CrowdStrike Falcon Reviews

The most valuable feature of CrowdStrike Falcon is its accuracy.

CrowdStrike Falcon could improve the logs by making them free to the API.

I have used CrowdStrike Falcon for two years.

The solution is stable.

CrowdStrike Falcon is a scalable solution.

We have approximately 800 people using this solution in my organization.

CrowdStrike Falcon technical support has been fine in my experience.

I have used other solutions before CrowdStrike Falcon, such as Symantec.

Symantec does not have any advantage over CrowdStrike.

The initial setup of CrowdStrike Falcon is easy.

The price of CrowdStrike Falcon is reasonable.

I rate CrowdStrike Falcon a nine out of ten.

Our main use case was looking for an endpoint solution that was able to follow our users anywhere. We have over 52,000 employees, and a majority of our people work in various places. Many employees are not in an office every day: They are at a client's sites, some work at home, some are traveling, etc. We really needed something that would give us visibility no matter where and when an employee was working.

It has improved the way that we function by giving visibility to machines that we could not see before. With our previous product, you had to be VPN'd and connected to our network. Now, we can see alerts when people are just working at home. For example, they may have clicked on something that may be malicious, now we can take action and stop things from getting worse at the end of the day with its level of visibility. We have also seen installing CrowdStrike has a lot less resource issues versus what our previous solution had on local machines.

It is very important that our security solutions are cloud-native as continue to grow our company. I have been here for almost three years and we were 40,000 employees then, and we are over 52,000 now three years later. For us, the cloud has been important because we don't have to worry about infrastructure, connectivity, or other things like that to grow our business.

Even as we had to pivot with the pandemic to more employees working from home, we have been able to maintain the same level of security visibility. One of the big concerns for management when the pandemic stated was how we maintain security asking, "What do we have to change for security?" and it was nothing, "Let people go home. Let them work from wherever they need to." We had already taken the remote working ability into our security model. Our security operations did not change anything when employees pivoted from working at client sites (or in offices) to working at home.

As long as the machine is connected to the Internet, and CrowdStrike is running, then it will be on and we will have visibility; no VPNing in or making some type of network connection. CrowdStrike always there and running in the background; for us, that is big. We wanted something that could give us data as long as the machines connected to the Internet and be almost invisible to the employees.

Having this type of security operations gives our management a level of comfort. We know we have ransomware protection and there are automatic actions that will happen to keep those incidents from spreading. As things like SolarWinds or the Microsoft Exchange issues have come out, we have been able to use the CrowdStrike logging to do look backs through the logs that we have been maintaining for over a year to see if there were any indicators of compromise that previously occurred before this was known issue. This has been great for us to be able to report to various management. even if we may have been running a vulnerable version of this for a period of time, e.g., like the SolarWinds software.

The Prevent, EDR, and OverWatch are some of the biggest features for us. They stand out as being useful because:

1. Their high efficacy rate on detecting items.
2. The ability to detect malicious activity and take action with a machine that may not be on our network.
3. Do remediation or automated actions, especially for things like ransomware, where it would automatically stop from running and quarantine the machine.

The introduction of CrowdStrike Overwatch service has reduced security risk. It mines through data by threat hunting. Overwatch has been able to point out things to us that were potentially risky activities going on that probably wouldn't have been detected by our old solution allowing us to take some actions and reduce some risk from that perspective.

They have been able to offer Spotlight and other modules, which is great. They take the information they have and turn it into solutions.

There is so much data in their dashboarding and other stuff like, but there is also still some work to do on, "How do you boil it up to certain higher levels/executives?" There is a lot of good technical detail, but in the position that I sit in, sometimes it is a little hard when I am not in it day in, day out to come to what is the real executive level sorts of things. For example, CrowdStrike shows incidents, but what are the things that I really need to worry about as a CISO at a company? That is the one area for improvement.

Finally, they bought a company that is doing SIEM, which is interesting to me. When I first started with CrowdStrike in my previous organization, four or five years ago, I went to CrowdStrike, and said, "I don't want to have to buy or continue to support our SIEM product. I would rather use you guys. Can I pay you extra money to hold that data and do those things so we can have that functionality? Then, I can get one rid of a solution." At that time, they told me, "No, we're not a SIEM company." I did not like the answer, but I respected it. Now that they bought one, and I am like, "Wow, I guess I was just a few years too early." So, I'm glad to see those sorts of things. I am glad to see them evolving into those areas where I saw it years ago, where they are strong, and displace others.

I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization. Then, I can have less vendors and put more effort into one solution that we really want to operationalize.

I have been using it for two years at this organization. I also used it for about two years when I was at my previous organization. So, I have used it for four years in total. There was a little lull in-between when I came over to this organization as their CISO, because they were on another product and then we ended up switching in 2019 to CrowdStrike.

I have never had an issue with stability at my current organization. At my previous employer, there was one issue with an auto upgrade where it caused some issues, but it was resolved quickly.

CrowdStrike is a vast improvement compared to our previous solution, where we had to spend a lot of time. For example, when the client had to be upgraded, it was a three-to-six-month project with people having to spend dedicated time to roll it out in waves, then deal with issues when a client's machine didn't upgrade correctly. Now, upgrades happen automatically. We turned auto updates on and have never needed to look back. Nobody has to spend any time on it.

I honestly cannot tell you the last time I have heard about a CrowdStrike agent issue causing an outage on a machine or server at the end of the day.

We have had no problems with scalability. CrowdStrike can scale as much as we need them to, they are the ones taking care of all the cloud, hosting, and processing on their end. So, we have never had an issue where we have seen a degradation in alerting timing, etc.

There are probably 10 to 15 people who access CrowdStrike or use its data regularly. It is funny because our IT people will use it to try to look for things that aren't necessarily security sorts of things, for example, "Hey, this isn't working," or, "That isn't loading," because of the level of visibility CrowdStrike has in some of the processing item. We have four or five people on the SOC. There are probably 20 or 30 accounts in there, but for the ones which are used regularly, it is probably about half that amount, like seven to 10.

My experience with the technical support has been great. Part of it is also the level of access that I have at CrowdStrike. I have been on their advisory board since the beginning and a customer. I participated in a panel at one of their last in-person sales kickoff with their CEO. I remember when the company was 200 to 300 employees and there were 1200 or 1300 at their sales kickoff.

