CrowdStrike Falcon Reviews

The product is inherently cloud-based.

Knock on wood. Between our management of the platform and having subscribed to Falcon Overwatch, the managed threat hunting service, I haven't had a concern in six years. I have yet to deploy this product in an environment that has later incurred a breach. I have the utmost confidence that would be very unlikely to occur.

Every time that I have deployed it, it was more about Falcon Insight and its EDR protection. Then, the team in the company would be so pleased with the results that there was minimal resistance adding additional stack elements. Prior to their announcement of several new modules last Fall, we had acquired the entire stack. 

Each element of the stack continues to further develop their capability and empowerment of team members. For example, CrowdStrike Falcon Spotlight was an interesting tool to assess vulnerability management, but the capability of that module alone has just continued to develop in a very favorable direction. Also, the discover tool is extremely valuable. 

Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that.

As a cloud-native solution, it provides us with flexibility and always-on protection, which is critically important.

There is nothing existing today that I would change very much about the solution. Because of the capability of the data that they are ingesting, they have the ability to create tools leveraging that data to enhance the capability of the platform. The possibilities are endless.

I have been using CrowdStrike Falcon for about five and a half years

There are no questions about stability. I continue to see, especially in the last six months, that CrowdStrike is making very purposeful acquisitions to tactically and strategically build upon the platform. Many companies acquire smaller companies to get a fraction of a piece of technology that tends to be an add-on or something that may compliment the core product, but CrowdStrike is making more strategic moves to acquire technology that they can directly integrate into the existing platform to make it even better and more effective.

Updates can be handled one of a number of ways. This is something that has evolved quite a bit since I initially deployed it. Initially, you simply had the option of manually upgrading sensor versions or leaving them to automatically update as soon as a new update was released. Very infrequently, there have been issues with sensor builds. Early last year, they rolled out the ability to automate the sensor revision updates, but do it in a tiered fashion. So, there was an N-1 and an N-2. So, when they release a new version, I step back my releases and deployment of the updates by one version backwards. Then, I have a few early adopters who get the latest sensor build as soon as it is deployed. Provided there are no problems, when the next release happens, the N-1 version will automatically upstep my entire environment without having to put hands on it.

This product does not require any maintenance post-deployment.

We are protecting 5,500 endpoints with this solution. We do have plans to increase usage. Our environment is rather complex in that we have 6,000 core corporate associates and roughly 5,500 endpoints. Then, we have a distributor network globally comprised of about 220 wholly owned subsidiaries who are essentially their own companies, but they are only licensed to resell our products. They kind of have a mix of endpoint protection because it is largely up to them, within their entity, as what they choose to use. We are looking to further wrap our arms around them from a security perspective. We have looked at acquiring CrowdStrike's complete platform, which would be fully managed to deploy to that distributor network, which is about the same size as our corporate environment. So, it would be roughly another 6,000 users. It is a very large, globally-reaching endeavor, and working through the politics and legal aspects of how we will make that come to fruition may take some time. However, that is the plan.

I would give the technical support 10 out of 10 for the past year. They have improved a lot of things in response to customer feedback. A year and a half ago or more, if you put in a support request by email, then it wasn't timely addressed. It could be a day to three days before you received a response, which was a bit frustrating. There was a lot of customer feedback around this issue, which has been greatly refined. Now, if I put in a support ticket, I would expect it would probably be answered within a couple hours.

I have a lot of ideas in my head about where things could go with the solution. The company is very receptive to those thoughts as well as the opinions of all its customers

Our previous endpoint protection platform was very cumbersome to manage. It did not reliably apply protection and had many issues. My current organization is the fourth time that I have deployed CrowdStrike Falcon in an environment. The first time that we deployed it, we were using an inherently cloud-native protection platform, but it was unreliable. 

Swagelok was using McAfee ePO, which inherently is an on-premise solution. It is also very unreliable and cumbersome to manage. It was just missing detections, being inherently signature-based. So, it was only hitting on known signature-based malware. We lacked the EDR aspect of endpoint protection, e.g., behavioral-based analytics and preventing malicious behavior before it begins, which drastically stifles the remediation effort. McAfee's principle was always, "If you get said detection, then you need to run other tools to scan, remediate, and clean up the endpoint." Hands need to be on the endpoint taking it physically offline and off the network. Everything is drastically simplified with CrowdStrike Falcon. I can cloud sandbox the endpoint, remediate it, and interact with it at the command line level remotely, regardless of where it is, as long as it has an Internet connection. It is just amazing. 

