CrowdStrike Falcon Complete MDR Reviews

This is their XDR/MDR service offering. Basically, we used it as our endpoint EDR software. We also leveraged their MDR services to outsource any SOC duties for threat detection and containment. 

We used it in conjunction with LogicHub to have some SOAR capabilities for specific use cases in our environment, which was very useful. It really reduced time for our analysts to do simple detections or things that are triggered for basic automation rules based on a threat instance. 

We used it as a vulnerability dashboard for endpoint management. We deployed the agent in 95% of our endpoints.

It worked much better as an endpoint management tool, like for vulnerability management to track vulnerabilities. It's more about trust and verification rather than relying on the IT Ops team to give us regular reports on the vulnerabilities on the endpoints. 

We relied on the CrowdStrike system to provide evidence to the IT Ops team for patching things that were not really patched. It really worked well for third-party patch management. It's not labeled for that use. However, it worked really well and really helped our patch management initiative with 24/7 coverage for all our endpoints.

We used the quarantine feature as well a few times. We did a trial for it. 

As an end-point solution, nothing beats it, to be honest.

Their threat intelligence is very good. Their MDR response time and the SLAs they have with their MDR SOC team are very good and responsive. Those two have saved us from breaches a few times in my previous role, so it's proven pretty valuable.

The only thing is you have to pay for it, and it's on the expensive side. That's the one thing with any of these services. It also rates highly on the Gartner scale, so obviously, pricing is a bit high.

Their agent is a bit finicky for Mac devices. It works great once you get it working, however, it is a bit finicky to get it deployed across the board. It's not CrowdStrike's fault for the Mac thing, it's just the way Mac is, even though it's not a big concern. 

Their UI is a bit noisy. They have too many sections and they have too many components. It's hard to get all that data into one dashboard, and Falcon Complete has multiple dashboards. It gets a bit cumbersome, that's the only area I would focus maybe a little bit.

Other than that, we didn't really hit any roadblocks, to be honest.

I used it in my previous role for about three and a half years.

The stability is very good. 

Scaling is very easy. We had over 4,000 systems, and we had them installed in AWS servers. Scalability and installation-wise, it is super easy.

Support has been very good.

I've also used Sophos, those guys are very similar.

Installation is very easy.

Once it's installed, we have a team of four that can handle maintenance duties. SOC operations and IT operations can handle deployment and maintenance tasks. 

IT Ops helps with the installs and they do some of the installs themselves.

I cannot recall the exact pricing of the solution. 

The pricing is fair for what it is. They do provide good service, and the threat intelligence engine is really awesome. I would rate them 4.5 out of five in terms of affordability.

We are just customers and end-users.

What you have to do with any type of endpoint management solution is look at the effort that's required to deploy any solution. I'd recommend new users do a POC for sure in the beginning. And then, based on the POC, always try to negotiate pricing. Definitely do as long as a POC as you can, proof of concept, and see if the solution meets your environment's needs.

I'd rate the solution a nine out of ten.

The main valuable features are feasibility, ease of deployment, and that it's all based in the cloud. I like that it is gradually updated and that the detection rate is higher than that of other endpoint solutions. There are fewer loopholes.

When you enable a particular feature, it takes a long time, from 15 to 30 minutes, to implement in enterprise environments. This can be improved.

It would be nice if additional features were included in the product at no extra cost.

I've been working with this solution for about six months.

I haven't had any issues with stability.

It's scalable. You can use APIs to connect with all of the solutions. For example, you can use APIs to connect to a SIEM environment.

CrowdStrike's technical support is very good, and I would give them a ten out of ten.

Positive

The initial deployment is simple because you get continuous support from the CrowdStrike team, and they are very responsive.

The licensing cost for CrowdStrike Falcon Complete is fair, and I would give it a five out of five. You have to pay per device/user.

CrowdStrike Falcon Complete is a good solution, and we have not had any complaints so far. On a scale from one to ten, I would rate it at eight.

It is their MDR. We use CrowdStrike Falcon Complete to manage our security. It is for our endpoint protection.

Our organization sells CrowdStrike. 

Assume there is malware on my computer. Using the hash value, I can determine how many endpoints in my organization have been infected by this malware. 

Using this RTR, I can gain remote access to their machines or endpoints and attempt to close, remove, or delete the process or file entirely.

These features, in my opinion, are extremely important for IT administrators. It lets us now look at users in Mumbai, and I am in Bangalore.

I am not required to use AnyDesk or anything. I can simply log into my Falcon, navigate to that file section, and remove the file without the user even realizing it.

