CrowdStrike Falcon Reviews

It is used for stopping data breaches. 

It is totally on the cloud. It cannot be deployed on-prem. They don't have any on-prem options.

It is very useful for endpoint protection and stopping data breaches. That's its real strength.

I like the Overwatch feature the most. 

Its performance is brilliant. It is a good, lightweight agent. I've seen it do really good things on the endpoints, and there is no problem with its performance.

On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant.

I have been using this solution for four years.

It is stable.

It is the most scalable solution among all solutions that I've seen so far. Because it's cloud-based, it's really quick to roll out to 1,000, 10,000, or 100,000 endpoints. You can scale it depending on how many endpoints you've got. It is a good solution.

We have about 10 customers who use this solution.

My experience has been good so far.

Its installation is quick and easy. I wouldn't change anything there. The duration depends on the number of endpoints to which you want to push it, but it is fast. I've seen them roll thousands in a matter of hours.

The number of people required for its deployment and maintenance depends on the package you take, but generally, it has a much lower requirement than any other endpoint protection solution.

My advice is to go with a partner that has got experience. I would also advise seriously considering the Overwatch feature. 

I would rate it a nine out of 10.

CrowdStrike Falcon is leading the market in EDR. They are the first that to have this kind of solution against malware. They have an advantage in respect to the rest of the competitors. They offer a certain amount to protect in case of malware or cyber-attacks. They have a policy or insurance connected to the service. That's the reason why we choose CrowdStrike over other solutions.

The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment.

I am very happy with CrowdStrike Falcon because it does not use a lot of resources in the endpoint, it's a lightweight solution. It provides good protection and it is very effective. Additionally, it is easy to integrate, has great features, good capabilities, and the users have a positive experience.

I have been using CrowdStrike Falcon for approximately one year.

CrowdStrike Falcon is stable.

I have found CrowdStrike Falcon to be scalable.

I have not needed to use technical support.

The cost of CrowdStrike Falcon could be reduced. It is quite expensive if you compare it to other solutions, such as Blue Coat, Symantec, McAfee, or Kaspersky.

My advice to those wanting to use CrowdStrike Falcon is to try it out to see if it works well in their environment. I consider CrowdStrike Falcon is a very accurate solution. They are confident about the capabilities of their solutions because they offer money or payback if there is a high-impact cyber incident or cyberattack while using the solution.

They need to have special consideration about the different plans and budgets that they need to get the solution that they want.

I rate CrowdStrike Falcon a ten out of ten.

CrowdStrike Falcon is working on our production servers.

CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM.

In the future release of CrowdStrike Falcon, they should add a sandbox feature.

I have used CrowdStrike Falcon within the past 12 months.

The solution is stable.

CrowdStrike Falcon is scalable. We have approximately 400 servers using this solution.

We have plans to increase the usage of this solution in one or two years.

We used technical support for the implementation of the solution and it was a good experience. They know the products well and they were able to give us all the answers to the questions that we had.

The setup is really easy. The full deployment took two months.

For the deployment of the solution, we used a three-person team and for the maintenance, we use the whole infrastructure team of four people.

The price of CrowdStrike Falcon could be better. It is very expensive, we pay approximately $900 per month for the licenses. There are not any additional fees.

Before choosing CrowdStrike Falcon we evaluated Sophos and Microsoft solutions.

The product is really good, but there is a lot of additional features that you need to have for it to be a complete solution. Be sure that your budget is enough to acquire the complete solution that you need.

I rate CrowdStrike Falcon a ten out of ten.

We are using it primarily for NGAV, but we also use their EDR product and Falcon OverWatch.

Most of our internal stuff is still on-prem. We do use SaaS for vendor products, but our internal environment is still mostly on-prem.

I think everyone is trying to move away from on-prem solutions. Having the cloud-based management console makes it a lot easier to maintain. It takes a load off our hands as engineers and analysts. It helps with upgrades and patching, I don't have to worry about on-prem servers for maintenance, but also as another thing to defend against, so getting rid of that is definitely beneficial.

As a cloud-native solution, it provides us with flexibility and always-on protection. I don't have to worry about data center failures on my end. I don't have to worry about any issues in our server rooms affecting the protection of the environment as a whole. Having CrowdStrike take that responsibility is a load off our backs.

