CrowdStrike Falcon Complete MDR Reviews

This is their XDR/MDR service offering. Basically, we used it as our endpoint EDR software. We also leveraged their MDR services to outsource any SOC duties for threat detection and containment. 

We used it in conjunction with LogicHub to have some SOAR capabilities for specific use cases in our environment, which was very useful. It really reduced time for our analysts to do simple detections or things that are triggered for basic automation rules based on a threat instance. 

We used it as a vulnerability dashboard for endpoint management. We deployed the agent in 95% of our endpoints.

It worked much better as an endpoint management tool, like for vulnerability management to track vulnerabilities. It's more about trust and verification rather than relying on the IT Ops team to give us regular reports on the vulnerabilities on the endpoints. 

We relied on the CrowdStrike system to provide evidence to the IT Ops team for patching things that were not really patched. It really worked well for third-party patch management. It's not labeled for that use. However, it worked really well and really helped our patch management initiative with 24/7 coverage for all our endpoints.

We used the quarantine feature as well a few times. We did a trial for it. 

As an end-point solution, nothing beats it, to be honest.

Their threat intelligence is very good. Their MDR response time and the SLAs they have with their MDR SOC team are very good and responsive. Those two have saved us from breaches a few times in my previous role, so it's proven pretty valuable.

The only thing is you have to pay for it, and it's on the expensive side. That's the one thing with any of these services. It also rates highly on the Gartner scale, so obviously, pricing is a bit high.

Their agent is a bit finicky for Mac devices. It works great once you get it working, however, it is a bit finicky to get it deployed across the board. It's not CrowdStrike's fault for the Mac thing, it's just the way Mac is, even though it's not a big concern. 

Their UI is a bit noisy. They have too many sections and they have too many components. It's hard to get all that data into one dashboard, and Falcon Complete has multiple dashboards. It gets a bit cumbersome, that's the only area I would focus maybe a little bit.

Other than that, we didn't really hit any roadblocks, to be honest.

I used it in my previous role for about three and a half years.

The stability is very good. 

Scaling is very easy. We had over 4,000 systems, and we had them installed in AWS servers. Scalability and installation-wise, it is super easy.

Support has been very good.

Positive

I've also used Sophos, those guys are very similar.

Installation is very easy.

Once it's installed, we have a team of four that can handle maintenance duties. SOC operations and IT operations can handle deployment and maintenance tasks. 

IT Ops helps with the installs and they do some of the installs themselves.

I cannot recall the exact pricing of the solution. 

The pricing is fair for what it is. They do provide good service, and the threat intelligence engine is really awesome. I would rate them 4.5 out of five in terms of affordability.

We are just customers and end-users.

What you have to do with any type of endpoint management solution is look at the effort that's required to deploy any solution. I'd recommend new users do a POC for sure in the beginning. And then, based on the POC, always try to negotiate pricing. Definitely do as long as a POC as you can, proof of concept, and see if the solution meets your environment's needs.

I'd rate the solution a nine out of ten.

We wanted a very high level of endpoint protection and intrusion detection. Based on all the reviews, you have a bunch of products out there to choose from. One differentiator of CrowdStrike is that it's nearly what I would call zero-touch on the workstation. You don't have to worry about upgrades and all that. Then, when something suspicious is detected, the CrowdStrike team investigates that for us. It's part of the service that we purchased from them. Basically, we use the solution for security.

Basically, from an overall management perspective of the devices, you really only install the sensor once, and then you set up policies on the portal to say, okay, we want to stay on the N minus one version of the sensor. If there's an update that's required, the portal pushes it to the workstation. It makes everything very easy and doesn't require any touch.

It's mainly the next-generation antivirus that we are leveraging.

In the traditional antivirus, like McAfee, for example, you'd have to maintain signature files and all that on the workstation. We don't have to do that. On top of that, the footprint on the workstation is nearly zero.

One unique thing that they offer is a breach warranty. We basically have a warranty of up to $100,000 should there be any breach that they're not able to manage.

The downside is that if you are using a device offline, not connected to the internet, you will potentially have exposure. Intrusion detection and endpoint protection is all driven using the internet. You have to be connected. If you're not connected, basically, unlike some antivirus software packages, if you introduce something, let's say through a USB port, and you are not online, you have potential exposure.

I'd like to see a capability where the solution can do offline intrusion detection if needed. For example, if you have offline workstations or devices, then there's new data introduced into the device using, I guess, portable data devices. If there was a way to detect that while the device was not connected, that would be great.

It's not a major concern for us since 100% of the time, our devices are connected to the internet because most of our business applications are using cloud-based applications.

The pricing can look expensive.

We started using the solution in April or May of this year. It's only been a few months. 

It's stable. So far, so good. I've not had any issues around it in terms of impacting usage, et cetera. It's pretty transparent to us.

It's pretty scalable. I've talked to some users from huge companies, Fortune 500 companies, so I know that it's scalable.

We don't really have any users for it. It's pretty much myself and one other person who just monitors the portal, and that's about it. In terms of devices, we have 100 to 150 devices. 

We intend to explore the other capabilities of what the sensor can provide us. However, right now, we're just focused on antivirus and intrusion detection. That's about it. 