I believe their EDR, services are of high quality. Which is what organizations desire. We can use the EDR to determine how many people attempted to access someone else's laptop. 

It provides us with that insight, we know when someone is attempting to steal data from another laptop. This is also beneficial.

The most valuable feature of this solution is the real-time visibility into what is happening in your endpoint.

Their real-time response is also very good.

Their endpoint solution is excellent. But I would like to see them improve their HDR, as well as their DLP (Data Loss Prevention).

If they improve in these two areas, they will have a really good product that we will enjoy. Otherwise, we will have to include another product for people who want data loss prevention. There will be a cost, which will be expensive, and it will consume significantly more resources on the client's machine.

It would make it easier if everything was together in one center. That is why I looked into Trellix as well as Trend Micro.

In the next release, I would like to see Data Loss Prevention and  Email Security. safety included. 

The majority of these businesses are also beginning to use Chrome OS. I would also like to see support for Chrome OS.

I have been using CrowdStrike Falcon Complete for four or five months.

Because it comes from the cloud, it automatically updates itself.

CrowdStrike Falcon Complete is very stable.

If you look at Trellix, for example, they just arrived and have three, or four centers. But this has only one center, and at its peak, it uses only about six MB of RAM resources.

CrowdStrike Falcon Complete is scalable. If you purchase the pro version, if the customer is dissatisfied with it, he can later upgrade it by adding more modules to it.

We have approximately 50 users in various roles, including sales, directors, and even our technical team, who use this solution.

I'm not aware of any Falcon Complete technical support. But I am aware of the technical support for the other module. It's quite good.

It is online-based support. We do not have that technical support number.

However, technical online support is also fairly responsive. If you file a case, they will respond within two hours.

A technician is assigned, and he or she will be on call until the case is resolved.

I would rate the technical support a four out of five. If they had a toll-free number, I would rate them a five out of five.

Positive

Previously, I did not use another solution, I have always used  CrowdStrike Falcon Complete.

CrowdStrike Falcon Complete, from what I understand, can only be deployed in the cloud and is not available on-premise.

The initial setup is straightforward. You will receive a link, open it, configure the dashboard, and deploy the sensors. That's all.

It took a half hour to deploy the center, the policy configuration, the dashboard, and everything. 

The deployment was done in-house.

If there are only 50 users, two people will suffice. One person is more than enough if he has a deployment tool like Jamf or JumpCloud. He can simply deploy it from where he is.

I am not sure what the licensing fees are. I believe it is paid once a year, but I am not sure. However, it is dependent on the number of users present and the number of licenses purchased. The licenses are sold per user.

I believe that all of these, for example, Trend Micro, Trellix, or any other company that is based on this NGAV technology, are usually based on how many users are in that environment, and how many devices they intend to install the technology on.

I would recommend this solution to others who are interested in using it. If you want a good endpoint security solution, I recommend CrowdStrike. It provides adequate endpoint security.

I would rate CrowdStrike Falcon Complete an eight out of ten.

It lacks disk encryption, data loss prevention, and email security. It does not support Chrome OS. We provide these services, which is why we are looking into Trend Micro and Trellix, both have these options available.

The most valuable feature of Falcon Complete is that it is a full security operations center (SOC) as well as a SIEM solution, and it is fully managed. Their security teams are working 24/7 and analyzing everything happening on all endpoints. They also take care of the instant response, which includes disconnecting endpoints, taking over the endpoints and fixing them, and ransomware protection. All of these things are most valuable because it is very difficult to get all the resources in-house to do all of that yourself. So, if you can leverage the experience of a global corporation with the best reputation in the market, and it is fully managed, that's the best. 

They're incredibly transparent. They give full access to all the information and dashboards that they work off themselves. So, you can look in and investigate any incident you wish. It is incredibly powerful from a compliance point of view because you have evidence that all of this is happening, and you're doing it correctly, and you take it seriously. 

It is already wonderful. The dashboards they have are great, but they can always improve it in terms of general interfaces and searching and presenting the information. Occasionally, navigating it to try to find what you want can be challenging because there is so much information there. It is so rich, and it has everything you could ever want. The challenge with anything like that, and any website, is how to build the user journey so that it is user-friendly, but at the same time, it is incredibly dense with information. It is difficult to achieve that balance between these things. They've done a wonderful job, but everything can be improved. So, it could be even better. If I was to focus on one thing, that's what I'd tell them to focus on. The same is with Azure. There is just so much functionality there. How can you make it easy when it is just so vast? It is a tough one.