Falcon has been very successful in preventing breaches. In the beginning, there were a lot of false positives as Falcon learned our environment, but I would definitely give it a positive rating overall for protecting our environment.

The NGAV portion is the most valuable feature. The primary reason that we went with the product was their reputation. In practice, it has been a definite step up from where we were previously.

We are using Falcon Investigate, which is their EDR tool. The EDR has made it infinitely easier to investigate into more detail on end user workstations and servers. Any sort of detection where I can go back into the EDR tool and dig down deeper into the endpoint is great. This was a function that we did not have previously.

There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it.

I have been using it less than a year. We are relatively new customers.

My impressions of the stability are positive. I haven't had any problems since implementation with stability or availability.

Minimal maintenance is required on our side post-deployment, but it still does require maintenance. If I have to build out new groups or a troubleshooting group, e.g., tweaking policies if machines change subnets, then there is still maintenance required.

All post-implementation maintenance and administration is handled by a single security engineer.

We are a relatively small firm, but I have had no problems in my deployment plans. I could easily see this scaling upwards.

In total, we are protecting roughly 1500 endpoints.

They have been very on point and helpful. I have never had to ask them where they are. They are always following up with me trying to keep the tickets live, so that is great. I have been very impressed.

We replaced Symantec Endpoint Protection. On the one hand, we wanted a fully NGAV. Symantec was still using a hybrid model, a mix of signature-based and behavioral-based detections, so moving over into a full NGAV product was important to us. We wanted to stay up to date on the ever changing nature of malware, especially since we have been seeing more malware nowadays that can evade strictly detection-based systems. Also, Symantec support was very hard to track down or talk to. All in all, CrowdStrike has been more responsive to any questions or concerns, which is big when you are dealing with vendor solutions.

Fortunately, we have not experienced any major detections. However, testing-wise, CrowdStrike has been more effective overall.

Deployment was pretty easy. We scripted out a process in GPO, then we were able to deploy it fairly seamlessly.

We managed to deploy it to all our servers within a week or two. That was mostly due to getting clearance from server owners, not due to the CrowdStrike installation. Then, for the workstations, it was a bit longer just because of office locations and when people had their computers on. The CrowdStrike process was very smooth. It was really just the bureaucracy part that took a while.

We had to change management protocols. We put it out to dev servers and workstations in detect-only mode as we deployed CrowdStrike to endpoints that had a preexisting AV system still on them, in order to avoid any time where a system would not be protected by an antivirus system. So, we deployed CrowdStrike, then disabled the previous antivirus system and activated CrowdStrike's prevention policies, then uninstalled the previous antivirus system.

Four or five people were involved in the deployment: a security engineer, two workstation engineers, and various server owners.

It is protecting our environment, so it is worth the cost.

It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably.

The pricing was very fair for what we got.

Different components are additional price points. We got the components that were right for us, but other organizations may require more (or less) components to suit their needs.

CrowdStrike is an industry leader. When we were looking for a replacement technology for NGAV, their name was on the top of a Google search.

We did a PoC with CrowdStrike. We deployed the PoC only to a select group of test machines, so we were able to deploy rather quickly. The PoC helped immensely in the decision-making process.

We did evaluate Cylance and Carbon Black. All the products that we investigated looked good. In the end, we went with CrowdStrike because of: 

1. The reputation of the organization in the AV community.
2. Its out-of-the-box readiness. 
3. Ease of maintenance and administration.

Take the time you need in the beginning to fully build out all the groups and prevention policies that you will need. It may take a bit longer during the initial setup, but it is worth it in the long run because it makes maintenance down the line much easier than having to build new groups or prevention policies as they come up. Definitely take the time needed in the beginning. Then, later down the road all you have to do is check some boxes, as opposed to building out brand new groups and prevention policies, which can take awhile.

In the beginning, there will be a bunch of false positives as it learns your environment. However, those are very easily handled within the UI, creating IOA or machine learning exceptions. With our previous solution, we had a couple hundred exceptions, and with CrowdStrike, we have six or so.

CrowdStrike has fulfilled its function very well. We got it specifically to serve the purpose that it is serving.

It is a solid nine out of 10.

