CrowdStrike Falcon Complete MDR Reviews

The solution did a good job of preventing ransomware. It is used for behavioral analysis. For instance, if something appears to be suspicious then the solution blocks it.

If someone is using the old Microsoft Office and the system is not updated then CrowdStrike takes action on behalf of the operating system. So it is not only going above the application level but also the operating system level.

The analysis of the investigation of the incident could be easier. Offline scanning can be included in the next release. 

Moreover, Crowdstrike should think about making the price cheaper.

I have been using it for one year.

It is a stable solution.

The solution is scalable. Presently, in the company, there are three hundred users, and in the group, there are one thousand users.

The technical support team is in the middle range and not very good. We have a dedicated team from CrowdStrike working for us; it is called the watch service. 

We also subscribe to EDR Plus watch service. So we have a team from CrowdStrike always monitoring things before it happens.

Previously, I used Carbon Black EDR for three years, and I was a very happy user, but their technical support was not very relevant, so I switched.

The initial setup was straightforward. The deployment took around two weeks. We have only one engineer helping with the deployment.

There has been a Return on Investment. We have been working with two incidents, and the support team was really helpful from their side.

We need to pay a yearly subscription fee, which is expensive compared to others.

Anyone using CrowdStrike should ensure that they have the watch service. Though I do not remember the name of the service, it says Crowdstrike engineers are also monitoring.

I rate the solution a nine out of ten.

The most valuable feature of Falcon Complete is that it is a full security operations center (SOC) as well as a SIEM solution, and it is fully managed. Their security teams are working 24/7 and analyzing everything happening on all endpoints. They also take care of the instant response, which includes disconnecting endpoints, taking over the endpoints and fixing them, and ransomware protection. All of these things are most valuable because it is very difficult to get all the resources in-house to do all of that yourself. So, if you can leverage the experience of a global corporation with the best reputation in the market, and it is fully managed, that's the best. 

They're incredibly transparent. They give full access to all the information and dashboards that they work off themselves. So, you can look in and investigate any incident you wish. It is incredibly powerful from a compliance point of view because you have evidence that all of this is happening, and you're doing it correctly, and you take it seriously. 

It is already wonderful. The dashboards they have are great, but they can always improve it in terms of general interfaces and searching and presenting the information. Occasionally, navigating it to try to find what you want can be challenging because there is so much information there. It is so rich, and it has everything you could ever want. The challenge with anything like that, and any website, is how to build the user journey so that it is user-friendly, but at the same time, it is incredibly dense with information. It is difficult to achieve that balance between these things. They've done a wonderful job, but everything can be improved. So, it could be even better. If I was to focus on one thing, that's what I'd tell them to focus on. The same is with Azure. There is just so much functionality there. How can you make it easy when it is just so vast? It is a tough one.

It would be good if they fleshed it out a bit more, possibly with additional areas such as security awareness training. They could build that in. They're leveraging the same endpoint base that they have the security software on, but then they could offer a centralized portal or hub whereby someone like me could leverage it to track and put out security awareness training for people on all the common topics. I could have a centralized hub for everyone's results from that training and for the evidence that training occurred. It would be relatively straightforward, but it would add a lot for people in the compliance area. It would be a great expansion. It won't improve the actual technical protection, but it would improve the user protection. Educating the users to be more aware increases security. So, if they branched out into that, it would be a great bonus. If I was speaking to them, that's what I'd tell them to do.

I have been using this solution for a couple of years.

It is super stable. I would rate it a ten out of ten in terms of stability.

It is scalable. It is for endpoint protection. It is a cloud-based platform. So, it can scale to whatever amount of endpoints you want. You can scale it any way you want.

The endpoint deployment is relatively straightforward. The only constraint is licensing. The more you scale, the more you pay. That's it.

We have less than 200 users of this solution.

It is a fully managed service, So, we have 24/7 support. It is not technical support. It is a dedicated team, and they're there to answer any queries or questions. So, no technical support was required because nothing went wrong, but when we have questions, they're incredibly responsive. They get back super quick. I have no complaints at all. I would rate them a five out of five.

Positive

We had another solution previously, and we just replaced it with CrowdStrike. Based on all available information, we just decided it was the best, and we don't regret that. It has been very good.

