Falcon to protect endpoints, including the on-premise systems and cloud environment. 

CrowdStrike protects us from vulnerabilities and threats while mitigating the risk. The security integration is quite good, but we had a few issues integrating with some of our client's endpoints. They wanted us to monitor some of their medical devices, such as MRIs, in case anyone attempted to attack through them. 

It's easy to gather insights and conduct analysis about existing threats. Threat hunting enables you to track on-prem services, and the real-time response capability improves threat and risk analysis. 

The threat intelligence and user behavioral analysis could be more comprehensive. 

I have used CrowdStrike Falcon for 3 years.

I rate CrowdStrike Falcon 6 out of 10 for stability. 

I rate CrowdStrike Falcon 7 out of 10 for scalability.

I rate CrowdStrike support 8 out of 10. We've had a good experience with them. They're helpful and always respond quickly. 

Positive

I've worked with Microsoft Defender. I'm more familiar with that. 

I don't have hands-on experience with the deployment. My team deployed it. The deployment time varies, and we do it in batches. It involves many tasks, and it can take weeks. After deployment, it requires regular patching. 

You can't get a fixed price for these tools. If you subscribe to something and need to deploy it to another team, the price goes up. It's the same with Microsoft Defender. I'm not responsible for the budget, but I think it's cost-effective for providing detection and response for an entire organization. 

I rate CrowdStrike Falcon Cloud Security 8 out of 10.

Many different types of data flow into our organization from various sources, each serving different purposes and reaching different departments. For security reasons, we've opted for CrowdStrike Falcon, and it has proven to be highly effective. It consistently detects and removes unwanted viruses and miscellaneous threats from our network and systems. Additionally, we've deployed it on our servers, where it continues to provide robust protection against malware.

It's been employed within our organization to detect and respond to threats in our cloud workload. Upon detection of any issues on a machine, we promptly receive notifications or can view details on the portal, confirming which machines are affected. Additionally, it offers a plethora of features such as investigative tools and deep information sandboxing, enhancing our ability to address security concerns effectively.

Cloud-native threat intelligence is invaluable to me. The information provided is easily accessible through a dedicated tab, offering a wealth of valuable insights and recommendations. This includes various implementations and suggestions for enhancing security measures. Additionally, there's the option for sandboxing, which proves useful on occasion.

Our security operations have greatly benefited from the real-time response capabilities. Upon verification, potentially harmful downloads are promptly blocked and removed automatically. We have several dialer configurations, including medium, moderated, high, and low, with automated settings deployed across most machines. For servers, I opt for a moderated configuration, considering the occasional lack of generated signatures when deploying new software.

Our results clearly show the impact on our incident response time. Whenever an incident occurs, we receive comprehensive information promptly. Sometimes, we even receive emails providing updates and recommendations on how to address the situation effectively.

The most significant benefit is how quickly malware and other malicious attacks are detected. I've extensively tested it on my machine and server by simply double-clicking various files. In many cases, the detection is immediate, preventing the file from running and displaying a message indicating that it contains malware. Additionally, when downloading files for testing purposes, especially from third-party sources, CrowdStrike Falcon often detects potential threats instantly and sometimes even removes them automatically.

The only challenge lies in token verification. Generating the token is crucial, and if it doesn't match, it causes problems. However, this issue mainly arises when new users or inexperienced administrators are involved. They may inadvertently remove the token and struggle with the installation process. Initially, there were some challenges with the portal's user-friendliness, particularly when generating reports, but these issues have since been addressed.

I have been using it for four years now.

It's highly stable with no reported issues. I would rate it ten out of ten.

It provides excellent scalability capabilities. I would rate it nine out of ten.

In my previous role at a different company, I managed Symantec Endpoint Protection hosted on local servers rather than in the cloud. We encountered issues related to the HES file and their engines, as they only added virus definitions without making significant changes to their main framework or engine.

The initial setup is straightforward, especially for experienced users who find it easy to handle. However, for newcomers with only a month or two of experience, there might be a learning curve as they familiarize themselves with the process.

Implementing the tool itself poses no issues. I've successfully created the GPO and installed it without any problems.

We've deployed it using two different methods. First, I established a Group Policy Object to deploy it, and second, we utilized Intune. Following deployment, the machines are promptly visible on the portal. However, configuring additional settings is not a one-day task; it requires understanding user requirements and preferences. The complexity of the setup depends on the level of detail and customization desired.