It would be good if they fleshed it out a bit more, possibly with additional areas such as security awareness training. They could build that in. They're leveraging the same endpoint base that they have the security software on, but then they could offer a centralized portal or hub whereby someone like me could leverage it to track and put out security awareness training for people on all the common topics. I could have a centralized hub for everyone's results from that training and for the evidence that training occurred. It would be relatively straightforward, but it would add a lot for people in the compliance area. It would be a great expansion. It won't improve the actual technical protection, but it would improve the user protection. Educating the users to be more aware increases security. So, if they branched out into that, it would be a great bonus. If I was speaking to them, that's what I'd tell them to do.

I have been using this solution for a couple of years.

It is super stable. I would rate it a ten out of ten in terms of stability.

It is scalable. It is for endpoint protection. It is a cloud-based platform. So, it can scale to whatever amount of endpoints you want. You can scale it any way you want.

The endpoint deployment is relatively straightforward. The only constraint is licensing. The more you scale, the more you pay. That's it.

We have less than 200 users of this solution.

It is a fully managed service, So, we have 24/7 support. It is not technical support. It is a dedicated team, and they're there to answer any queries or questions. So, no technical support was required because nothing went wrong, but when we have questions, they're incredibly responsive. They get back super quick. I have no complaints at all. I would rate them a five out of five.

Positive

We had another solution previously, and we just replaced it with CrowdStrike. Based on all available information, we just decided it was the best, and we don't regret that. It has been very good.

Its initial setup is simple. It is very well designed.

All our endpoints are managed by mobile device management. We have centralized device management, deployment, and installation with Intune. We can install anything we want on any of the computers with Intune.

It is not cheap, and it is not overpriced. It positions itself in the upper half of pricing in the market. You can find a product that claims to do the same and is super cheap, but it'll be not at all good. You can find something that says it does everything in the world, and it is the best thing since sliced bread, but it would be incredibly expensive. Falcon Complete is neither of those. It is always best to go somewhere in the middle, but it is not in the middle. It is in the upper half. So, it is by no means cheap, but it is worth it. Its pricing is well fixed. Given what you get in return, you wouldn't feel bad paying for it.

They have a great licensing model. You can add extra bells and whistles if you want. There is that ability to reduce the price by turning off certain features if you wish. I wouldn't necessarily recommend it, but they do cater to everyone in that sense. 

We compared it to all other vendors, and then we decided on it because it is the best in class and in the Gartner Magic Quadrant. It is the best in the market. 

I would highly recommend it. So far, my experience has been nothing but positive. 

I would rate it a 10 out of 10. It is in the top five. It ticks all the boxes that I have for it. You got to manage your expectations, and given my expectations, it exceeds my expectations. Now, if you were to ask me what is my expectation for the software next year, I'd want it to be better, but at this exact moment in time, it is doing a fantastic job, and I hope they keep it up and improve. If they don't, then my grade will drop. 

We use CrowdStrike Falcon Complete internally and externally according to the MITRE ATT&CK framework. MITRE ATT&CK describes most of the TTPs and explains them, including the default use cases and deployed policies. Our internal use case for the solution is specifically for internal fraud cases to use in our internal forensics team.

CrowdStrike Falcon Complete has helped in improving my company in terms of achieving strategies and executing frameworks.

What I found most valuable in CrowdStrike Falcon Complete is that it has a lot of monitoring dashboards and use cases, and I saw that it's a very good product, but my company has only tested it, so it's not been used for real use cases. My company hasn't tested the complete license for CrowdStrike Falcon Complete, so the team hasn't checked the open fiber rooms for zero-day attacks, IOAs and IOCs, or any indicators of fraudulent activities.

I was also amazed at the solution and its licensing. My company did a competitive analysis of many EDR solutions, but it went with CrowdStrike Falcon Complete. It's one of the top-rated solutions on CyberRatings as well.

At the moment, nothing is missing in CrowdStrike Falcon Complete. I'm amazed by it. It's perfect and I'm not aware of any other vendors that provide its features, but it would also depend on the configuration and policy management of the solution, for example, I can bring you an EDR solution and configure it badly, so it won't do anything. It also depends on the people, not just the technology you're obtaining, so this is the most important thing to do for all solutions, even for firewalls. You can obtain a firewall and if you permit everyone to go through it, then it's useless.

What could be improved in CrowdStrike Falcon Complete is its management console. Currently, that console is on the cloud, so if the cloud is compromised, then the management console would also be compromised, and that's quite risky.

I've been using CrowdStrike Falcon Complete for six months.

CrowdStrike Falcon Complete is too stable, but I still have to test it in a forensic case before I could comment on the stability of the solution.