For monitoring it, we have an outsourced IT provider (our partner) who has security operation center people. They are the ones who are really responding to the alerts at the end of the day. I think there are four or five people who cover the 24-hour time shifts.

This solution has been not nearly as compute resource heavy as some of our previous solutions. Compared to our previous solution, CrowdStrike is a lot easier to use, easier to get information out of it, and you are getting it in more real-time.

Deploying CrowdStrike's sensors to our endpoints has been fairly easy. You can do tens of thousands of hosts in less than a day. I know of another organization who deployed 60,000 endpoints over a weekend.

Each organization has to look how its IT operations function. We did our deployment in a phased approach, with lower risk systems and servers first. If you had an issue, then you could easily roll it back. Then, we rolled it out into more regions and higher risk things.

We had a desktop management employee pushing it out, then another person in our security operations center validating endpoints numbers. It is really having your support desk know as well as having your people who run endpoint management.

For monitoring it, we have an outsourced IT provider (our partner) who has security operation center people operating the solution 24/5. They are the ones who are really responding to the alerts at the end of the day. I think there are four or five people who cover the 24-hour time shift.

The amount of compute resourcing used on a machine has been significantly less than the previous produce. The biggest ROI is the operational cost reduction. We would have a project manager spend three months to roll out an upgrade of a very heavyweight, security endpoint client. At the end of the day, this could cause a one to two percent error rate where machines would have an issue, then we would need to have a tech spend a lot of time on correcting this versus having automatic updates now that take care of themselves.

You are looking at saving six to seven months of a person's time, collectively, which would have been spent on just doing this one function alone.

Years ago, when we bought CrowdStrike, you got everything it had. I was a little concerned when they broke this out into a la carte modules where you can buy EDR, Spotlight, etc., picking and choosing off the menu. I was a little worried that the solution would get watered down. However, I realized in my previous organization when we had the full suite that there were a bunch of features in it that we didn't have time to operationalize. So, I warmed up to it. I get the whole, "Look, you can pick and choose. Okay, everybody buys a steak, but do you want mashed potatoes, or do you want lobster mac and cheese?" So, you can pick the sides that you want, so you can buy the solution that you want and operationalize versus paying a lot of money and getting a bunch of things, but not using 60 percent of the tools in the box.

There are licensing and maintenance fees.

At my previous company, I did a PoC. The guy who led all the Midwest sales was somebody I knew for around a decade. So, it was, "Hey, I want to try this out because it sounds interesting." So, it was fairly easy. You got the trial. You installed it, then you connected to their cloud portal. That was it. You opened it up to be able to communicate to port 443 outbound, and that was it. It was super easy to get CrowdStrike up and running.

The PoC was important because we were able to test \ and see visibility that we weren't able to before when a system was off-network, just sitting at home, connected on an Internet, and not VPN'd in. It was those sorts of things where, "Look, this is what we can see now that we couldn't see before," as a result of doing that trial.

At my current company, we did not do any type of trial because of past experience. We did test but then just started kind of rolling it out because our other product was just too heavy to continue to operationalize.

In my previous organization had very much the same issue that my current one had. We had an endpoint solution where you didn't get any alerting from the endpoint security if you were off-network. We had salespeople who traveled, and even more people connected via VPNs, which was common. A lot of things were internal, but we were shifting to some cloud-based things. We had the issue where a salesperson connected to the network every once in a while, and we wouldn't see the alerts. By the time we got the alert, it's well past and who knows what has happened. Therefore, I started doing some searching on the Internet and found the company, CrowdStrike. I looked it up and was like, "Oh, a friend of mine, in sales, was there." So, I called him up and said, "Hey, can we talk?" That is where it started.

We continue to look at other solutions such as what Microsoft has to offer. Some of it is part of our licensing and some of it is not. We continue to listen to some of the other players who are out there such as Cylance and SentinelOne. When I first looked for CrowdStrike, there was nobody else in this market space who was doing endpoint security purely from the cloud. Even when I talked to our previous solution provider about the cloud their answer was, "Oh, we can put servers on Amazon." I told them, "No, I don't want to have to manage servers, period. I want the provider to take care of this. We'll pay for that." That was kind of this weird notion for them to be a truly software as a service model. Now, it is common, and everybody is doing this service model.

A number of other solutions have caught up, mainly by copying CrowdStrike’s cloud-first framework model. A lot of them have been catching up from that perspective overall. Now, it has become a little bit of a crowded field and much more of a commodity but CrowdStrike was the industry leader when we were making our decision.

CrowdStrike is currently across all our technology stack, servers, and workstations.

When we did our proof-of-concept testing, our administrators liked that installing it was easy and did not need to reboot the system (and causing an outage). Our administrators also loved that once they did this, they didn’t have to deal with doing client upgrades once or twice a year, where you have to take servers down and reboot them. You install this once, and now you won't have to worry about this ever again. I sold this to administrators as, "You want me to make your life easier? Here is the one thing you need to do." Now, they reap the benefits.

We are looking at the cloud workload options over a course of time, as more technologies shift to cloud and we acquire other companies with more endpoints. From that perspective, we will continue to look at some of the other modules that they have but operationalizing some of modules are not in our risk profile. Some of the modules don't add as much value as they would to some other companies depending on their risk exposures.

We will look into the solution’s Horizon module in the future.

I would rate this solution as a nine out of 10.

It is currently our antivirus and EDR platform that we use to export incidents to our SIEM and automation platform, SOAR. We use Demisto for our SOAR.

The solution is fully deployed in our organization. We are primarily Windows. There are four major hospital sites with a couple thousand endpoints each. We probably have 600 remote workers due to COVID-19. I would probably say there are 7,000 VDIs inside of Citrix. Then, the rest are probably small clinical sites with no more than 50 to 80 people at each one. They make up the bulk of the rest, and probably 99 percent of that is Windows or server-based. We only have maybe 30 Macintoshes in the whole system and about as many Linuxen.

We are using Windows agent 618.

It talks to a lot of our other systems. It allows us to correlate data between our firewalls. This way, we can connect whether network activity is relating to an endpoint detection for faster correlation. It provides more data about the endpoint quicker than if we were to go out to the endpoint and collect that data manually. In general, I see that it speeds up our playbooks pretty dramatically, as far as our workflow.