Its initial setup is simple. It is very well designed.

All our endpoints are managed by mobile device management. We have centralized device management, deployment, and installation with Intune. We can install anything we want on any of the computers with Intune.

It is not cheap, and it is not overpriced. It positions itself in the upper half of pricing in the market. You can find a product that claims to do the same and is super cheap, but it'll be not at all good. You can find something that says it does everything in the world, and it is the best thing since sliced bread, but it would be incredibly expensive. Falcon Complete is neither of those. It is always best to go somewhere in the middle, but it is not in the middle. It is in the upper half. So, it is by no means cheap, but it is worth it. Its pricing is well fixed. Given what you get in return, you wouldn't feel bad paying for it.

They have a great licensing model. You can add extra bells and whistles if you want. There is that ability to reduce the price by turning off certain features if you wish. I wouldn't necessarily recommend it, but they do cater to everyone in that sense. 

We compared it to all other vendors, and then we decided on it because it is the best in class and in the Gartner Magic Quadrant. It is the best in the market. 

I would highly recommend it. So far, my experience has been nothing but positive. 

I would rate it a 10 out of 10. It is in the top five. It ticks all the boxes that I have for it. You got to manage your expectations, and given my expectations, it exceeds my expectations. Now, if you were to ask me what is my expectation for the software next year, I'd want it to be better, but at this exact moment in time, it is doing a fantastic job, and I hope they keep it up and improve. If they don't, then my grade will drop. 

There are a lot of useful features. First of all, it gives you complete details regarding any malicious activities. So you can replace the impact date or everything from where the file comes. CrowdStrike gives you the complete details of when a file comes to your network, how it's displayed on the other systems, etc. That's the feature most customers like as of now, and they are generally more interested in EDR solutions.

The only challenge is the price, as of now. It could be the only area of improvement for me. It's a little challenging to convince new customers when it comes to the price.

We've been working with CrowdStrike for almost a year — a premium protection solution. However, we provide our customers with whichever version they require, be it the complete solution, premium protection, or basic antivirus.

I would rate the stability of this solution an eight out of ten.

I would rate the scalability of this solution as a ten because it can be easily scaled up whenever needed. Our integration instance is intended for medium-sized clients, and the number of proactive customers who are currently using this solution is more than 2,000 to 3,000 users.

Our distributors provide excellent technical support, and we have experts in our systems. Generally, we don't require any help from OEMs or distributors because they are certified in cloud sites. But whenever we need any kind of help, the distributor provides quick response and mitigation.

Positive

I would like to rate it eight out of ten. It was easy because everything is in the cloud, so you don't have to go through on-premises installation or anything. We just need to set up the cloud, and everything will restart and install that way.

Once we received the credentials from CrowdStrike, we had to set up and create policies such as moderate or high protection. All of these technical steps were taken care of by our technical teams, who are well-experienced and handle different projects.

I would rate pricing a five out of ten, where one indicates the low price and ten indicates the high price. Indian customers are price sensitive, and this solution is a little costlier compared to other solutions. However, customers are still willing to pay for it, but they always compare the price with other solutions since India is a price-sensitive market.

It is a little costlier than other solutions. There are no additional costs except for support costs, which are minimal and not an issue.

We're actually a reseller and a system integrator. We're evaluating several endpoint protection solutions for our customers.

In India, many customers are switching to EDR solutions like CrowdStrike. They prefer automated solutions over traditional legacy antivirus and don't want to invest in additional devices.

I always recommend my customers do a Proof of Concept (PoC) because once they go through the product details, features, and performance, we can convert them into CrowdStrike customers. So I always recommend doing the PoC.

We always recommend doing the PoC, which is like a demo. Overall, the solution is an eight out of ten because it's an automated solution, which is a significant improvement over traditional latency antivirus.

With CrowdStrike, the customer can put in data resources and other things which are automated. In traditional solutions, you would have to work on notifications, do lots of research, and collect logs, but in CrowdStrike, you can easily go through the process and get all the details from when the threat hits your system. It's much more convenient and efficient.

I would say it is for endpoint security, malware, antivirus, and advanced threat monitoring.

I would say it secures the edge for customers more than they were before. It makes them more secure.