Initially, I deployed the solution on ten testing machines, comprising both servers and local devices. It took approximately two days to configure and fine-tune the setup before finalizing it for deployment across the organization. As the sole manager responsible for both security and system management, I oversaw the entire process. With multiple branches across different locations, totaling eighteen, efficiency was crucial. One notable advantage is the small footprint of the endpoint engine, typically ranging from forty to seventy megabytes, ensuring minimal bandwidth and resource consumption compared to other antivirus solutions. Maintenance is minimal. I typically monitor the machines to ensure they remain active. If a machine has been inactive for more than ten days, it's flagged and moved to a separate section on the portal for review.

We've observed a positive return on investment. Additionally, we utilize Microsoft Defender Endpoint with our Microsoft Elastic 365 license. Despite having multiple options, it's noteworthy that the CrowdStrike Falcon solution often detects threats before Microsoft Defender.

The pricing is reasonable, neither overly expensive nor excessively cheap, making it competitive compared to other market options. The best aspect is that there's a single price for all types of endpoints. There's no need to purchase separate licenses for servers and Windows systems.

I would recommend it, particularly for its robust reporting capabilities, which provide access to a wealth of data. Additionally, the automatic updates feature ensures that the software stays current without requiring manual intervention. This eliminates the need to manually update each machine, as the updates are deployed automatically whenever a new version is available. Overall, I would rate it nine out of ten.

We are a small company using CrowdStrike Falcon Cloud Security for next-generation endpoint security and antivirus protection. We do not have dedicated threat hunters on the platform and primarily use it for endpoint protection.

CrowdStrike Falcon Cloud Security helps us ensure that our endpoints are protected, which was essential for achieving the Cyber Essentials Plus certification. It also allows us to demonstrate to partners that we are diligent about protecting both our data and theirs.

The most effective feature is the machine learning aspect, which detects unauthorized scripts and potential data exfiltration. It provides alerts on suspicious command executions, helping us safeguard our systems.

The user interface needs improvement as it's sometimes difficult to locate specific dashboards or reports. Simplifying the naming of elements in the UI could make it easier and more intuitive for users.

We have been using the solution for about six months.

I recommend CrowdStrike Falcon for companies of all sizes, from small businesses like ours to some of the largest companies in the world.

We do not expect to get a direct ROI. It is an expense we are willing to pay to conform to Cyber Essentials Plus and demonstrate responsibility in protecting our data and that of our partners. It also helps in mitigating third-party risks.

The pricing for CrowdStrike Falcon Cloud Security is reasonable, especially for small companies with limited budgets. It is essential for achieving Cyber Essentials Plus and is cheaper than solutions like Splunk for Next Gen SEAM.

CrowdStrike Falcon Cloud Security is not recommended for highly sensitive data environments, such as government intelligence services, where cloud products might not be suitable.

I'd rate the solution nine out of ten.

I have been using CrowdStrike Falcon Cloud Security extensively for maintaining endpoint security. It is mainly used to protect systems against malicious binaries. In our cloud environment, we use it by deploying agents on our cloud instances operating in AWS and GCP to protect these instances from malicious binaries.

The solution has significantly enhanced our incident response times when dealing with malware or possible malicious file activities. It allows me to log into machines and pull copies of suspected files, eliminating the need to physically obtain the machines for analysis.

The most valuable features are the real-time response, which allows me to log into a machine to pull files and check signatures for malicious activities, and the ability to restrict USB block storage usage on endpoints by policy.

There is room for improvement in the solution's ability to handle Linux systems. It does well for Windows, but it relies on binary scanning for Linux and lacks comprehensive rules for detecting suspicious behavior. I have had to develop my own custom rules in CrowdStrike for Linux.

I have been using this product extensively for about the past four years.

Apart from the recent media attention for causing some instability worldwide, the solution is quite stable and I haven't had any major concerns.

The solution scales very well, with the only limitation being the licensing purchased.

I have used Carbon Black extensively in the past.

The initial setup is mostly straightforward. They provide a simple way to deploy the endpoint, simplifying the installation process for users.

The solution is quite expensive. The pricing fluctuates based on various factors such as company size, and there is room for negotiation, but it is generally expensive enough that most midsize companies find it difficult to afford.

I would advise first-time users to monitor the number of endpoints regularly to ensure they are checking in. Additionally, they should add custom detections for Linux to identify unexpected behaviors, as the default detection for Linux is not very comprehensive.

I'd rate the solution nine out of ten.