We usually follow TMMI, so in terms of the maturity and scalability of CrowdStrike Falcon Complete, it's fine, so far.

Our only experience in terms of contacting the technical support team for CrowdStrike Falcon Complete was during implementation.

Setting up CrowdStrike Falcon Complete was too easy because it's a cloud solution, so it was too easy to implement. There's nothing to do, for example, you just need to install the agent from the PCs on the endpoint.

In terms of the deployment time for CrowdStrike Falcon Complete, the infrastructure team implemented the endpoints which took one week, then there's the tuning of the policies, so overall, the deployment took one month.

There's a third party or a partner either for implementation or support for CrowdStrike Falcon Complete, but my company did it in-house.

We haven't seen ROI from CrowdStrike Falcon Complete because we've just done a POV for the top management and there are limited attacks in our organization. We've done some use cases or POCs on a zero-day attack, changing the binaries, etc., and CrowdStrike Falcon Complete was perfect and detected all of the behaviors, isolated them, and did all the functions we expected it to do.

The pricing for CrowdStrike Falcon Complete is competitive. It's a cheaper solution when you compare it with others, and on a scale of one to five, I'm rating its pricing a four. You also don't need to pay extra for its features. CrowdStrike Falcon Complete is perfect.

My company evaluated another solution that was also top-rated: FireEye (now called Trellix).

CrowdStrike Falcon Complete currently has five thousand users in my company and the roles vary from top management to C-level to endpoint users to high privilege users, so a lot of people and a lot of money.

My company recommends CrowdStrike Falcon Complete for the financial, military, and oil and gas sectors. It's by sector, not by people. All the roads now move toward security and securing the business, and it also depends on the criticality of the assets you own and how you're securing the assets. Whenever or whoever has a critical asset should go for a strong security solution such as CrowdStrike Falcon Complete.

In terms of how extensively the solution is being used in my company, there's no 100% security, so my company is always developing security solutions that can handle new attacks, future attacks, and more sophisticated attacks, so I'm unable to give a percentage of the extent of usage of CrowdStrike Falcon Complete, but if I can just measure this from a governance perspective, it's 80%, specifically from a compliance perspective.

At the moment, I'm unable to give my advice to others looking into implementing CrowdStrike Falcon Complete because I need to use the solution on a real test or real compromise first.

I'm rating CrowdStrike Falcon Complete eight out of ten because of its management console being on the cloud. My company doesn't prefer this setup, even if it has an NDA with the vendor because if the cloud itself was compromised, the management is also compromised, and all users will be isolated, so this isn't good from a risk perspective.

My company is a customer of CrowdStrike Falcon Complete.

We don't use the solution internally, but our clients' use cases are primarily EDR and endpoint protection, with peripheral use cases including web app protection.

CrowsStrike Falcon Complete is a good solid endpoint protection solution; it has a good engine and is on par in terms of efficacy with SentinelOne, and with Microsoft Defender for endpoint protection. 

I prefer to put a pound into the prevention and an ounce into the cure, but CrowdStrike put more focus into the EDR. This works as a business model for them, as they get a lot of customers purchasing their MDR services, usually SMBs lacking the staff to leverage the EDR tool themselves adequately. We have many such customers. I would much rather see more refinement and investment into the prevention side of the equation, though CrowdStrike has a good engine. The solution is as effective as SentinelOne and Windows Defender for Endpoint; it's an excellent endpoint protection solution.

I would like to see more integration capabilities and expansion into vulnerability management. I'd like to see it go beyond that into unified endpoint management, a unified security solution that doesn't just tell me what's wrong; it helps me fix it operationally.

We have been a reseller of the solution since 1989.

The solution is very stable. 

It is a very scalable solution, there is no question about that. 

The technical support is good; it's not bad and not the best.

The setup is relatively complex. Post-setup, the maintenance is light, but deployment is more complicated compared to some competitors, including SentinelOne or Cylance. Falcon Complete requires more tuning.

Once the product is implemented, I would say most of our customers require around a quarter of an FTE for maintenance. 

This product is one of the more expensive ones on the market. 

I'd rate the product an eight out of ten because there's always room for improvement in my mind. There are enough other solutions in the market space that are on par with the features and capabilities of CrowdStrike that bump it down from a nine to an eight. It's a pretty level playing field.

Most of my customers are small to medium size businesses. They don't have the people, the knowledge or the time to spend on complex setups and tuning. Any solution has to be simple out of the gate, easy to understand, and it has to be quick to deploy. Therefore, many of my clients use the implementation and managed services, and I have firsthand experience of some issues that can cause. Companies may hold off on more complicated features or configurations they don't fully understand, sometimes even permanently. This isn't unique to Falcon Complete; there are many solutions with features that are never fully leveraged by some clients. The issue is when the solution is not as effectively deployed and configured as possible because it's not a small investment.