The intent is obviously to deploy. Every time we have new devices, et cetera, we just deploy this and go.

Support is pretty transparent for me. We've had probably five or six incidents, and they were minor, however, then those are handled by the CrowdStrike team. 

They would notify me if I needed to take action on my side. So far, they are good. I haven't needed to take any drastic action, like shutting down the device and all that.

We had decentralized solutions. They were mainly workstation-based and was McAfee. We went to a centralized solution so that it can be centrally managed.

The setup is pretty straightforward. We started out with a lot of effort since we didn't have managed devices when we installed it. We didn't have a device management system in place for Windows, so we had to install it at each workstation. 

The deployment probably took us a week. We had to install the sensors manually. However, the installation process is very straightforward. It takes less than five minutes.

In terms of maintenance, it's all maintained on the CrowdStrike side.

We did the initial setup ourselves in-house.

There's potentially really no ROI. It addresses an area of risk. That is all. You're putting the investment in the service as a kind of insurance against cyber attacks, data breaches, et cetera.

We have a subscription. 

The cost, the overall cost of the service, is something that could be improved. If you compare it to other antivirus systems, it'll seem more expensive as there's one piece that people overlook - you have a technical team monitoring for you behind the scenes.

The cost is approximately $35,000 to $40,000 a year. It covers up to 300 devices and 300 Windows or Mac OS devices, and about 150 mobile devices. There are no additional costs beyond the main fee. It's all paid on an annual lease. 

We looked at Microsoft Defender, McAfee, Norton, and two other solutions, however, this one came up on top. The only downside is the overall cost when you compare it to the competition.

We are customers and end-users.

I'm not sure which version of the solution we're using. Typically, we set ourselves to N minus one. We're typically one version behind the most current.

I'd warn potential new users that they have to look at the total cost of ownership. One item that's overlooked is when you get an antivirus or a security product, you will need experts to manage and maintain it. CrowdStrike basically provides you with the software solution and the technical support behind it. If you basically add up all those things, it'll probably be on a total cost basis; it'll be reasonable.

I'd rate the solution nine out of ten.

CrowdStrike Falcon Complete is an XDR solution that we use for our endpoint protection.

We currently don't have a complete CrowdStrike Falcon bundle; instead, we have an enterprise bundle in place. For this bundle, agents are installed on all endpoints, and we define security rules to ensure automated workflows are executed through multiple cells using pre-defined playbooks.

CrowdStrike Falcon's detailed dashboard simplifies the process to respond to and remediate cyber threats.

CrowdStrike Falcon Complete's AI-powered analytics have demonstrated good performance and accuracy in real-world scenarios.

CrowdStrike Falcon has helped reduce the efforts of our SOC team by remediating most of the alerts, directly allowing us to manage things more efficiently.

We realized the benefits of CrowdStrike Falcon Complete within the first year.

CrowdStrike Falcon Complete highlights any endpoint vulnerabilities it detects directly on the dashboard, making it easier for our IT staff to address them and improve our overall security posture.

The overwatch module is the most valuable feature of CrowdStrike Falcon.

CrowdStrike Falcon Complete MDR offers an optional module that might not be cost-effective for all organizations.

I have been using CrowdStrike Falcon Complete for almost two years.

We frequently encounter situations where endpoint agents go offline for unknown reasons, necessitating a service restart on affected machines to restore connectivity.

I would rate the scalability of CrowdStrike Falcon Complete an eight out of ten.

The technical support is good.

Positive

As part of the integration team, I manage the entire transaction process. While the initial deployment presented a challenge due to the need to contact all end users, it was a one-time effort necessary to implement the solution. The deployment itself took four months to complete and required eight people.

We implemented a hybrid work model, allowing employees to work both from home and in the office. As a part of this model, we empowered end users to deploy the agents themselves. We carefully monitored the entire process through a designated dashboard, assigning agents to their respective groups and ensuring timely policy implementations based on individual agent online status. This approach granted us ultimate control over the process.

We used an integrator in the middle of the deployment.

We have seen a return on investment with CrowdStrike Falcon Complete.

CrowdStrike Falcon Complete is expensive.

I would rate CrowdStrike Falcon Complete a nine out of ten.

CrowdStrike Falcon Complete is deployed across our entire organization.

The solution did a good job of preventing ransomware. It is used for behavioral analysis. For instance, if something appears to be suspicious then the solution blocks it.

If someone is using the old Microsoft Office and the system is not updated then CrowdStrike takes action on behalf of the operating system. So it is not only going above the application level but also the operating system level.

The analysis of the investigation of the incident could be easier. Offline scanning can be included in the next release. 

Moreover, Crowdstrike should think about making the price cheaper.

I have been using it for one year.

It is a stable solution.

The solution is scalable. Presently, in the company, there are three hundred users, and in the group, there are one thousand users.

The technical support team is in the middle range and not very good. We have a dedicated team from CrowdStrike working for us; it is called the watch service. 

We also subscribe to EDR Plus watch service. So we have a team from CrowdStrike always monitoring things before it happens.

Previously, I used Carbon Black EDR for three years, and I was a very happy user, but their technical support was not very relevant, so I switched.