I think the AI and the analytics around stopping threats as they come in and learning as threats happen is probably the biggest selling feature. 

I think the pricing is a little high. As of recent, their MITRE scores were not as good as in years past. I would like to see them integrate Humio, which is their SOC or their SIM platform. I would like to see them integrate that into a single solution.

I have been working with CrowdStrike Falcon Complete for the past year and a half.

The stability is great.

They are very scalable even large organizations use CrowdStrike Falcon Complete.

I would say it's pretty good for the most part. I would give it an eight out of ten.

Positive

The initial setup is pretty easy. You are given an implementation specialist. Deployment usually takes a couple of weeks for a bigger organization. For a smaller organization, it could take a couple of days. For just the straight endpoint protection product, you are probably looking at eight dollars a month per user. If you're doing the Falcon Complete with monitoring and the SOC, you're probably looking at eighteen or nineteen dollars a month per user.

A lot of them used MacAfee, Silance, or a couple of other solutions. There's more AI and more built into it.

I would rate CrowdStrike Falcon Complete a nine out of ten.

We primarily use the solution for endpoint security. It is a very important aspect of security for us as the threat landscape is growing. There constantly needs to be better monitors of the activity on the endpoints and windows server. That's the main driver behind using this solution.

The AI and the group knowledge base that they get from having multiple clients in the cloud is very useful to us. It helps keep us safe from attacks as it allows them to apply a broader knowledge base to our protection for our company.

The solution doesn't actually scan desktops. They prevent execution and they do a very, very, very good job at that. However, if there is malware, et cetera, on an endpoint, there's not a scan feature to simply remove it. You have to go in and clean the registry and do the other stuff yourself. It would be ideal if there was some sort of scanning functionality built-in.

The logging features aren't robust and the information isn't kept long enough. The active logs are only retained for seven days. It would be better if it was available for, let's say, 30 days. If we were going to do any forensics, we would have the time to execute them.

We have been using the solution for about two years at this point. We plan to use it at least until the end of this year. It hasn't been very long.

We have looked at Carbon Black previously, as well as Cybereason. We were looking for alternatives to Crowdstrike, however, we decided we would keep this solution until the end of the year.

The reason we didn't switch yet is mostly due to time constraints. We had to renew or implement a new solution and it wasn't going to happen in the timeframe we were looking at. Therefore, we had to put it off. 

The Carbon Black is not as advanced as CrowdStrike. Also, Cybereason lags too far behind on Mac OS upgrades. We wouldn't have been able to roll out Cybereason, even though it looks like a very good product, as it didn't support Big Sur and wouldn't for another five or six months, which meant we would have machines that wouldn't be covered

We are a customer and an end-user of the product. We don't have a business relationship of any kind with Crowdstrike.

The solution is deployed from the cloud. We put it on our endpoints, however, the core application is in CrowdStrike's cloud. It's a cloud app.

Overall, I would rate the solution at a seven out of ten.

Comparing CrowdStrike Falcon Complete with Bitdefender, I would say that Bitdefender was comparatively easier to use, deploy and maintain, especially for my technical resources.

CrowdStrike Falcon Complete is the same as any other EDR program. It provided full antivirus protection. Also, it provided a little bit of the ransomware and other protections you would see within the Bitdefender field. The content control wasn't as intuitive and easy to use as Bitdefender.

The most valuable thing in the solution was the analytical AI to detect viruses faster than Bitdefender.

The simplicity of CrowdStrike Falcon Complete's content control and firewall management should be improved. Ransomware protection of the solution needs to be improved.

I have been using CrowdStrike Falcon Complete for six months before switching to Bitdefender, which is easier to maintain.

It's a stable application. It is one of the most stable out of all the other market applications, especially if you're talking about within the EDR platform.

If you don't watch the training videos for CrowdStrike Falcon Complete, it's not as intuitive as Bitdefender.

I have had a very limited experience with the customer support team. So, their response time was far worse than any of the other vendors. So that was probably one of the driving factors and the reason why the adoption process didn't go so well, which is because of their onboarding process, during which they used to take a day to get back to assist you. I would have understood if they had taken a couple of hours to help us, but waiting for a day wasn't acceptable.