As far as Swagelok goes, McAfee yielded a lot of false positives. The management was so cumbersome that there were only a handful of people able to resolve problems with endpoints or false detections. If you weren't connected to the inside core network, you couldn't reach the server in order to mitigate the problem. Because of the cloud-native aspect to CrowdStrike Falcon, I can pull up the console in my car on a mobile phone and mitigate an issue for someone whenever and wherever I need to do it, regardless of how I am connected, what device I am on, etc. So, the response time has drastically decreased (by five to 10 times) for remediating a critical vulnerability, a piece of malware, or undoing a false positive. This has been noticed across the company at large.

In all four instances where I deployed the single sensor in organizations of various sizes, it was very simple. Swagelok was probably the easiest deployment, since it is an organization large enough to have a deployment tool, like Microsoft SCCM. Once the package was built to deploy to endpoints, we push the "Go" button. Then, it was a matter of hours and our entire environment was protected. The deployment took less than a week.

Three people were involved in deploying the solution:

1. Being the experienced administrator, I pretty much did all the configuration: creating the correct groups, prevention policies, etc. 
2. We have an administrator of the deployment tool. I worked very closely with the package of the sensors and he executed the deployment.
3. We have another gentleman who oversees our lab environment and was very invested initially in trialing the product against all our existing applications to ensure there weren't any incompatibilities in the early deployment.

We have absolutely seen ROI, e.g., the reduction in man-hours for resolving incidents. The speed of the platform has drastically reduced time consumed, affording more time for an operator to act when resolving problems.

It is an expensive product, but I think it is well worth the investment.

The CrowdStrike Falcon Pro solution alleviates the need to quote out the product. You initiate the use of the free trial, then opting the purchase. You can manage it all on your own without engaging a sales representative. I definitely have done this in a small business environment. 

In all other instances, it was more of a formal business relationship. There was a sales representative involved who queued up the trial environment. If you initiate a trial yourself, you are basically given 14 days to trial it. Whereas, engaging a sales representative allows them to moderate the length of time that you can do the trial. Because we are a larger enterprise with a lot of politics around completing purchases and legal reviews, we have a sourcing department who vets out vendors. The process is very long and cumbersome. We had initiated a trial, in this instance, which ran for several months before we acquired it.

The fact that I have access to the products free for several weeks or months was not really a factor. What was more impressive in the trial was the way CrowdStrike approached it. When you initiate a trial, they give you a CloudFlare instance of a victim machine and an adversary machine. They then allow you the capability to deploy the sensor or pull it back from the victim machine. You can unload whatever you care to against the victim machine for testing to see how well the product works on your own. Unlike many other products in a similar space, when you evaluate the product, it gives you the feeling that you are completely in control. Also, there is a sales engineer who moderates the demonstration of the product.

The first time that I deployed CrowdStrike Falcon, I evaluated probably a dozen other products. I was very close to signing a deal with Carbon Black, simply because I hadn't yet heard of CrowdStrike Falcon. Since deploying it the first time, I would never really consider anything else. I do look at other platforms from time to time to see how they have evolved and changed, but it would be very difficult to convince me to use something else. The winning factor for CrowdStrike Falcon is just the inherent capability of the platform. In my observation, there really isn't another company who can do as much as they can.

Take advantage of the opportunity by CrowdStrike to network with other customers in a similar company size and industry to see how well the product could benefit you as a potential customer before committing.

We have a very minimalistic cloud infrastructure footprint or container footprint at this point in time. That is likely to take off in full swing in the next year or so. We have many legacy applications running on legacy operating systems, which I am working very aggressively to get out of our environment. When that starts to take flight, we will definitely have more of a need for a cloud container as well as cloud infrastructure visibility and protection, which we do not have a lot of at this point in time.

I would rate this solution as 10 out of 10.

It blocks all the stuff bad actors are trying to do to our users.

All our end user systems and servers are on-prem and cloud workstations desktops everywhere.

We are using the latest version minus one release (N-1).

It provided us visibility into our endpoints that we did not have before. The telemetry and data that it collects allows us to respond to possible incidents much faster, containing the host as well as jump on the host for remediation.

CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and kept our systems up.

CrowdStrike endpoint detection and response (EDR) is excellent. It blocks the bad stuff without user interaction, allowing us to stay in business. For example, one of our service providers has been down for five days now with ransomware. Also, four of our partners have been down over the past two months with cyberattacks, and we can't do business with our partners.

CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it.

I have been using it for a little over three years.

The stability is very stable. There have been no issues.

We have automated all our CrowdStrike Falcon updates.

It is very scalable. There have been no issues at all.

CrowdStrike's technical support is excellent:

• Quick to respond
• Quick to help
• Very responsive
• They have always been able to solve the issue.

I was a McAfee customer for 20 years before switching. It was like night and day, where McAfee is old technology, and CrowdStrike Falcon is new technology. On a scale of one to 10, McAfee is at one and CrowdStrike Falcon is at 10. There is a really big difference.