We have what we call our phishing playbook. It is an all-in-one, where an email comes into the organization, a user reports it to us, it comes into our automation platform, and then it kicks off a whole bunch of other stuff. For the phishing playbook (which does have a malware component to it) to go out to all the individual tools, that could have taken two and a half hours for it to run the entire phishing book manually, going to all those individual pieces. Now, we can have one done in 15 minutes. The phishing playbook is a catch-all that has multiple systems in there too. As far as collecting data from many different parts, it speeds that up. In general, we have noticed time savings. 

I would give them probably about as high as I would be willing to give any organization. I would give them an eight out of 10, as far as their effectiveness, for preventing breaches. In general, we feel more secure knowing that we are not relying on multiple different technologies to provide a different kind of protection. We were using a couple other different pieces of software to do a portion of what CrowdStrike is doing for us. We are getting a more comprehensive protection, which is good.

We like the ability that if there is an issue at a third-party clinic that is affiliated with us in some way, then we can go in there quickly and install our agent, protecting them if something were to happen. For example, we had at doctor's offices where there were phishing incidents, then we went in there and installed the CrowdStrike agent. 

I like the herd immunity, their Falcon X version. If another organization somewhere else gets hit by a piece of malware that has not been seen before, we will get that protection in however long it takes them to analyze it and push that detection to everybody else. I find that extremely helpful.

The second most useful feature to me is the intelligence modules.

I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good.

When we first went to CrowdStrike and purchased it, a lot of my team members all had the same issue: There was too much information. Initially, when the user logged in, they were getting dumped on, like a five-gallon bucket of ice. Trying to sort through it all, you can get lost easily. Until you have really had time in the solution to really digest how to use things, it is information overload. We didn't get that from Palo Alto XDR.

I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup. 

We have been using it since about June of last year. That is around when we officially purchased it, but we had been running it as a PoC since about March or April of last year.

The stability has been fantastic. I have had no stability issues at all. It has never caused a problem of any sort that we have had across in the organization for a PC "acting funny" kind of ticket coming in. Those have never been CrowdStrike agents.

Because this is a cloud-native solution, it provides us with flexibility and always-on protection. That is just the nature of what SaaS applications are. In a very general sense, I wasn't looking at CrowdStrike because it is a SaaS application. That has been a minor point to me. Just one of those, "Oh yeah, your SaaS." It is almost expected nowadays with a lot of your more modern XDR platforms that it has to be always-on, 99.999 percent uptime.

As far as general maintenance, it makes it a bit easier as far as overhead. If there were servers onsite, we would have to take care of those as well as the care and feeding of them. Making it SaaS does make it easier, which provides us some extra man-hours as far as taking care of the hardware behind running it. There is that added benefit, which is nice. The configuration of the agents probably makes it a bit more automated, so that is nice as well. These are just secondary points to me. If we had to do the maintenance, I would be perfectly happy with doing it.

All our security team monitors it. There are five of us in the console daily actively using it. I am probably the only true administrator who will change policies or anything like that in there.

A couple people have access outside of the security team, but I have not seen them login. We have a couple of our server admins have access where they have view rights, but they don't go in because they don't have issues. One or two people on our Citrix team have access, but they don't go in either. Also, one or two of our end users might have access.

The scalability has been fast and easy. We did so many endpoints very quickly without any issues.

It is fully deployed across our organization. We can't really expand anymore unless we are adding/buying clinics.

Now that we are a full-on customer, CrowdStrike technical support has always been spot on. It is one of the best that we have. It is way better than Microsoft and many other pieces of software out there. In my personal experience with the technical support, it is one of the best that we have had. That could be because we have an awesome TAM and great customer service manager. If I reach out to them, then they are on top of things.

One factor behind why we chose CrowdStrike is that we were getting rid of multiple agents to go to one CrowdStrike agent. When we had Carbon Black Protection previously, they were ripping us off. It was a lot. We are paying substantially less with CrowdStrike. Carbon Black Protection is only for application whitelisting, and that is all it does. It is not AV. It is not anything else. That was just one piece of software that we were using. So, getting rid of Carbon Black Protection more than paid for CrowdStrike, and then some.

We were also previously using Microsoft SCEP.

There was a slight decrease in lag time when we removed Carbon Black and put CrowdStrike on, but CrowdStrike moved it back up slightly. However, it was still less than the Carbon Black agent. We did see a slight performance increase with the OnBase application, which is linked to Epic.

CrowdStrike requires tuning out-of-the-box. When we first installed, we set the protections and configurations as recommended from CrowdStrike. We were getting absolutely inundated by detections and incidents. It required probably about a month or two of tuning to really dial into the number of what we would call, "expected incidents". Even now, I would say about 90 percent of what we see are probably false positives, but they are false positives that make us scratch our head, and say, "Is this really something or not?" These are not, "Oh hey, this is Windows Media Player that is getting flagged." These are legitimate false positives worth the investigation, but it takes some dialing in. 

It was exceedingly easy to deploy the solution’s sensor to our endpoints. We had zero issues. We used Microsoft SCCM. We programmed the string and all the commands, then we were off to the races. We programmed one SCCM job by GPO to do all of it. We had 14 total failures, which we found out later was not a CrowdStrike issue. It was an endpoint issue for those failures. Across 20,000-plus endpoints, 14 failures is really good. We deployed it in five days. That includes production servers, test servers, medical endpoints, etc.

The PoC deployment was only 25 endpoints. It was just downloading the agent, then manually installing it. That was a 48-megabyte install. It took two minutes, click two check boxes, enter a string, and you're off to the races. The test install was super easy too.

Our implementation strategy was probably the same as many other organizations. We did the workstations and laptops first, then we did test servers followed by the production servers. 

We had to tailor how many agents we were pushing out at a time via SCCM. The way we had built our job, it was doing a CrowdStrike install, but it was also uninstalling a couple of other pieces. It was having issues on that uninstalled portion. So, the SCCM job would fail. Then, we would get a kind of success where CrowdStrike was installed, but it had failed to uninstall the other portion. Therefore, it was a strange kind of limbo where CrowdStrike and Carbon Black did not play well together at all, like it would absolutely just fail. For example, we had a couple instances where they were both on a machine at once, so we had to tailor how many machines we were doing in a time break, e.g., every 30 minutes, we were doing 500 machines. Every 30 minutes is essentially what we did for a couple of days at a time during business hours so we could monitor it.

