CrowdStrike Falcon Reviews

I mainly use CrowdStrike Falcon to prevent threats and detect indicators of attacks or compromises in the network.

In the past, we regularly got alerts about suspicious activities in the network but couldn't understand where they were coming from. Since we deployed CrowdStrike, the network has become much calmer, and we now understand the sources of infections, which helps us prevent them from spreading. We now get immediate information about infections and can react much faster.

An improvement would be to extend support to legacy and unsupported servers. In the next release, CrowdStrike should include patch and vulnerability management, which would allow us to rely on just one solution.

I've been using CrowdStrike Falcon for over a year.

Falcon is pretty stable - we haven't seen any kinds of performance issues like lagging, which we did experience with other endpoint protection solutions.

CrowdStrike's technical support is very fast and responsive.

Previously, I used Microsoft Bitdefender, but CrowdStrike was faster and better protection-wise.

The initial setup was straightforward - it was very quick (about two and a half hours) without any downtime or issues. We also extended the installation to the remote side, which took another hour. I would rate the setup process four out of five.

We used an in-house team.

In the past, we have around four to five engineers managing our endpoint - we have now reduced this to two engineers, which has cut costs. We've also been able to cut the time needed to find the threats and their root causes from up to six hours a day to just half an hour. I would rate our ROI as five out of five.

We pay between $30-50 per user for a yearly license, which is more expensive than SentinelOne or Bitdefender. However, CrowdStrike gives better value for money, so I would rate their pricing four out of five. If you want to add modules or features, these are an additional cost per user.

We evaluated SentinelOne, but it was too heavy on the machine and slowed it down. We also did a threat simulation analysis with both SentinelOne and CrowdStrike, and SentinelOne wasn't able to detect or block the threats.

CrowdStrike Falcon is the best endpoint protection solution I've used so far. I would advise anybody thinking of implementing it to go for it, as CrowdStrike will provide more visibility, depth, and context to threats and allow you to understand what's going on. I would give Falcon a rating of ten out of ten.

We use this solution for next generation antivirus and EDR.

Developers previously complained their resources required regular scanning on their system. This made their system and response time slow. This has since been improved using this solution. 

The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed.

Based on the documentation CrowdStrike provide, the solution provides a number one detection ratio which we like. 

We have used this solution for one year. 

This is a stable solution as it is cloud based. We have 3000 users making use of it. 

The support team responses are often a little bit slow. I would rate them a three out of five. 

We previously used Cisco AMP.

The initial setup is straightforward. I would rate it a five out of five. The deployment was a replacement project and it took three months.

We used a third party for installation. 

We don't need to maintain onsite servers and deep end user updates with the new vulnerabilities. Considering the required server hardware and maintenance workload, the ROI will be achieved in a year or one and a half years.

This solution is relatively expensive. 

I would advise others to first evaluate AV or EDR and then investigate the current endpoint protection solution that are already using in their organization. They should then check what kind of tools can be placed with CrowdStrike. 

I would rate this solution a nine out of ten. 

I use CrowdStrike Falcon for endpoint security and compliance auditing.

We use CrowdStrike Falcon for discovery when anything goes wrong because it gives us a full history of what's happening. It acts as a preventative model for inappropriate activity. Additionally, we use it for compliance reasons.

The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence.

The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool.

In a future release, the mobile space can use improvement. However, some of those constrained are by Apple and other platforms as to what they can do on the platform. Some of the limitations are industry-based.

I have been using CrowdStrike Falcon for approximately one year.

The stability of CrowdStrike Falcon is great, I have never had the slightest problems.

CrowdStrike Falcon is highly scalable.

CrowdStrike Falcon is implemented company-wide on every device.

I have approximately one hundred protected endpoints, but the number of users that log on to the tools is approximately four.

CrowdStrike Falcon needs to better its SE sales engineer team. The people didn't fully understand all the different parts of their solution. It's the endpoint protection and it is the essence of what we're trying to receive, they should know their solution very well.

I rate the support from CrowdStrike Falcon a three out of five.

I previously used an anti-virus solution, but it didn't do all the things I needed regarding endpoint protection. That's why I added the CrowdStrike Falcon piece to the puzzle. I still have the anti-virus running. I don't need it technically, but I still have it running.

The initial setup of CrowdStrike Falcon is in the medium range of difficulty. You will need a coach and be guided through it.

The time it took to do the full implementation from the beginning to end, from when the contract was turned on, and by the time I turned it on and had everything up was fairly fast because we piloted CrowdStrike Falcon at first. When I bought the solution, it was almost fully implemented. The full process took approximately two months.

I rate the ease of deployment for CrowdStrike Falcon a two out of five.