We came from an on-premises solution. With more people working remotely, that became an issue. The fact that this is a cloud-native solution provides us with flexibility and always-on protection.

It was very easy to deploy the solution’s single sensor. We used our deployment tools to push it out. Because it is a single agent, it is very lightweight, easy to install, and updates itself. We came from a competitor who had multiple agents, upgrades, and DAT files, where you could have very few of these with 100 percent working. However, since there were six different modules, they all had to be kept updated, which was a nightmare. 

This solution was a simple, easy push. Once it is on there, it updates automatically and we don't have any issues.

For deployment, we use a tool called Quest KACE. We also use SCCM.

We did about 10,000 hosts in around two months. We have had growth through acquisition. Now, we have 12,000 hosts.

We did it ourselves.

For the deployment, there was one FTE (a Level 2 PC technician) for eight weeks. For maintenance, it is pretty much set and forget it. There is very minimal maintenance and zero dedicated staff.

We bought a very small number of licenses, then ran it for a year. We bought a 100 licenses for a year, so we didn't actually do a proof of concept. We just bought them. Then, the next year, we bought 10,000 licenses.

We received a quote three years ago, and it was almost seven figures. CrowdStrike got money from investors to displace competitors, like Symantec and McAfee. Then, our quote was very low, which is why we were able to do this. The first year, the quote was almost a million dollars. The second year, it was a little over $100,000.

We also evaluated Cylance and Carbon Black. We went with CrowdStrike Falcon because of the single agent and price. The other solutions required multiple agents, and I did not like that at all.

Compared to the other solutions that we evaluated, CrowdStrike Falcon has a similar ease of use.

We are a very happy CrowdStrike Falcon customer. I highly recommended it. It works.

I would rate this solution as 10 out of 10.

We use CrowdStrike Falcon for endpoint protection against malicious activity.

Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution.

The detection time has room for improvement.

I have been using CrowdStrike Falcon for two years.

I would rate the stability of CrowdStrike Falcon ten out of ten.

I would rate the scalability of CrowdStrike Falcon a nine out of ten.

The technical support is good.

Positive

We are an MSP and have used and provided IBM QRadar, Bit Defender, and CrowdStrike Falcon based on each client's requirements. 

CrowdStrike Falcon is the most popular choice for our clients because of its price.

Deploying CrowdStrike is straightforward. We initially had a technical representative guide us through the process, but now we can handle it ourselves for our clients. 

One architect and two engineers are used for the deployments.

We implement the solution for our clients.

The licenses are offered on a one-year and two-year basis. The more endpoints an organization adds the cheaper the cost.

I would rate CrowdStrike Falcon a ten out of ten.

Our clients range from small up to enterprise level.

The maintenance is simple. We just need to stay on top of the updates.

CrowdStrike Falcon is user-friendly and the analysis provided is good making it an efficient solution.

We use this product as an antivirus. We use it as an add-on for Arctic Wolf, which it integrates with. 

The solution integrates well with Arctic Wolf. 

Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue.

It's very scalable.

The stability is excellent.

I'm very impressed by its low pricing.

The initial setup was simple, and the deployment was fast.

I do not have any notes for improvement. It just works. 

They offered a white glove service that was extremely costly. When we got into it, we saw it was relatively easy. If I was being nitpicky, I'd say that I don't like being sold something that's unnecessary. That's the only downside I've seen to the solution. 

I've been using the solution for five years. 

The product is rock solid. I've never had an issue with stability. It is reliable and the performance is good. There are no bugs or glitches and it doesn't crash or freeze. 

The product is very scalable. You can extend it as needed.

We have between 220 and 300 users at this time. 

I've never dealt with technical support. 

We had multiple other antiviruses, including Norton, Avast, and Defender. We chose Falcon due to its Arctic Wolf integration. 

The initial setup was very easy.

We did not need a lot of people to set it up. It took a couple of people and less than five hours to have everything up and running. 

No maintenance is required. 

The licensing is very low. It's quite affordable. 

The solution is excellent. I'd advise people that if they have Arctic Wolf, they'll have an easy time.

I'd rate the solution ten out of ten.

We use CrowdStrike Falcon XDR for endpoint protection.

It is more sophisticated than a legacy antivirus. 

When compared to the legacy antivirus, it offers more features, including the ability to do analyses, halt execution, and more. It also gives you real-time notifications.

In comparison to the earlier legacy era, it is better.

The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution.

It gives you that capability.

I am satisfied with the features that I currently use.

The interface is good, I have no complaints.

I believe that most of the features are perfect for my needs, anything else is only icing on the cake.

It can be expensive depending on the features you select.

The technical support could be improved.

I have been working with CrowdStrike Falcon XDR for more than one year.