It was just the SCCM guy and monitoring it like a hawk. That is all we did for those five days. We just watched it. He was the one doing all the work. He programmed the job and everything. I just gave him the code and watched the CrowdStrike console. If necessary, I went into Carbon Black and manually uninstalled it from there too.

The only help I had from CrowdStrike was to confirm this would work in Citrix. For example: 

• Do we have the correct install language for Citrix? Because the VDI requires a couple of different switches turned on. 
• Is SCCM going to work?  
• Does this look right to you? 

We just basically had them bless it off, "Yeah, it says right here in the manual that this is good." We kind of followed the manual, then we had no issues. However, we just wanted to make sure about that Citrix VDI. So, we did have them actually look at that and make sure that the switches were good.

Agent overhead on the systems has been lowered slightly. We haven't had any tickets coming in, saying, "Oh no, CrowdStrike is messing up my PC. Come fix it." We had this with Carbon Black Protection. It has cut down on the number of support requests for other teams. 

I can't even talk about performance overhead, which is good. Our Citrix team hasn't noticed any extra increases in their Citrix workloads, as far as Citrix Server usage overhead, because we also deploy the CrowdStrike agent virtually. It has not slowed down any of the clinical applications, which was a huge win. If it had slowed down any of our clinical applications, especially the more time-sensitive ones, then it would have been a no-go. It would have been a red flag, "You're out the door," and it did not slow any of them down.

We saw ROI by removing Carbon Black Protection, which costs way more than CrowdStrike costs us. Right there, we already earned back and saved money by removing that solution. Turning off Carbon Black Protection and Microsoft SCEP AV were a huge amount of system overhead saved. Easily coordinating between multiple different pieces of software and gathering that information quickly was another time save. 

I am saving at least an hour or two a day by not having to go into Carbon Black Protection to figure out some sort of strange whitelisting issue.

One part that I don't like about CrowdStrike is that you have to pay for the extra feature of Falcon X. I don't like the a la carte nature of it. I do find that feature to be one of the most useful.

The pricing and licensing are reasonable. I don't think we are getting charged more than what it is worth. It is fair, but I do not like how it is a la carte. I realize they do that so other organizations can buy and get the agent, getting it cheaper than you could otherwise.
However, if you want the main core package, which has all the main features with the exception of maybe the multi-cloud protections, that can get pricier for an organization. So, you have to pick and choose what you want. I do not care for a la carte pricing.

We had contacted one of our software vendors, who put us in contact with CrowdStrike directly. We did a PoC for about 60 days. This was right at the COVID-19 kickoff. They weren't as strict on the 14 days, then you are done. They said, "Use it for as long as you like." 

Getting the free trial was super easy. As soon as they spun it up in the cloud, they said, "Here is your login information. Soon as you get your agent, here is the connection string that you will need with this agent when you have run your install." Done. 

When I got the go ahead from my director that we had officially purchased it, I was able to fully deploy to our 22,000-plus endpoints in five days. We had a full deployment in five days.

The free trial was critical. I don't think we would have gone with it if we had not been able to at least kick the tires on it some. We had to make sure that it wasn't going to interfere with our medical applications that are time sensitive.

The other major vendor that we were looking at besides CrowdStrike was Palo Alto XDR. CrowdStrike is a more mature product than Palo XDR, but with that goes some bureaucratic sluggishness. I personally had some issues with CrowdStrike, as far as getting support in a timely manner when I was still a trial customer. Now, as a full-on customer, I don't have any of those issues as far as slow support. They are always very on top of things. But as a test drive, it took far too long getting any support to get a user reset and logged into the platform. It took days. I was very upset about that. However, with that maturity, you have your full built-in intelligence module, which is one of their big selling points. It was fantastic having all that data.

Palo Alto XDR probably had more out-of-the-box API integrations that we use, because we use the Palo Alto XSOAR. It would have linked immediately and perfectly right out-of-the-box. Basically, with a click of a button, it would have been on. A majority of our security work comes from XSOAR. That would have been a huge win. Because of legal issues, CrowdStrike and XSOAR have an API link, but it is not terribly useful or intuitive to use without a lot of customization. Unfortunately, with a small team, nobody really has time to dig into the API and do all sorts of customization, trying to program it to get it to be just right. We have too much more operational work to do.

Other than that, the protections between the two are equal. I didn't see any decrease in that. I would just say CrowdStrike was more feature-based, and that Palo Alto's feature-base wasn't fully quite there yet. Things were a little bit more intuitive to me on the Palo Alto product than the CrowdStrike product. However, the maturity of the CrowdStrike product eventually won out.

I personally liked the Palo Alto product a little bit better than CrowdStrike because I could see where it was going. It was a difference of GUIs, essentially. With the recent updates from CrowdStrike, it has made this a little bit better.

Our CIO had a previous good experience with CrowdStrike. That was the reason why we went with CrowdStrike over XDR. Essentially, what it boiled down to, someone with a higher pay grade above me had a previous good experience.

We just signed a contract with an organization for another piece of software to do our multi-cloud protection.

We get a lot of our ideas for software that we want to take for a test drive through Magic Quadrant reports.

It being SaaS was of no importance to me. If I wanted the solution, then had to build an on-site server for it or not, that makes no difference to me. I know for some people who have overhead, that is where it matters. Personally, it does not at our organization. I was more interested in getting the best of breed.

CrowdStrike Store is pretty interesting and always intrigues me. It typically will take you to another vendor's website for another piece of software that you would have to buy and install. So, it is one of those things like, "Oh, that is nice to know that you integrate with these other people. But, we don't have money right now to be looking at these other people's software that easily integrates but still requires their own agent to be installed on the PC." It is kind of an advertisement shop saying we work well with these other pieces of software.

Try it. Try all the features. Because if you go with a trial and don't try all the features, then you are not going to know if it's going to work for you or not. Try everything that you possibly can. I know some organizations who will "try it" and install it, but they won't do anything with it. In this case, we actually did. We actually tried to use all the features and create issues. We tried to kick the system over, and it didn't. 

Biggest lesson learnt: Rely more on our technology, trust our processes, and trust the software more. I think that is just an organization maturing from an old-school antivirus and application whitelisting/blacklisting mentality to a next-generation antivirus mentality, where you are trusting your software to operate. You are trusting your processes and playbooks to run automatically. As we matured and went with CrowdStrike, we are now relying more on our automated processes to run.