When it comes to this solution, my advice is to shop around. CrowdStrike is an excellent brand with an outstanding reputation, but it's also the most expensive or one of the most expensive solutions. If price is a concern, other solutions can do the same job for you or be just as effective. Falcon Complete has few features that make it a big market differentiator nowadays. It makes sense if you need the product's specific features or have the staff to fully leverage the EDR without paying for the MDR.

What's most valuable about CrowdStrike Falcon Complete as an endpoint security solution is that it provides different features against malware outbreaks. The solution is also cloud-based so it offers flexibility in terms of managing it. It's also easy to deploy the agent and you can deploy it through CrowdStrike, your CloudStrike console, or you can take that agent out and you can use different solutions to deploy it through your group policy, your SSCM, or any asset management tool.

What could be improved in CrowdStrike Falcon Complete is the threat hunting feature and the insights it provides, in particular, the variable analysis feature. Protection against zero-day threats and sandboxing could also be improved in CrowdStrike Falcon Complete. If you compare it with other solutions, it can go head-to-head, but the features I mentioned still need improvement.

CrowdStrike Falcon Complete is a stable solution.

CrowdStrike Falcon Complete is a scalable solution. From the infrastructure and operation side, it's one of the best tools in terms of scalability.

I have not worked directly with the technical support team of CrowdStrike Falcon Complete. My company has a different team that worked directly with the CrowdStrike presale team, and that CrowdStrike team was really good, always supportive, and helpful.

I have no idea on the licensing cost of CrowdStrike Falcon Complete.

I have experience with CrowdStrike Falcon Complete, and I've worked with it recently. I work as a solution architect, so I work with different products, and I can't tell you exactly which version of CrowdStrike Falcon Complete I used.

I manage different customers, so the solution is deployed on various clouds, but mostly on a hybrid cloud, with providers being AWS and GCP.

My advice to anyone looking into implementing CrowdStrike Falcon Complete is to go for it. You should move from the traditional antivirus to the next-gen antivirus. Next-gen antivirus such as CrowdStrike Falcon Complete has malware detection, exploit detection, and endpoint detection and response (EDR) features that you won't find in the traditional antivirus. Signature-based antivirus also fails to detect zero-day attacks as well as crypto locker, ransomware, etc. CrowdStrike Falcon Complete has IOA behavioral protection, and it has an analysis functionality and great reporting capabilities, so you should go for it.

My rating for CrowdStrike Falcon Complete is eight out of ten. Sometimes on remote users as it is release-signed, there's some issue with the agent and some false positives as well. In terms of detection, an antivirus or EDR solution, or any kind of threat protection product, you have to check a few things. One is how good it is when malware is in the pre-execution stage and the post-execution stage. I have done some analysis on CrowdStrike Falcon Complete on seventy-five different parameters and controls, and I concluded that the product is really good. It's not a ten out of ten because I cannot provide a perfect score for any product. Eight out of ten is a good score in my point of view because you'd still feel that other things are missing in the product.

We use CrowdStrike Falcon Complete as an endpoint detection and response solution. We have over 10,000 users of this product. It requires less than 10 staff to deploy and maintain CrowdStrike. We are looking at rolling out more features of the product.

CrowdStrike has improved our meantime to closure on incidents. By enabling us to have more contextual awareness for each of the detections, it provides a much richer and broader scale of intelligence to each of the incidents and detections.

The threat intelligence of CrowdStrike Falcon is the most valuable feature. I also  enjoy their contextual awareness, endpoint detection and response.

The solution could use an on-demand scan feature.

I have been using CrowdStrike Falcon for 18 months.

CrowdStrike Falcon Complete is stable. 

The solution is scalable. We did a proof of concept with CrowdStrike versus others. CrowdStrik lived up to these capabilities.

I have used their technical support, and they are good. I would rate them a four out of five.

Positive

We were using a couple of other solutions before CrowdStrike and decided to move away from them as they weren't as good.

The initial setup of CrowdStrike is fairly straightforward. I would rate the initial setup a four out of five.

We used a professional service, an integrator, to implement the solution. Our organization is complex, so the roll-out took a couple of months.

From what I understand from our network architect, CrowdStrike Falcon is good value for the money required. We receive good service and support. The training is excellent. They offer a number of free classes to train users and analysts. It is a very capable product.

I would rate CrowdStrike Falcon Complete an eight out of ten overall.