We had some coaching help from the vendor to do the implementation of the solution. We have three people that can manage this solution.

This is not a tool you buy because it gives a return on investment. It's a tool you buy because the cost of not having it is far greater than the cost of having it if you have a problem.

There are approximately a hundred different modules you have to purchase, depending on what you want to do. I have most of the modules. How it works is you buy the portfolio, you have to decide all the components you want in it, and then they price out a bundle for you. I have almost all of the package features in my bundle. You only need to pay for the modules you want.

The cost of CrowdStrike Falcon annually is approximately $10,000.

I rate the price of CrowdStrike Falcon a three out of five.

I studied the entire industry before choosing CrowdStrike Falcon. I evaluated many other solutions, such as Manage Engine, Malwarebytes, Checkpoint, McAfee, and Microsoft.

We choose CrowdStrike Falcon because it was fit for the purpose of our business. I needed a cloud solution and I needed it to be a SAS offering that was easy to use. It boiled down to features and fit for purpose, not features and functionality.

CrowdStrike Falcon platform was more robust. It was a true multi-tenant architecture, not a hosted instance. The crowdsourcing nature of CrowdStrike Falcon is a large benefit, all of the threat data is real-time and applied to you real-time from all around the world.

My advice to others is to take a serious look at CrowdStrike Falcon. It's a good solution.

I rate CrowdStrike Falcon an eight out of ten.

The most valuable feature of CrowdStrike Falcon is its accuracy.

CrowdStrike Falcon could improve the logs by making them free to the API.

I have used CrowdStrike Falcon for two years.

The solution is stable.

CrowdStrike Falcon is a scalable solution.

We have approximately 800 people using this solution in my organization.

CrowdStrike Falcon technical support has been fine in my experience.

I have used other solutions before CrowdStrike Falcon, such as Symantec.

Symantec does not have any advantage over CrowdStrike.

The initial setup of CrowdStrike Falcon is easy.

The price of CrowdStrike Falcon is reasonable.

I rate CrowdStrike Falcon a nine out of ten.

We are using it primarily for NGAV, but we also use their EDR product and Falcon OverWatch.

Most of our internal stuff is still on-prem. We do use SaaS for vendor products, but our internal environment is still mostly on-prem.

I think everyone is trying to move away from on-prem solutions. Having the cloud-based management console makes it a lot easier to maintain. It takes a load off our hands as engineers and analysts. It helps with upgrades and patching, I don't have to worry about on-prem servers for maintenance, but also as another thing to defend against, so getting rid of that is definitely beneficial.

As a cloud-native solution, it provides us with flexibility and always-on protection. I don't have to worry about data center failures on my end. I don't have to worry about any issues in our server rooms affecting the protection of the environment as a whole. Having CrowdStrike take that responsibility is a load off our backs.

Falcon has been very successful in preventing breaches. In the beginning, there were a lot of false positives as Falcon learned our environment, but I would definitely give it a positive rating overall for protecting our environment.

The NGAV portion is the most valuable feature. The primary reason that we went with the product was their reputation. In practice, it has been a definite step up from where we were previously.

We are using Falcon Investigate, which is their EDR tool. The EDR has made it infinitely easier to investigate into more detail on end user workstations and servers. Any sort of detection where I can go back into the EDR tool and dig down deeper into the endpoint is great. This was a function that we did not have previously.

There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it.

I have been using it less than a year. We are relatively new customers.

My impressions of the stability are positive. I haven't had any problems since implementation with stability or availability.

Minimal maintenance is required on our side post-deployment, but it still does require maintenance. If I have to build out new groups or a troubleshooting group, e.g., tweaking policies if machines change subnets, then there is still maintenance required.

All post-implementation maintenance and administration is handled by a single security engineer.

We are a relatively small firm, but I have had no problems in my deployment plans. I could easily see this scaling upwards.

In total, we are protecting roughly 1500 endpoints.

They have been very on point and helpful. I have never had to ask them where they are. They are always following up with me trying to keep the tickets live, so that is great. I have been very impressed.

We replaced Symantec Endpoint Protection. On the one hand, we wanted a fully NGAV. Symantec was still using a hybrid model, a mix of signature-based and behavioral-based detections, so moving over into a full NGAV product was important to us. We wanted to stay up to date on the ever changing nature of malware, especially since we have been seeing more malware nowadays that can evade strictly detection-based systems. Also, Symantec support was very hard to track down or talk to. All in all, CrowdStrike has been more responsive to any questions or concerns, which is big when you are dealing with vendor solutions.

Fortunately, we have not experienced any major detections. However, testing-wise, CrowdStrike has been more effective overall.