CrowdStrike Falcon XDR is a very stable solution.

CrowdStrike Falcon XDR is simply scalable.

In my opinion, it all comes down to what is your pocket saying., and the number, of users. 

From my perspective, it's a very scalable product.

All of your endpoints are using this solution.

In our company, we have approximately 372 users.

We have contacted technical support multiple times.

I would rate the technical support a three and a half out of five. They are good but could improve.

The initial setup was very easy. 

It took less than three days.

We completed the setup with some assistance from the Falcon team.

I am not aware of the price, but I believe that it is among the most expensive XDRs out there. 

Of course, this is dependent on the features you choose. Depending on the features, the price might increase.

This is our sixth year of transitioning from a legacy antivirus. So, I believe we saw the issues that we have with legacy antivirus. That's why we went for Falcon XDR.

First, they should understand their needs, then depending on those requirements, I would be able to advise because each person has a unique use case.

I would strongly suggest this solution to anyone who is considering using it. It's a go-to for endpoint protection.

I would rate CrowdStrike Falcon XDR  an eight out of ten.

We use this solution for next generation anti-virus protection and detection. We are a premium partner of Crowdstrike. 

The EDR and XDR features have been most valuable.

For CrowdStrike to work, all the machines need to have an internet connection. This makes it challenging to assist customers without an internet connection. We would like to have a mechanism or relay to make this possible.  

I have been using this solution for two years. 

This is a stable solution. I would rate it a five out of five. 

This is a scalable solution because it is cloud based. 

If customers want technical support, they need to subscribe to a special service that they need to pay for. When it comes to CrowdStrike, customer use the different support services as per their needs. By default, they don't provide the telephonic support.

I would rate the support a four out of five.

Positive

The initial setup is very straightforward and required two people. I would rate it a four out of five. It take approximately one week to set up. 

We receive good ROI when using this solution. I would rate it a four out of five. CrowdStrike offers a breach warranty which greatly reduces risk for customers. 

When it comes to licensing, customers can choose a bundle or select licences based on the specific features they would like access to. This solution comes with premium pricing. It is approximately 20 to 30% more expensive than competing solutions. 

I would rate the pricing a three out of five. 

I would advise others to tell their customer upfront that staying connected to the internet is very critical to the use of this cloud based solution. 

I would rate this solution an eight out of ten.

We are using Crowdstrike Falcon XDR for security.

The most valuable features of Crowdstrike Falcon XDR are Spotlight and Discovery, they are helpful. Additionally, the console is user-friendly, with fewer false positives than other solutions.

Crowdstrike Falcon XDR can improve the integration. There are some locks on the cloud to on-premise integrations.

I have been using Crowdstrike Falcon XDR for approximately one year.

Crowdstrike Falcon XDR is a highly stable solution.

Crowdstrike Falcon XDR is scalable for what we use it for. We are using the maximum number of endpoints, which is 1,000.

The support from Crowdstrike Falcon XDR is of a middle level. It is not good and it is not bad.

I rate the support from Crowdstrike Falcon XDR a six out of ten.

Neutral

We were previously using FireEye EDR. We switched to Crowdstrike Falcon XDR because we were facing a lot of issues, such as false positives.

The initial setup of Crowdstrike Falcon XDR is easy. We installed it manually, and it took us approximately one month to complete the implementation of the solution.

I rate the setup of Crowdstrike Falcon XDR an eight out of ten.

We did the implementation of Crowdstrike Falcon XDR in-house. We use two engineers for the maintenance and it is simple. 

We evaluated SentinelOne before choosing Crowdstrike Falcon XDR.

My advice to others is this solution is easy to deploy, and there is no planning required.

I rate Crowdstrike Falcon XDR a nine out of ten.

We use this solution for next generation antivirus and EDR.

Developers previously complained their resources required regular scanning on their system. This made their system and response time slow. This has since been improved using this solution. 

The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed.

Based on the documentation CrowdStrike provide, the solution provides a number one detection ratio which we like. 

We have used this solution for one year. 

This is a stable solution as it is cloud based. We have 3000 users making use of it. 

The support team responses are often a little bit slow. I would rate them a three out of five. 

We previously used Cisco AMP.

The initial setup is straightforward. I would rate it a five out of five. The deployment was a replacement project and it took three months.

We used a third party for installation. 

We don't need to maintain onsite servers and deep end user updates with the new vulnerabilities. Considering the required server hardware and maintenance workload, the ROI will be achieved in a year or one and a half years.

This solution is relatively expensive. 

I would advise others to first evaluate AV or EDR and then investigate the current endpoint protection solution that are already using in their organization. They should then check what kind of tools can be placed with CrowdStrike. 

I would rate this solution a nine out of ten.