I use the solution for protection on the go for end-user computers, identity management, proactive awareness of devices on the network, and statistical collection on the devices.

The solution's most valuable feature is that the solution for IT security is not based on the on-premises solution; it is available on demand. It is lightweight and can be held on a mobile device. The solution has login features like multi factor authentication. The tool facilitates data collection of the equipment on the network, including solutions on whether to remove or keep some computers.

The solution interacts with the domain controller and gives an update on what specifics may be harmful to the environment so that we can tag it to the users before they actually contact the IT team for support.

While it may be able to show the user in the drill zone, it could have a listed column at a higher level. That way, it would help the IT team do targeted interventions rather than having to drill into the details. The tool could give us more templates so that people who are not updated with the platform can easily get acquainted with how to secure and utilize the product more.

The only thing I don't like about the application is when a computer name changes, the CrowdStrike app maintains the two devices. The name or the MAC address was different. I'm unsure if the solution can flush the database based on the similarities in the MAC address.

The solution lists the equipment but maintains the tool name on to something else. If we have renamed the equipment that joined the platform before, we just delete it manually. So, we know which one is now the new name.

I have been using CrowdStrike Falcon Cloud Security for more than two years.

We are confident that the solution should be able to scale well based on the current features and the modular programming that it appears to be doing. The idea of scalability is that it can handle volumes of data requests outside of what our environment is doing. We not only deploy the solution in one domain controller, but what we can see on the domain controller is based on our environment setup. Based on the hybrid point of view, I think the solution is very scalable.

We have around 500 users working with the solution in our environment. In my environment, we're testing to see if we need to increase usage. If not, the other solution would be mobile device management to handle the other exceptions we currently see.

I rate the solution’s scalability an eight out of ten.

When we recently got the licenses, we were told to do something. When we observed that we didn't want to transfer where we were, they did something else to help with the solution. The technical team is not just technical; they're also human in that they're adaptable to customer needs and provide guidance.

Positive

The team was awesome at implementing the tool. When we transferred to the paid version, the technician or engineer from CrowdStrike transferred to the new tenant without redeploying the endpoint, which was awesome for me.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a nine out of ten.

I can't give you a percentage of the return on investment. The solution protects me from the cybersecurity threats, which is very good for me and my team. So, I'm giving you a qualitative response as opposed to a quantitative response.

It's an expensive package but does what it says it will do. Specialists are usually not cheap, so you expect to have a great package. They help you customize it, so I think it is worth it. The solution's pricing is in the same range as FortiEDR's. We paid over five million dollars for our package based on the number of subscriptions and the other add-ons to the package bundle.

The licensing fee we pay for the solution doesn't include managed services because my technical team and I were able to handle the product. It's very easy to maneuver. There's no additional cost for us to use the product outside the bundle we've requested. We ask for the basics, and then we include add-ons for the identity and server management. That will be the only add-ons cost that is manageable.

I rate the solution’s pricing an eight out of ten.

The dashboard gives an overview of the last login for somebody besides you. You know what is going on at a high level since you don't always have to have one operating system or environment. The suggestion and the data dictionary or the look of the threat environment are also helpful because they help us prepare against the threat landscape once it is known.

Based on how the organization is listed, you could classify the equipment according to an organizational unit to identify the component. That is helpful because if you're being attacked, you can see where the entry point comes from based on the response coming from the panel. This response can be emailed to the team.

The solution is deployed on the cloud. Before buying the solution, understand the technology gap so that you can look for the features you need. Any lightweight product that can be accessed on a mobile device on the go or outside the office is a great product for security specialists. The solution offers good availability and multi factor authentication. Some security concerns are built into the tool's security package.

It helps you understand the ecosystem of lurking threats waiting to come to your network or already on it. It is a great product for those who want inventory insight into their network. It gives you a lot of details that you probably wouldn't have captured if you didn't have great inventory management from an IT perspective.

The tool can also help you plan your next product or procurement of equipment to get better feedback on what's going on from your user experience. For me, the solution's statistics insight is great. The dashboard is awesome because you don't have to look for something. It can tell you exactly which computers are online and which haven't come online for a long time.

From a technological point of view, you can call and find out why equipment is not online to make a proactive decision.

I believe AI has always been a part of the package we've been using for a time. The proactive threat hunt based on statistics in the environment is a part of the AI search feature in the portal. From a cybersecurity point of view, if the product can detect a threat lurking in your network, it helps you sleep better at night because you don't have to look for it all the time.