Deployment was pretty easy. We scripted out a process in GPO, then we were able to deploy it fairly seamlessly.

We managed to deploy it to all our servers within a week or two. That was mostly due to getting clearance from server owners, not due to the CrowdStrike installation. Then, for the workstations, it was a bit longer just because of office locations and when people had their computers on. The CrowdStrike process was very smooth. It was really just the bureaucracy part that took a while.

We had to change management protocols. We put it out to dev servers and workstations in detect-only mode as we deployed CrowdStrike to endpoints that had a preexisting AV system still on them, in order to avoid any time where a system would not be protected by an antivirus system. So, we deployed CrowdStrike, then disabled the previous antivirus system and activated CrowdStrike's prevention policies, then uninstalled the previous antivirus system.

Four or five people were involved in the deployment: a security engineer, two workstation engineers, and various server owners.

It is protecting our environment, so it is worth the cost.

It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably.

The pricing was very fair for what we got.

Different components are additional price points. We got the components that were right for us, but other organizations may require more (or less) components to suit their needs.

CrowdStrike is an industry leader. When we were looking for a replacement technology for NGAV, their name was on the top of a Google search.

We did a PoC with CrowdStrike. We deployed the PoC only to a select group of test machines, so we were able to deploy rather quickly. The PoC helped immensely in the decision-making process.

We did evaluate Cylance and Carbon Black. All the products that we investigated looked good. In the end, we went with CrowdStrike because of: 

1. The reputation of the organization in the AV community.
2. Its out-of-the-box readiness. 
3. Ease of maintenance and administration.

Take the time you need in the beginning to fully build out all the groups and prevention policies that you will need. It may take a bit longer during the initial setup, but it is worth it in the long run because it makes maintenance down the line much easier than having to build new groups or prevention policies as they come up. Definitely take the time needed in the beginning. Then, later down the road all you have to do is check some boxes, as opposed to building out brand new groups and prevention policies, which can take awhile.

In the beginning, there will be a bunch of false positives as it learns your environment. However, those are very easily handled within the UI, creating IOA or machine learning exceptions. With our previous solution, we had a couple hundred exceptions, and with CrowdStrike, we have six or so.

CrowdStrike has fulfilled its function very well. We got it specifically to serve the purpose that it is serving.

It is a solid nine out of 10.

We use CrowdStrike Falcon as our EDR solution, including antivirus.

As Symantec ended its endpoint protection, we were able to roll out CrowdStrike.

It is important to us that CrowdStrike is cloud-based because the way I understand it, that's their main engine for their next-gen EDR solution. The fact that it's cloud-native, flexible, and offers always-on protection is important because we want to have 24-hour monitoring of our environment. It is important to us that we don't have to worry about upgrades.

This product has worked flawlessly to prevent breaches, and then it has allowed us to prevent any downtime.

It has minimized our footprint because having the ability to implement the prevention policies has allowed us to focus on other projects. The prevention policies are working for us.

The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint.

We would like to be able to perform on-demand scanning, rather than relying on the scheduler. Right now, CrowdStrike does not have an on-demand scanner. They have the always-on, but we have found instances where artifacts are being blocked from running, but they're not being removed. With an on-demand scanner, we would have the ability to remove those artifacts from an end user's machine.

I would like to see the multi-site environment functionality added in the next release. Currently, we are working under a single-site environment, and on the roadmap, they mentioned having the ability to have a multi-site environment.

We have been using CrowdStrike Falcon for approximately eight months.

Stability-wise, they are very advanced in the next-gen antivirus game. CrowdStrike Falcon is always available.

We have approximately 5,000 machines that are being managed. As time moves on, this number will grow, but we don't expect it to get larger in the near future.

I would rate the technical support that we received during the deployment, as well as post-deployment, very well. They were very knowledgeable and gave us all of the tools we needed to have a successful deployment.

Prior to Falcon, we were using Symantec antivirus. It was out of date, which is why we replaced it.

It is very easy to deploy the solution's sensor to our endpoints. We use an automated process. 

Our deployment took between two and three months, with paperwork, communication, and roll-out timeframes. Our implementation strategy included using IBM's BigFix application to push to Windows machines, and then we used a solution for the Mac to push it out remotely as well.

Our IT Services team deployed this solution, and they leveraged consultants from CrowdStirke to get the proper packages for the process.

I'm sure that there is administration and upgrades to do, as sensors need to be updated or policies need to be adjusted. We have a group of approximately five people who are security engineers, IT Services, and directors who use it.

With respect to pricing, my suggestion to others is to evaluate the environment and purchase what you need.