I rate the initial setup a four on a scale from one to ten, where one is very difficult.

One can see a return on investment because it does protect one's core environment.

CrowdStrike Falcon Complete is very expensive in comparison to Bitdefender.

CrowdStrike Falcon Complete is probably one of the best software out there if you're looking at it. But if you're on a budget and you want to get something within the same price level, I would look at Bitdefender. Then if I added a worst-case scenario, I would go to Sophos or SentinelOne. In my industry, the cost is a huge variable. Though it's a good product, it's not easy and intuitive. I have to remember that my technical resources to offload my work are in the Philippines. So I need to have something that's very simplistic. I have helped desks in the Philippines, Malaysia, Mexico, and Singapore. When I choose an application, I have to consider the intuitiveness of that application and also the multiple language barriers. So, that is where prospects fail, which is during the adoption process.

I rate the overall solution a seven or eight out of ten.

We use CrowdStrike Falcon Complete internally and externally according to the MITRE ATT&CK framework. MITRE ATT&CK describes most of the TTPs and explains them, including the default use cases and deployed policies. Our internal use case for the solution is specifically for internal fraud cases to use in our internal forensics team.

CrowdStrike Falcon Complete has helped in improving my company in terms of achieving strategies and executing frameworks.

What I found most valuable in CrowdStrike Falcon Complete is that it has a lot of monitoring dashboards and use cases, and I saw that it's a very good product, but my company has only tested it, so it's not been used for real use cases. My company hasn't tested the complete license for CrowdStrike Falcon Complete, so the team hasn't checked the open fiber rooms for zero-day attacks, IOAs and IOCs, or any indicators of fraudulent activities.

I was also amazed at the solution and its licensing. My company did a competitive analysis of many EDR solutions, but it went with CrowdStrike Falcon Complete. It's one of the top-rated solutions on CyberRatings as well.

At the moment, nothing is missing in CrowdStrike Falcon Complete. I'm amazed by it. It's perfect and I'm not aware of any other vendors that provide its features, but it would also depend on the configuration and policy management of the solution, for example, I can bring you an EDR solution and configure it badly, so it won't do anything. It also depends on the people, not just the technology you're obtaining, so this is the most important thing to do for all solutions, even for firewalls. You can obtain a firewall and if you permit everyone to go through it, then it's useless.

What could be improved in CrowdStrike Falcon Complete is its management console. Currently, that console is on the cloud, so if the cloud is compromised, then the management console would also be compromised, and that's quite risky.

I've been using CrowdStrike Falcon Complete for six months.

CrowdStrike Falcon Complete is too stable, but I still have to test it in a forensic case before I could comment on the stability of the solution.

We usually follow TMMI, so in terms of the maturity and scalability of CrowdStrike Falcon Complete, it's fine, so far.

Our only experience in terms of contacting the technical support team for CrowdStrike Falcon Complete was during implementation.

Setting up CrowdStrike Falcon Complete was too easy because it's a cloud solution, so it was too easy to implement. There's nothing to do, for example, you just need to install the agent from the PCs on the endpoint.

In terms of the deployment time for CrowdStrike Falcon Complete, the infrastructure team implemented the endpoints which took one week, then there's the tuning of the policies, so overall, the deployment took one month.

There's a third party or a partner either for implementation or support for CrowdStrike Falcon Complete, but my company did it in-house.

We haven't seen ROI from CrowdStrike Falcon Complete because we've just done a POV for the top management and there are limited attacks in our organization. We've done some use cases or POCs on a zero-day attack, changing the binaries, etc., and CrowdStrike Falcon Complete was perfect and detected all of the behaviors, isolated them, and did all the functions we expected it to do.

The pricing for CrowdStrike Falcon Complete is competitive. It's a cheaper solution when you compare it with others, and on a scale of one to five, I'm rating its pricing a four. You also don't need to pay extra for its features. CrowdStrike Falcon Complete is perfect.

My company evaluated another solution that was also top-rated: FireEye (now called Trellix).

CrowdStrike Falcon Complete currently has five thousand users in my company and the roles vary from top management to C-level to endpoint users to high privilege users, so a lot of people and a lot of money.