The statistics provided via email or in the CrowdStrike environment point you in a direction so you can do something. If you don't want to do it yourself, the tool can be trained to do it automatically for you if you allow the settings.

Overall, I rate the solution a nine out of ten.

We are using CrowdStrike Falcon for endpoint protection across the organization.

I think the UI could be improved, but the technical support said CrowdStrike will improve the UI in the near future. But right now, it’s so messy.

We have been using it maybe since last year.

It's stable, and we already forgot—it just installed and forgot.

Technical support is quite good. We can just WhatsApp the technical easily.

Positive

This is our first time using CrowdStrike.

It's easy to implement the product and we are already up and running in five minutes.

The pricing is still manageable. I think it's about five or six thousand per year. No additional cost for maintenance or support; it's all included in the quotation.

I don’t know if I need to recommend it. I think the overall solution should be rated a ten out of ten.

We use CrowdStrike Falcon Cloud Security for our client's endpoint security in the manufacturing, banking, and IT industries.   

CrowdStrike Falcon Cloud Security has helped improve our security operations. When facing signatureless attacks, CrowdStrike's EDR solution, which also incorporates SOAR capabilities, can prevent attacks in real-time. The SOAR engine detects malicious activity and suspicious file or transaction behavior on the network. Based on this detection, CrowdStrike proactively prevents these attacks. Additionally, features like Spotlight, a valuable tool for vulnerability management, provide remediation actions. Spotlight identifies the specific patches or knowledge base (KB) articles needed to mitigate these types of attacks.

To experience the full value of CrowdStrike Falcon Cloud Security, we recommend deploying the Falcon Agent on at least 500 systems and monitoring their activity for 15 days to a month. This deployment will provide comprehensive visibility into whether CrowdStrike can detect suspicious activity that might be missed by other third-party antivirus solutions and firewalls.

The CrowdStrike platform boasts a wide range of features while remaining exceptionally lightweight. Compared to traditional antivirus software, its impact on system resources is minimal. In terms of specific figures, CPU utilization typically ranges from one to two percent, while memory usage falls between 12 and 15 MB. This translates to a very small footprint on our system.

CrowdStrike utilizes signatureless technology, eliminating the need for regular signature updates on endpoint systems. It provides protection based on processes and activity behavior observed on the endpoint. The platform collects raw telemetry data from the endpoint and leverages it to proactively offer prevention and EDR capabilities. This approach offers multiple benefits, including eliminating the need for manual scans and providing broader protection against both known and unknown threats.

Due to the time zone difference, we in India experience delays in accessing immediate support for L2 and production-related issues until engineers become available in their respective time zones.

The CrowdStrike dashboard currently lacks a username field. This creates a gap for customers who manage multiple systems under a single username, making it difficult to identify individual systems based on username alone. Adding a dedicated username column to the dashboard would greatly improve its functionality in this regard.

I have been using CrowdStrike Falcon Cloud Security for five years.

I would rate the stability of CrowdStrike Falcon Cloud Security ten out of ten. We have not received any complaints from our multiple customers related to stability.

I would rate the scalability of CrowdStrike Falcon Cloud Security ten out of ten.

While there may be delays due to time zones, the technical support itself is good.

Positive

In collaboration with a security partner, we work with several other OEMs, including Symantec, McAfee, and Trend Micro.

The initial deployment is straightforward.

We utilize several third-party deployment tools for our installations, including Microsoft GPO, SCCM, and solutions offered by other market OEMs. These tools allow us to deploy the CrowdStrike Falcon Agent across all endpoints. Before deployment, we confirm the absence of any existing antivirus software. If the customer is already employing legacy antivirus solutions, we typically configure Falcon prevention policies to operate in "monitor mode." This means Falcon will monitor for threats without actively interfering with the existing antivirus. We refrain from uninstalling the legacy software until it becomes necessary. Once uninstalled, the Falcon prevention mode is switched to "aggressive mode," enabling it to function as the primary antivirus on the endpoint. This approach ensures a smooth transition while safeguarding endpoint security.

I would rate CrowdStrike Falcon Cloud Security ten out of ten.

CrowdStrike Falcon Cloud Security is deployed in multiple locations and departments.

No maintenance is required.

CrowdStrike Falcon Cloud Security offers flexible integration with various third-party security products, including SIEM and proxy solutions. This capability significantly enhances our organization's overall security posture by facilitating seamless integration with existing tools via its robust API functionality.