I would give it an eight out of 10. There are areas of improvement, especially with the search because it's a time burden and causes issues for our team. Other than that, everything else that we are getting has been fantastic. It is great overall.

I have been surprised by the new features coming out. When they add a new feature to an agent release, it doesn't seem pell-mell. They have a thoughtful consideration to what they are adding. The upgrade schedule is not overly burdensome nor is their path for pushing out those new features burdensome. We can keep up with them. So, they are not pushing out 20 features on one agent and none for the next 10 iterations, and then another 20. It's one or two every couple of iterations. It is trickling, which makes it easier to test things and run them through our CAB. That has been helpful.

We have several use cases including threat management, EDR, AV, and a SOC with 24x7 monitoring.

The fact that CrowdStrike is a cloud-native solution is very important. We don't have to deal with any upgrades on the appliances or console. The only thing we have to deal with is the upgrade of the agents. The SaaS model works very well for smaller companies like us.

The flexibility and always-on protection that is provided by a cloud-based solution are important to us. The cloud is everywhere. So, with the agent on the laptop, wherever the user may go, including home, office, or traveling, it's protected 24x7, all the time. That's what we require and this is what we got.

We haven't had cases where we have quarantined any material stuff yet, because we are relatively small and we don't see a lot of malware in our environment. In this regard, it has been relatively quiet.

In terms of its ability to prevent breaches, if you look at the cyber kill chain, the sooner you detect malicious activity, the better you are in responding as opposed to waiting for a data breach. I think CrowdStrike is capable of identifying malicious activity throughout the whole cyber kill chain. Step one is establishing when they have a foothold in the environment, and then detect whether they are moving laterally. The sooner they are discovered, the better we are at stopping data breaches.

CrowdStrike has definitely reduced our risk of data breaches. It reduces the risk of ransomware and it gives us comfort that someone is watching our back.

We had some end-of-life workstations that were running Windows 7 and for some reason, related to PCI compliance, CrowdStrike rejected them. This helped us in terms of maintaining our PCI compliance.

The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate. Essentially, they're an extension of my team and I like that. We're a small company and we only have a base of approximately 260 employees. As such, we cannot afford to hire skilled security people. So this makes sense for a smaller company like us.

There is a helpful feature to look into the vulnerability of the endpoint, which allows us to see which PCs have been patched and which ones have not. That helps my team to focus on those PCs that require their attention.

The deployment process is an area that needs to be improved. For some reason, CrowdStrike does not provide any help in terms of how to deploy the agent in a more efficient manner. They just don't provide the support there, which leaves their customers to figure out how to push agents out, either through GPO or through BigFix or through SCCM, and there was no support on that side. Not being able to complete the deployment in an efficient manner is one of the huge weaknesses.

It would be good if they had a feature to remove agents. We're in a transaction processing environment and if CrowdStrike is affecting a transaction processing server, we need to uninstall that agent pretty fast. Right now, the uninstall has to be done manually, which is not great. If we have a dashboard capability to uninstall agents, I think that would be great.

The dashboard seems a little bit too clunky in the sense that it's spread out in so many ways that if you don't log in on a daily basis, you're going to forget where things are. They can do a better job in organizing the dashboard.

I have been using CrowdStrike Falcon for approximately five months.

I haven't had any issues for five months since we've installed it, which is good to know. No users have complained about any CPU spikes or false positives, which we like.

If you have a way to deploy agents in a rapid manner, I think the scalability is there. As we buy and acquire companies, we have to roll out agents to those places. Right now, it's still very manually intensive and it slows down the process a lot. So, I think the scalability can be improved with a rapid deployment feature.

Our strategy right now is just to install CrowdStrike for PCs and laptops. Once we get comfortable with the technology, we can start testing the servers. It's just that we haven't finished the deployment to PCs and workstations yet.

We have approximately 260 endpoints and we're probably about 20% complete in terms of deployment.

We've raised support tickets such as the request for rapid deployment capabilities. However, we only received responses to the effect that they do not support anything like it. In that regard, the support has not been great.

That said, we don't use the support site a lot because we haven't had any issues with CrowdStrike. So, I can't say much about that.

Prior to CrowdStrike, we used Carbon Black Threat Hunter.

There is a huge difference between the two products. CrowdStrike is quiet. I think that Carbon Black Threat Hunter just locks everything that has to do with the endpoint. You generate a lot of noise, but it means nothing. Whereas CrowdStrike is more about real threats and we haven't seen much from it.

On the other hand, with Carbon Black Threat Hunter, we were able to deploy pretty fast and we could uninstall agents pretty quickly from the dashboard.

I had originally heard about CrowdStrike Falcon from my peers. A lot of CSOs that I have roundtable discussions with speak highly about it.

The sensor deployment is a manual process right now, where we have to log into every workstation, every server, and install it manually. It's very time-consuming.

It's an ongoing process across our organization.

One of our security engineers is in charge of deployment. However, we don't have someone on it full time. He works on this when he has time available, so we probably only have one-third of a person working on it.

We completed a PoC using the trial version, and it was pretty easy to do. It took us less than an hour to deploy. It was just a matter of downloading a trial agent and setting it up.

Having the trial version was important because the easier the PoC is, the better the chances are of us buying the tool.

At approximately 40% more, Falcon is probably too expensive compared to Cisco AMP and Cylance, although that is because of the OverWatch feature. If you took out the OverWatch feature then they should be about the same. There are no costs in addition to the standard licensing fee.

We evaluated other products including Cisco AMP and Cylance. Neither of these products has the Overwatch feature that CrowdStrike has. The reason why we chose CrowdStrike was that we need to have 24x7 monitoring of our endpoints. That's the main difference.

In terms of ease of use, CrowdStrike is not so great. Cisco AMP has a better, cleaner dashboard and they're more mature in the way that you navigate. It's as though they have spent time getting customers to click on features and then figured out which is the quickest way to get to what you want, whereas CrowdStrike is not there in that sense.

Cylance is even better in terms of ease of use. They dumb it down to only a small number of menus and dashboards. There are probably only five dashboards that I look at on Cylance, whereas with CrowdStrike, I have to look at many.

My advice for anybody who is considering CrowdStrike is definitely to start with a PoC, and then definitely to subscribe to OverWatch. I think that OverWatch is the main benefit to it.