The initial use case was for CrowdStrike to be a replacement for McAfee. We wanted to come up with something that was a lot more adaptive to emerging world threats and not just strictly signature-based. We wanted something focused a lot more on heuristic analysis and pattern analysis first, e.g., isn't just sheer signature. Additional use cases are workstation servers and as much as we can do in our OT environment.

It has allowed our security team to have more time and resources built into things that are used to run the business versus needing to babysit our antivirus platform, or any malware platform. With what we have been paying for, it allows us to be a lot more involved with how the business is being run from a security, risk, and compliance standpoint.

We have signed up for Falcon Complete, which is their completely managed service. This has done nothing but paid dividends since we have rolled it out. Slightly before I started, there was a ransomware issue. CrowdStrike did exactly what it was supposed to when we joined networks with the company that we were acquiring. So, that was helpful to us.

To the best of our knowledge, it has stopped everything that we have seen. It has allowed us to focus our efforts on other things relevant to how the overall business functions.

It helps us in the M&A environment because it is a very simple, easy tool to deploy, being pretty much all cloud-based. While we're not building our security practice around it, it is a tool that we want to make sure does integrate well, if at all possible, with any new tool that we purchase moving forward.

It is especially important to us that CrowdStrike Falcon is a cloud-native solution. We have a directive for cloud-first architecture at this point. Anything that is cloud-native, or has a cloud offering, will always get first billing over something that is on-prem. We are a small security team. Having the ability to have a service or application that is not wholly managed by us, but rather governed and used by us, is the ideal solution.

The flexibility comes from allowing us to do a mass push, if we need to. We would find always-on protection with pretty much any solution. However, the fact that it is in the cloud, that just makes it that much better.

I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool. 

U.S. Venture has been using it since the first quarter of 2019. I, however, did not start with the organization until the Summer of 2020.

It has been very stable. There have been no real issues that we have had in the deployment or use of the CrowdStrike system in general. There has been zero downtime.

For our workstations, we don't worry about the updates. However, we have a tighter grip on updates for our server environment only because there was an issue at a point with one update. Since then, we would like to keep our deployments at an N-1. So, there is more of a check built-in just to make sure that the latest and greatest doesn't actually break anything unintentionally.

The CrowdStrike sensor is always kept at N-1 for our production servers. Our test servers are always up to date.

From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool.

We have all our desktop engineering group and server team as admins in the system, but they only use it for specific troubleshooting in their job roles. So, if the server team needs to do something, then they can just log in and do it as well as the desktop engineering group. They can just go in and do stuff, if it is something related to computers or servers. As far as for the overall management of the system, that is left to the security team.

It is currently being used to the extent that we need it. After CrowdStrike had their user conference last Fall, they introduced a lot of new tools, specifically one around forensic that we would like to get our hands on. However, there are no real plans for doing any major increases of its toolset. I do know that there is a project that will be going on for using its mobile application on some Android tablets, but it is still very much in its infancy. So, we are not quite sure how that will roll out yet.

I have never used their standard technical support. I do everything through their unofficial Reddit support forum. Also, if there are any other major technical issues, then I work directly with our TAM. So, I have never just reached out and created a general support case. Therefore, I cannot speak to how well they respond. However, their unofficial Reddit support has been fantastic with helping me work through troubleshooting issues and a couple of queries, where I was having issues trying to get the syntax correct. They have been nothing but helpful.

I believe they have their actual support engineers on Reddit, but there is no SLA nor anything guaranteed on that Reddit page. They claim that right there in the subreddit rule. However, I have had nothing but good luck working through them. It could take a few hours to one or two days to get a response, but it has always been for things that aren't pressing. For things that are pressing, then it is a direct call or email to our technical account manager who is very responsive.

They have a great online forum for customer use cases. That has been a great crowd sourcing thing. It is unofficial. I just stumbled across it, but the subreddit for their support has been spectacular for many reasons.

Previous to CrowdStrike, our organization was using McAfee VSE with McAfee ePolicy Orchestrator (ePO). Switching from McAfee to CrowdStrike, we saw a reduction in resources being used on both the workstations and servers. We saw an increase in detections, be that good or bad. We would like to think it was a good thing, because now it is finding a lot more stuff that wasn't strictly signature-based. So, it provided almost a very lightweight SIEM-type of response. It was providing information about installed applications, account lockouts, and top console users. It was a very nice bonus to have that information in addition to just the general overall anti-malware that CrowdStrike is known for.