My company recommends CrowdStrike Falcon Complete for the financial, military, and oil and gas sectors. It's by sector, not by people. All the roads now move toward security and securing the business, and it also depends on the criticality of the assets you own and how you're securing the assets. Whenever or whoever has a critical asset should go for a strong security solution such as CrowdStrike Falcon Complete.

In terms of how extensively the solution is being used in my company, there's no 100% security, so my company is always developing security solutions that can handle new attacks, future attacks, and more sophisticated attacks, so I'm unable to give a percentage of the extent of usage of CrowdStrike Falcon Complete, but if I can just measure this from a governance perspective, it's 80%, specifically from a compliance perspective.

At the moment, I'm unable to give my advice to others looking into implementing CrowdStrike Falcon Complete because I need to use the solution on a real test or real compromise first.

I'm rating CrowdStrike Falcon Complete eight out of ten because of its management console being on the cloud. My company doesn't prefer this setup, even if it has an NDA with the vendor because if the cloud itself was compromised, the management is also compromised, and all users will be isolated, so this isn't good from a risk perspective.

My company is a customer of CrowdStrike Falcon Complete.

Our primary use case is an ordinary antivirus. We also use it to watch the activity on the machine.

It has good visibility, works well, and it is fast.

It is easy to see what is happening and the reporting is good, although I still don't understand everything. We are still trying to understand all of the information that we receive. When a problem is being investigated, the product does a deep inspection and this is something that we really like. You can see things like which file is connected with which services. The deep inspection is something that we don't have in any other of our other tools.

The central console is good and it is easy to work with.

This product is easy to maintain on a daily basis.

There are some parts of this solution that are too slow. The performance slows down by between 10% and 40%, depending on what type of work the machine is doing. For example, we had to shut down our backup because it was too slow and it started to overlap with other tasks. We did not try to use our SQL database because there was too much of an impact. This is not on the network but on the machine and even a few percentage points difference is significant for us because of the volume of transactions.

 Integration slows down the system a bit.

I would like to have an alternate dashboard view, which is somewhat simpler. The one it presents now is like Splunk, and it is very good, but it would be helpful to have a simpler one that only shows the basics like what you have and what it has found. As it is now, it takes time to get used to it. After a while, it won't be a problem for me or other users in the company. When you're working with a regular antivirus, it is much easier to set up and start using.

We have been working with CrowdStrike Falcon Complete for two months. We are still deploying and integrating it into our environment.

Because we are still in the process of initial integration, it is our partner who is in contact with technical support. We're still waiting for them to answer with respect to one issue, and now after waiting for two weeks, I cannot say that I'm very happy with that. However, given that it is the holiday season, it's pretty understandable.

I expect that it will be complete in January when we are fully operational. During New Year and Christmas, it is a bit of a lazy time for everybody.

We have several solutions in place. We have a firewall, antivirus, and email antivirus systems, and there are still things that pass through. This product is our fourth layer of defense.

The initial setup was straightforward for us because we had assistance. On our own, this would not have been as easy.

We had CrowdStrike partners who assisted us with the implementation. They asked us things like what should be protected and what should not be. It was a lot of work for our partner to complete the deployment.

At approximately €60 per machine, per year, I think that it's a good price point. When you compare this to Windows Defender for Endpoints, the price of that solution is about €50 Euro per month per user.

There are people who spend a lot of time trying to find the right price to sell new products at, so I always think that people know the value of their product and what price they can sell it at.

Every solution has pros and cons. I don't see anything that is more advanced than other solutions, and it's just an ordinary spy product. I have to wait for some time to see how well it works in the real world, but it finds some malware and it finds some things that pass through as normal. 

At this point in time, I can't yet say for the general case whether I would recommend this product. We are still having a problem with the slowness and the impact on the performance of the system. For workstations or servers that do not have a high load on them, I would certainly recommend buying it. In our case, we had to remove it from our backup servers. So, if you're already using a backup, or hosting servers for VMware or Hyper-V, or using a SQL database, then you should consider testing it first. I'm still not sure what will happen in our case.

At this point, I cannot rate it an eight or higher because we still don't have an answer on improving the performance. If ultimately they resolve our problem then I would rate this solution an eight or a nine out of ten.

I would rate this solution a seven out of ten.