The biggest lesson that I have learned from CrowdStrike is about the different threats that are out there. They have a nice dashboard with information about threats, and you can read it and learn from it.

I would rate this solution a seven out of ten.

We use this product for endpoint security and threat remediation.

The fact that this is a cloud-native solution that provides us with flexibility and always-on protection is absolutely important, especially with a good majority of our staff working remotely, now.

We've had security incidents that occurred and within a matter of just a couple of minutes, they were completely remediated and fixed and we didn't even have to think about it. We just got the report after the fact.

Falcon's ability to prevent breaches is excellent. It's affected us in that we haven't had any downtime as a result of breaches or any malware or anything like that. Ultimately, it's given us a lot of our time back. On the IT side, this is at least five to ten hours per week. On the user side, it is probably more.

The most valuable feature is threat remediation. We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur.

CrowdStrike takes care of all of the updates, so we don't even think about it or see it. This is great because we definitely spent a lot of time doing that kind of thing with our previous solution. Now that we haven't had to do it in four months, it's not even something we consider anymore.

We use both the endpoint and cloud workload protection and the detection and prevention it provides are excellent. It's tuned well to the fact that there can be a lot of false positives, so there's not a lot of potential issues that we're getting alerted about that aren't real. This means that when we do get alerts, we know that they're real and they're already being remediated for us.

It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.

I have been using CrowdStrike Falcon for approximately four months.

The stability is great and we haven't had a single issue.

It was originally deployed to 200 users and we haven't really grown since we started, so I can't speak to scalability. This represents 100% adoption in our organization, and there are no current plans to grow. As we hire more people, our usage will increase.

There are two people who work with it on a daily basis. There is the director of IT and a network administrator.

The technical support is excellent. I've only used it a couple of times and they were extremely responsive and very fast.

Prior to implementing CrowdStrike, we used BlackBerry Cylance. We switched for the ability to have full remediation so that we didn't have to do it ourselves. Also, this product is pretty much best-in-class for endpoint protection.

The only real difference that we have found with CrowdStrike, compared to Cylance, is that we no longer have to spend time remediating our issues. The detection and prevention capabilities are similar, although, with CrowdStrike, we have fewer false positives.

The initial setup is extremely easy. It took me about five minutes to deploy it to my entire organization of about 200 users. The single-center process is extremely important because it's something that we were worried about, but it turned out to be a non-issue because it only took five minutes and we haven't had to think about it again.

We initially had a plan for deployment but once we found out how easy it really turned out to be, it was basically a one-step plan.

Our return on investment comes from the fact that there is less downtime for people that do get malware and other such problems. That is something that can be quantified.

We made use of the free trial and the process for getting set up was extremely easy. We spoke to our sales rep and in our discussions and demos, they offered the free trial. We accepted, they sent me a link and I downloaded the agent. I was then able to install it and login in less than five minutes.

Having the free trial was very important in making our decision to implement CrowdStrike because without being able to test it, it's not something that we would have chosen.

The pricing is definitely high but you get what you pay for, and it's not so high that it prices itself out of the market. That said, it's definitely one of the highest. There are no costs in addition to the standard licensing fees and the fact that it's keeping us safe, and it's proven that it works, is worth it.

We evaluated solutions from several vendors including Sophos, Trend Micro, McAfee, Kaspersky, and perhaps another one. A lot of these other endpoint solutions don't offer a full remediation option, and that was a big deal for us.

Also, reputation was important. We had used a couple of others in the past and there were issues where they would make an update that would negatively affect all of our computers. For example, our users could no longer access certain important websites. We haven't had that problem with CrowdStrike.

In terms of ease of use, CrowdStrike is extremely easy. Comparatively, we've had less time in the administration console than we have previously.

My advice for anybody who is looking into implementing CrowdStrike is to go ahead and do it. There is nothing to worry about and they deliver as promised.

I would rate this solution a nine out of ten.

We implemented CrowdStrike because we needed to identify a new solution to address a 100% remote workforce, both because of COVID, but in general, our workforce is very distributed around the country.

The primary way that CrowdStrike has improved the way our organization functions is visibility. When we do have an issue, the ability to see what was happening before, during, and after the issue on the target laptop or server is far better than what we were used to.

Having the updates happening automatically, with a third-party defining those updates and pushing those in, also providing us visibility into the current status of all of our endpoints, is critical.

We use Falcon's endpoint and cloud workload protection, which is deployed on our Azure cloud servers. It is definitely one of the top options available to any organization. We had reviewed 10 different applications in the EDR space and Falcon was one of the top three that we had identified.

In terms of preventing breaches, so far, it's doing great. Definitely, in our testing that we do every month, it is identifying issues that arise with more certainty. Simply, the team has more confidence in what they're utilizing as a tool and it has freed them up to work on things that are a more efficient use of their time.

The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed.

It is important to us that this cloud-native solution provides us with flexibility and always-on protection because we have a 100% distributed workforce, in place even before COVID. To manage 600 remotely-deployed laptops requires a cloud-managed solution.

The console is a little cluttered and at times, finding what you're looking for is not intuitive. Once you find it, it's great, but it's not always very intuitive as to how to find exactly what you're looking for sometimes.

I have been using CrowdStrike Falcon for six months.

We have had no issues at all with stability, and no conflicts on any of our endpoints or servers.

It seems to be limitless from a scalability standpoint. Definitely, there would be no impact on our end, and we haven't noticed or run into any issues as we scaled from our initial 10 systems to 600. There was no difference in speed or reporting, et cetera.

So, scalability does not seem to be an issue.

Technical support is an area for improvement. If you have an actual issue, such as an identified threat, then they are very good. However, if you're struggling to figure out what might have occurred, we're still trying to figure out how to get our best support from CrowdStrike in those situations.

Prior to Falcon, we were using Webroot.

The primary improvement that we have seen is visibility. We had no visibility into what happened before, during, and after a situation with Webroot, but with CrowdStrike, we have that visibility, which allows our team to make educated decisions. In terms of detection and prevention, I believe it's all experiential so far. Falcon has been very good at both detection and remediation for any issue that has come up.

The sensor setup and deployment were extremely easy. We were able to deploy a hundred percent of our endpoints within 60 days. We found it to be very smooth.

It was a very simple deployment strategy to get the agent out to the end-users. It was so smooth that we didn't even have to notify the end-users that it was being done. It just happened automatically. 