CrowdStrike is so much easier to use. The UI is far more intuitive. The breakout of how the policies as well as the organizational structure within the UI for how the computers are laid out is far more intuitive. It feels a lot more based around how AD kind of functions. Because I am already familiar with Active Directory, the move to using that in CrowdStrike is very seamless, at least in my mind.

The agent is far more lightweight than our previous antivirus solution. It is a lot less resource intensive. We don't have any more on-prem servers to manage for running the application, which is another benefit to being in the cloud. There are just a couple of holes punched in the firewall for communication in and out.

A lot of the switch was focused around the fact that CrowdStrike was solely a cloud-native solution as well as heuristics versus signature.

It is very simple to deploy the solution’s sensor to our endpoints. Right now, it is part of our standard build process through a SCCM. So, it gets a version, then it is obviously outdated because our desktop engineering group can only update the image so quickly. Once it is checked into the cloud, it updates, decides to download, and gets the new seamless version. It has been wonderful to have and very helpful to us.

The initial setup was done in less than two months.

The implementation strategy was done how any other mass deployment is done. You take a small set of computers, put it on one, remove the old solution, and then run that group by itself, figuring out if there are any new or existing exemptions that needed to be in play. Once it is stable, it is rolled out to a larger group, the process is repeated, and then it is moved onto the servers.

Overall, four people worked on the deployment: It would have been my predecessor, my other coworker, and two server guys to do the server environments.

Our ROI has been high compared to what we had with McAfee. We spend about two hours a month for its care and feeding, which is really low maintenance. We previously spent two to three times that amount of time managing our McAfee environment.

Pricing and licensing seem to be in line with what they offer. We are a smaller organization, so pricing is important. Obviously, we would make a business case if it is something we really needed or felt that we needed. So, the pricing is in line with what we are getting from a product standpoint.

Since moving to CrowdStrike, we have not looked at other endpoint management solutions. In fact, when we look at a new tool, we want to make sure it will play well with CrowdStrike, be it a new SIEM or anything cloud-based. 

Make sure you know what the policies do. There are a lot of good and bad things that you can do with too strict or too loose of a policy governing workstations or servers.

We have evaluated the CrowdStrike Horizon module. We are not there yet. Our environment has not changed drastically since our last review of it. So, we have not felt the need to revisit it since then.

It is important to not solely rely on one product, especially one that has a good or bad name, such as McAfee. Because there was a lot of, "Oh no, we got an antivirus. We're fine." It helps to make sure you always have an in-depth defense strategy.

I would rate it a solid nine out of 10. 

We use it for our endpoint detection and response on our devices for both endpoints and servers. It has replaced our traditional antivirus. We are strictly using it now to do all our antivirus duties.

We are primarily a Windows environment, 95 percent Windows. Then, we have a little bit of Linux and Macs in there as well.

They have been able to help us. We have used other functions, such as Discover, to identify software that is running in our environment. This is not necessarily bad software, but it gives us an idea of what is out there to start building a standard configuration, which helps us build policies for what we do want in our environment and what we don't. That has been very valuable as well. It is kind of an offset of what they actually do; their main bread and butter, if you will. They have been very helpful with other tasks, such as that and in finding themes. 

We are pretty confident in CrowdStrike. Knock on wood, we haven't had any breaches that we know about. When you do see a large breach in the news, it seems like CrowdStrike is always mentioned. They are either helping investigate or leading the incident response (IR) process for them. While I can't really say it has specifically stopped a data breach for us, we are confident that if something happened then CrowdStrike would catch it.

We primarily use the Falcon feature. It is very dependable for us. We have done multiple tests against it and thrown everything we could at it. It does seem to pick up quite a bit, if not everything, that we have tested with it. So, we rely heavily on it. Right out-of-the-box, the main Falcon component is the biggest feature that we utilize and rely on.

We are a heavy laptop environment. So, it was nice to know that our users would be protected and we would know what was going on, on the endpoint, regardless of how they were connected. That has been very valuable. This is one of the reasons why we chose to go with this solution.