We looked at different options, such as Carbon Black, as we were replacing Symantec as our EDR solution, and CrowdStrike was the top winner. CrowdStrike is always on, 24 hours. Analysis, with the prevention and the detection policies, as well as the USB policies, are all very beneficial. The one thing that CrowdStrike did not have is the on-demand scanner.

My advice for anybody who is interested in implementing CrowdStrike Falcon is to review and evaluate your environment and compare their EDR solutions.

I would rate this solution a ten out of ten.

It blocks all the stuff bad actors are trying to do to our users.

All our end user systems and servers are on-prem and cloud workstations desktops everywhere.

We are using the latest version minus one release (N-1).

It provided us visibility into our endpoints that we did not have before. The telemetry and data that it collects allows us to respond to possible incidents much faster, containing the host as well as jump on the host for remediation.

CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and kept our systems up.

CrowdStrike endpoint detection and response (EDR) is excellent. It blocks the bad stuff without user interaction, allowing us to stay in business. For example, one of our service providers has been down for five days now with ransomware. Also, four of our partners have been down over the past two months with cyberattacks, and we can't do business with our partners.

CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it.

I have been using it for a little over three years.

The stability is very stable. There have been no issues.

We have automated all our CrowdStrike Falcon updates.

It is very scalable. There have been no issues at all.

CrowdStrike's technical support is excellent:

• Quick to respond
• Quick to help
• Very responsive
• They have always been able to solve the issue.

I was a McAfee customer for 20 years before switching. It was like night and day, where McAfee is old technology, and CrowdStrike Falcon is new technology. On a scale of one to 10, McAfee is at one and CrowdStrike Falcon is at 10. There is a really big difference.

We came from an on-premises solution. With more people working remotely, that became an issue. The fact that this is a cloud-native solution provides us with flexibility and always-on protection.

It was very easy to deploy the solution’s single sensor. We used our deployment tools to push it out. Because it is a single agent, it is very lightweight, easy to install, and updates itself. We came from a competitor who had multiple agents, upgrades, and DAT files, where you could have very few of these with 100 percent working. However, since there were six different modules, they all had to be kept updated, which was a nightmare. 

This solution was a simple, easy push. Once it is on there, it updates automatically and we don't have any issues.

For deployment, we use a tool called Quest KACE. We also use SCCM.

We did about 10,000 hosts in around two months. We have had growth through acquisition. Now, we have 12,000 hosts.

We did it ourselves.

For the deployment, there was one FTE (a Level 2 PC technician) for eight weeks. For maintenance, it is pretty much set and forget it. There is very minimal maintenance and zero dedicated staff.

We bought a very small number of licenses, then ran it for a year. We bought a 100 licenses for a year, so we didn't actually do a proof of concept. We just bought them. Then, the next year, we bought 10,000 licenses.

We received a quote three years ago, and it was almost seven figures. CrowdStrike got money from investors to displace competitors, like Symantec and McAfee. Then, our quote was very low, which is why we were able to do this. The first year, the quote was almost a million dollars. The second year, it was a little over $100,000.

We also evaluated Cylance and Carbon Black. We went with CrowdStrike Falcon because of the single agent and price. The other solutions required multiple agents, and I did not like that at all.

Compared to the other solutions that we evaluated, CrowdStrike Falcon has a similar ease of use.

We are a very happy CrowdStrike Falcon customer. I highly recommended it. It works.

I would rate this solution as 10 out of 10.

CrowdStrike Falcon is used for incident response.

It is very easy to hunt a threat in the organization. It keeps logs, making it very easy to investigate any kind of incident using CrowdStrike by looking at the processes that are running on a machine. There's more visibility over the endpoint through CrowdStrike.

The ability to remote into other devices for investigation and the way it presents a graphical representation of the detection, like the parent-child process, are valuable features.

The new interface, the UI, seems a bit messy. The previous one was quite clear. It might be because of my adaptation to it. That's what I see as needing improvement.

I have been using CrowdStrike Falcon for more than three years, around three and a half years.

It is quite stable. I would rate it eight or nine out of ten.

I would rate customer service and support a ten. I am very satisfied with the support.

Positive

I have used antiviruses like Symantec before. Compared to all of that, I found CrowdStrike quite striking. Even compared to Defender, I find CrowdStrike more appealing.

On the terms of investigating, I find it's quite easy to investigate an event and have a broader look at the event using CrowdStrike. I would rate the time saved around eight, nine, or even ten out of ten. Compared to Defender, it makes it faster to investigate.

I think the pricing is quite reasonable with the services they provide.

For an incident investigator, it's quite easy to use, and it provides great visibility over the processes.

I'd rate the solution ten out of ten.