There was no conflict between CrowdStrike and our existing EDR that we were going to get rid of. After the installation, we were able to have the old EDR totally removed within 30 days.

We had two people for deployment and we have one for maintenance. Their roles are in information security.

We have seen ROI in that our team is freed up to work on things that are more important.

We took advantage of Falcon's free trial before purchasing it, and it was very easy to get it. We were on the phone with a representative discussing our next steps and they offered the free trial, and we were set up and functional with it the next morning. Having a free trial period is something that is expected. If anybody wants our business in this space then it's necessary because we aren't going to purchase something without trying it first.

The pricing is not bad. It's on the higher end of the market, but you get what you pay for. It's a little on the confusing side because the name of the item they're selling doesn't match what you see when you log into the product.

If you buy "Protect" and you log into the product, you don't see "Protect". You see something else, like "Identify" or whatever. So, they need to do a better job of aligning product names from the sale to within the product.

There are add-on fees for different packages that you can buy, and we are looking at adding on some feature functionality as we go forward.

We evaluated 10 different solutions in the EDR space. The top three included CrowdStrike Falcon, Carbon Black, and Microsoft's ATP.

CrowdStrike was a little better, cost-wise, than the other two. Also, I felt that the console for managing the platform was easier for my team.

My advice for anybody who is looking into implementing this product is that every organization is slightly different in its needs, and CrowdStrike may or may not be the right solution. Once you can do a trial and a bake-off of multiple options, you'll find if CrowdStrike is the right solution or not.

I would rate this solution a nine out of ten.

The product is inherently cloud-based.

Knock on wood. Between our management of the platform and having subscribed to Falcon Overwatch, the managed threat hunting service, I haven't had a concern in six years. I have yet to deploy this product in an environment that has later incurred a breach. I have the utmost confidence that would be very unlikely to occur.

Every time that I have deployed it, it was more about Falcon Insight and its EDR protection. Then, the team in the company would be so pleased with the results that there was minimal resistance adding additional stack elements. Prior to their announcement of several new modules last Fall, we had acquired the entire stack. 

Each element of the stack continues to further develop their capability and empowerment of team members. For example, CrowdStrike Falcon Spotlight was an interesting tool to assess vulnerability management, but the capability of that module alone has just continued to develop in a very favorable direction. Also, the discover tool is extremely valuable. 

Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that.

As a cloud-native solution, it provides us with flexibility and always-on protection, which is critically important.

There is nothing existing today that I would change very much about the solution. Because of the capability of the data that they are ingesting, they have the ability to create tools leveraging that data to enhance the capability of the platform. The possibilities are endless.

I have been using CrowdStrike Falcon for about five and a half years

There are no questions about stability. I continue to see, especially in the last six months, that CrowdStrike is making very purposeful acquisitions to tactically and strategically build upon the platform. Many companies acquire smaller companies to get a fraction of a piece of technology that tends to be an add-on or something that may compliment the core product, but CrowdStrike is making more strategic moves to acquire technology that they can directly integrate into the existing platform to make it even better and more effective.

Updates can be handled one of a number of ways. This is something that has evolved quite a bit since I initially deployed it. Initially, you simply had the option of manually upgrading sensor versions or leaving them to automatically update as soon as a new update was released. Very infrequently, there have been issues with sensor builds. Early last year, they rolled out the ability to automate the sensor revision updates, but do it in a tiered fashion. So, there was an N-1 and an N-2. So, when they release a new version, I step back my releases and deployment of the updates by one version backwards. Then, I have a few early adopters who get the latest sensor build as soon as it is deployed. Provided there are no problems, when the next release happens, the N-1 version will automatically upstep my entire environment without having to put hands on it.

This product does not require any maintenance post-deployment.

We are protecting 5,500 endpoints with this solution. We do have plans to increase usage. Our environment is rather complex in that we have 6,000 core corporate associates and roughly 5,500 endpoints. Then, we have a distributor network globally comprised of about 220 wholly owned subsidiaries who are essentially their own companies, but they are only licensed to resell our products. They kind of have a mix of endpoint protection because it is largely up to them, within their entity, as what they choose to use. We are looking to further wrap our arms around them from a security perspective. We have looked at acquiring CrowdStrike's complete platform, which would be fully managed to deploy to that distributor network, which is about the same size as our corporate environment. So, it would be roughly another 6,000 users. It is a very large, globally-reaching endeavor, and working through the politics and legal aspects of how we will make that come to fruition may take some time. However, that is the plan.

I would give the technical support 10 out of 10 for the past year. They have improved a lot of things in response to customer feedback. A year and a half ago or more, if you put in a support request by email, then it wasn't timely addressed. It could be a day to three days before you received a response, which was a bit frustrating. There was a lot of customer feedback around this issue, which has been greatly refined. Now, if I put in a support ticket, I would expect it would probably be answered within a couple hours.

I have a lot of ideas in my head about where things could go with the solution. The company is very receptive to those thoughts as well as the opinions of all its customers

Our previous endpoint protection platform was very cumbersome to manage. It did not reliably apply protection and had many issues. My current organization is the fourth time that I have deployed CrowdStrike Falcon in an environment. The first time that we deployed it, we were using an inherently cloud-native protection platform, but it was unreliable. 

Swagelok was using McAfee ePO, which inherently is an on-premise solution. It is also very unreliable and cumbersome to manage. It was just missing detections, being inherently signature-based. So, it was only hitting on known signature-based malware. We lacked the EDR aspect of endpoint protection, e.g., behavioral-based analytics and preventing malicious behavior before it begins, which drastically stifles the remediation effort. McAfee's principle was always, "If you get said detection, then you need to run other tools to scan, remediate, and clean up the endpoint." Hands need to be on the endpoint taking it physically offline and off the network. Everything is drastically simplified with CrowdStrike Falcon. I can cloud sandbox the endpoint, remediate it, and interact with it at the command line level remotely, regardless of where it is, as long as it has an Internet connection. It is just amazing. 

As far as Swagelok goes, McAfee yielded a lot of false positives. The management was so cumbersome that there were only a handful of people able to resolve problems with endpoints or false detections. If you weren't connected to the inside core network, you couldn't reach the server in order to mitigate the problem. Because of the cloud-native aspect to CrowdStrike Falcon, I can pull up the console in my car on a mobile phone and mitigate an issue for someone whenever and wherever I need to do it, regardless of how I am connected, what device I am on, etc. So, the response time has drastically decreased (by five to 10 times) for remediating a critical vulnerability, a piece of malware, or undoing a false positive. This has been noticed across the company at large.