The initial setup was straightforward. The deployment took around two weeks. We have only one engineer helping with the deployment.

There has been a Return on Investment. We have been working with two incidents, and the support team was really helpful from their side.

We need to pay a yearly subscription fee, which is expensive compared to others.

Anyone using CrowdStrike should ensure that they have the watch service. Though I do not remember the name of the service, it says Crowdstrike engineers are also monitoring.

I rate the solution a nine out of ten.

We use Crowdstrike for monitoring. The Department of Homeland Security's SOC is managing it, so I like it better than Carbon Black because we don't have to provide any support for it.

Crowdstrike provides us with some peace of mind knowing we're secure.

Crowdstrike has better support than Carbon Black.

Crowdstrike could be cheaper. It's pricier than Carbon Black.

I have used CrowdStrike for nearly a year.

I rate Crowdstrike Falcon Complete eight out of 10 for affordability. 

We started using Crowdstrike and Carbon Black at the same time. We've beend doing a simultaneous test to see which one we like better. 

I rate CrowdStrike Falcon Complete nine out of 10. I deducted one point because of the price, which is the only thing I don't like about it. 

The primary purpose of this solution is to safeguard against malicious software, ransomware, and other unknown security threats.

The solution is excellent; it meets customers' expectations for threat protection and provides an array of credit protection capabilities, features, and functions. As a system integrator, I am helping organizations find the best solutions to protect their environment.

The most valuable feature is AML-based threat detection.

The solution is geared more towards larger organizations, so it can be difficult for organizations with smaller budgets to utilize the solution. The cost has room for improvement.

I have been using the solution for the last four years.

The solution is stable, and while there may be opportunities for further improvements, the solution is well-designed and works well at this time.

The solution is cloud-based, so it offers scalable capabilities without any additional requirements.

CrowdStrike Falcon Complete's technical support is very good; they respond accurately, on time, and in accordance with their Service Level Agreement.

This solution is highly acclaimed for its seamless implementation and ease of use. Deployment is effortless, with simple policy creation and enabling processes. All aspects of this product work together smoothly.

Our clients must always receive technical and partner support when deploying our solution. We provide recommendations and best practices to ensure a successful integration that won't negatively affect existing systems. We can also provide guidance on how our product will interact with preexisting solutions.

CrowdStrike offers solutions with the same functionality for both large enterprises and small to medium organizations with competitive pricing. CrowdStrike is able to provide its customers with a solution that fits within their budget.

I give the solution a ten out of ten.

At my job, I am often working with CrowdStrike, as it is a well-designed solution that works effectively and has been tested by numerous customers. However, I am not limited to just this product and will provide a solution to customers no matter their preferences. I offer suggestions and recommendations to customers and work to meet their needs and terms and conditions.

I believe at times that CrowdStrike is the best option on the market when it comes to MDR. CrowdStrike is a very good solution.

The market provides a lot of capabilities when it comes to product offerings, not just endpoint security. Now, a single solution can offer different types of protection. So, there is no limit to how much a tool can be extended and expanded. It is up to the companies to decide what features and capabilities they want to offer.

We primarily use the solution for antivirus purposes. 

The solution works well and is okay with me. For the most part, I am happy with it. 

The performance is good, and it is stable. We don't have any issues. I find it doesn't impact my work.

It has good security features. 

The solution offers an easy initial setup.

It's scalable. 

We'd like the pricing to be a bit lower in the future. 

I've been using the solution for about six months. 

The solution is stable and reliable. The performance is good. We haven't had any issues. There are no bugs or glitches. It doesn't crash or freeze. 

As a solution that is based in the cloud, it can scale well. It's not a problem at all. 

We have about 1,000 users on the solution right now. 

I'm unsure as to if we have plans to increase usage. 

I've never used technical support and cannot speak to how helpful or responsive they would be. 

We might have previously used Kaspersky.

The initial setup is simple and straightforward. It's not overly complex. I'm not sure how long the deployment took. I wasn't as hands-on with the process. 

You do need to purchase a license in order to use the product. It's not cheap, however, it is not overly expensive. 

I'm an end-user.

I'd rate the solution eight out of ten. 

The main valuable features are feasibility, ease of deployment, and that it's all based in the cloud. I like that it is gradually updated and that the detection rate is higher than that of other endpoint solutions. There are fewer loopholes.

When you enable a particular feature, it takes a long time, from 15 to 30 minutes, to implement in enterprise environments. This can be improved.

It would be nice if additional features were included in the product at no extra cost.

I've been working with this solution for about six months.

I haven't had any issues with stability.

It's scalable. You can use APIs to connect with all of the solutions. For example, you can use APIs to connect to a SIEM environment.

CrowdStrike's technical support is very good, and I would give them a ten out of ten.

Positive

The initial deployment is simple because you get continuous support from the CrowdStrike team, and they are very responsive.

The licensing cost for CrowdStrike Falcon Complete is fair, and I would give it a five out of five. You have to pay per device/user.

CrowdStrike Falcon Complete is a good solution, and we have not had any complaints so far. On a scale from one to ten, I would rate it at eight.