In all four instances where I deployed the single sensor in organizations of various sizes, it was very simple. Swagelok was probably the easiest deployment, since it is an organization large enough to have a deployment tool, like Microsoft SCCM. Once the package was built to deploy to endpoints, we push the "Go" button. Then, it was a matter of hours and our entire environment was protected. The deployment took less than a week.

Three people were involved in deploying the solution:

1. Being the experienced administrator, I pretty much did all the configuration: creating the correct groups, prevention policies, etc. 
2. We have an administrator of the deployment tool. I worked very closely with the package of the sensors and he executed the deployment.
3. We have another gentleman who oversees our lab environment and was very invested initially in trialing the product against all our existing applications to ensure there weren't any incompatibilities in the early deployment.

We have absolutely seen ROI, e.g., the reduction in man-hours for resolving incidents. The speed of the platform has drastically reduced time consumed, affording more time for an operator to act when resolving problems.

It is an expensive product, but I think it is well worth the investment.

The CrowdStrike Falcon Pro solution alleviates the need to quote out the product. You initiate the use of the free trial, then opting the purchase. You can manage it all on your own without engaging a sales representative. I definitely have done this in a small business environment. 

In all other instances, it was more of a formal business relationship. There was a sales representative involved who queued up the trial environment. If you initiate a trial yourself, you are basically given 14 days to trial it. Whereas, engaging a sales representative allows them to moderate the length of time that you can do the trial. Because we are a larger enterprise with a lot of politics around completing purchases and legal reviews, we have a sourcing department who vets out vendors. The process is very long and cumbersome. We had initiated a trial, in this instance, which ran for several months before we acquired it.

The fact that I have access to the products free for several weeks or months was not really a factor. What was more impressive in the trial was the way CrowdStrike approached it. When you initiate a trial, they give you a CloudFlare instance of a victim machine and an adversary machine. They then allow you the capability to deploy the sensor or pull it back from the victim machine. You can unload whatever you care to against the victim machine for testing to see how well the product works on your own. Unlike many other products in a similar space, when you evaluate the product, it gives you the feeling that you are completely in control. Also, there is a sales engineer who moderates the demonstration of the product.

The first time that I deployed CrowdStrike Falcon, I evaluated probably a dozen other products. I was very close to signing a deal with Carbon Black, simply because I hadn't yet heard of CrowdStrike Falcon. Since deploying it the first time, I would never really consider anything else. I do look at other platforms from time to time to see how they have evolved and changed, but it would be very difficult to convince me to use something else. The winning factor for CrowdStrike Falcon is just the inherent capability of the platform. In my observation, there really isn't another company who can do as much as they can.

Take advantage of the opportunity by CrowdStrike to network with other customers in a similar company size and industry to see how well the product could benefit you as a potential customer before committing.

We have a very minimalistic cloud infrastructure footprint or container footprint at this point in time. That is likely to take off in full swing in the next year or so. We have many legacy applications running on legacy operating systems, which I am working very aggressively to get out of our environment. When that starts to take flight, we will definitely have more of a need for a cloud container as well as cloud infrastructure visibility and protection, which we do not have a lot of at this point in time.

I would rate this solution as 10 out of 10.

It blocks all the stuff bad actors are trying to do to our users.

All our end user systems and servers are on-prem and cloud workstations desktops everywhere.

We are using the latest version minus one release (N-1).

It provided us visibility into our endpoints that we did not have before. The telemetry and data that it collects allows us to respond to possible incidents much faster, containing the host as well as jump on the host for remediation.

CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and kept our systems up.

CrowdStrike endpoint detection and response (EDR) is excellent. It blocks the bad stuff without user interaction, allowing us to stay in business. For example, one of our service providers has been down for five days now with ransomware. Also, four of our partners have been down over the past two months with cyberattacks, and we can't do business with our partners.

CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it.

I have been using it for a little over three years.

The stability is very stable. There have been no issues.

We have automated all our CrowdStrike Falcon updates.

It is very scalable. There have been no issues at all.

CrowdStrike's technical support is excellent:

• Quick to respond
• Quick to help
• Very responsive
• They have always been able to solve the issue.

I was a McAfee customer for 20 years before switching. It was like night and day, where McAfee is old technology, and CrowdStrike Falcon is new technology. On a scale of one to 10, McAfee is at one and CrowdStrike Falcon is at 10. There is a really big difference.

We came from an on-premises solution. With more people working remotely, that became an issue. The fact that this is a cloud-native solution provides us with flexibility and always-on protection.

It was very easy to deploy the solution’s single sensor. We used our deployment tools to push it out. Because it is a single agent, it is very lightweight, easy to install, and updates itself. We came from a competitor who had multiple agents, upgrades, and DAT files, where you could have very few of these with 100 percent working. However, since there were six different modules, they all had to be kept updated, which was a nightmare. 

This solution was a simple, easy push. Once it is on there, it updates automatically and we don't have any issues.

For deployment, we use a tool called Quest KACE. We also use SCCM.

We did about 10,000 hosts in around two months. We have had growth through acquisition. Now, we have 12,000 hosts.

We did it ourselves.

For the deployment, there was one FTE (a Level 2 PC technician) for eight weeks. For maintenance, it is pretty much set and forget it. There is very minimal maintenance and zero dedicated staff.

We bought a very small number of licenses, then ran it for a year. We bought a 100 licenses for a year, so we didn't actually do a proof of concept. We just bought them. Then, the next year, we bought 10,000 licenses.

We received a quote three years ago, and it was almost seven figures. CrowdStrike got money from investors to displace competitors, like Symantec and McAfee. Then, our quote was very low, which is why we were able to do this. The first year, the quote was almost a million dollars. The second year, it was a little over $100,000.

We also evaluated Cylance and Carbon Black. We went with CrowdStrike Falcon because of the single agent and price. The other solutions required multiple agents, and I did not like that at all.

Compared to the other solutions that we evaluated, CrowdStrike Falcon has a similar ease of use.

We are a very happy CrowdStrike Falcon customer. I highly recommended it. It works.

I would rate this solution as 10 out of 10.