The fact that this is a cloud-native solution means that we don’t need to worry about updates. They take care of all the back-end and architecture. The only updates that we need to worry about are the sensors themselves. If you set them to auto update, like we do, then you don't even have to worry about that. It definitely frees us up to do more important things. If it wasn't for them doing this, we would need at least a part-time FTE, if not a full-time, to operate and manage CrowdStrike keeping it up-to-date as well as the hygiene. We had half of an FTE assigned to our antivirus prior to CrowdStrike. Now, that is just included in our dailies. It lessens that burden so much that we don't even need a slotted requirement for that. Overall, this solution saves us at least a good 10 hours a week that we would have been using before.

Their threat dashboards are very helpful. For instance, with this zero-day that just came out from Microsoft, they already have a dashboard where you can see the assets in your environment affected or at risk. That is just an added value. 

It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful.

We have been using it for four years.

Stability has been really good. We have not seen the issues that we had with traditional AV. Having it connected to the cloud has really helped with stability, being able to see what a computer is doing at all times, and being able to see the last check-in times, this has kind of helped with the sensors.

It is primarily just me for tweaking or management of the solution. I have backups, if needed, but it is such a light lift that I may spend an hour or two a week in the console. It really is a great product that takes care of itself. Not a lot of tweaking has been needed so far, knock on wood. We haven't really had to make any exclusions like we used to with traditional AV. Everything is running with CrowdStrike's full protection, which is a huge bonus for us, since traditionally you are pretty blind. 

The solution is very scalable and easy to deploy as well as sync up agents with it.

The end users are the security team, which consists of about four of us. Then, we have a couple of leads from other technical teams. So, there are probably eight users who have access to CrowdStrike. Primarily, there are just three of us who are in there constantly.

The technical support has been pretty good. They are usually very responsive. We haven't had to escalate anything. When we have needed a more technical, deep dive, we have been able to get a dedicated engineer for our account to assist us. So, there has never been a time where we feel like we can't get the help that we need.

We were previously using McAfee.

CrowdStrike seems to detect quite a bit more than McAfee did. We like how it is kind of real-time, if you will. It is not so much signature-based. So, it has been able to stop things quicker than McAfee did. We have seen a huge increase in performance on our systems. Oftentimes, the daily scans would need to be run with signature-based AV or scans with servers, then that would cause great performance hits. It kind of limited us as well to where we could only scan certain windows. Now that we have CrowdStrike, we are kind of always-on and not limited to having to do those scans. So, that has been a big performance increase for us.

It is a lot easier to use CrowdStrike than McAfee, especially having the team at CrowdStrike handle the maintenance day-to-day, etc. With on-prem, you are responsible for everything. Whereas, with CrowdStrike, we can just worry about our IR response, basic deployment, and health checks. So, it is very convenient having them handle it in the cloud.

CrowdStrike was cutting edge technology at the time. EDR was still kind of new then versus the traditional AV. Not only because of licensing costs, but also because of performance, we felt that we needed something new.

It is easy to deploy the solution’s sensor to our endpoints. We have that as part of our build process. When new things are built, we have those as part of the build. If for some reason, something gets corrupted, then it is fairly simple to redeploy and we utilize SCCM for that. However, it is pretty run of the mill, i.e., easy. With the updates being taken care of by CrowdStrike, once it is deployed, then you are pretty much good to go.

Our initial deployment took about a week. That was only due to working out how to adjust CrowdStrike in our environment: weed out false positives, mimic anything that we needed to from our traditional AV over to CrowdStrike, and test previous exclusions that we had for our traditional AV, if we needed those anymore in CyberArk. It was very easy to deploy with SCCM, then it was more just tweaking. 

We did a test in our test environment and saw no negative impacts. Although not advised by CrowdStrike, we were able to run our traditional AV while we were deploying CrowdStrike. Once we knew CrowdStrike was on the machine working, then we were able to send out scripts to remove the old, traditional AV. Our strategy: We knew that it would not, at least in our environment, hurt us to have both on temporarily. So, our deployment strategy was very simple, knowing that we had an AV in place to back us up if something didn't go right with the CrowdStrike install.

I did the deployment. If there were exclusions or something that we needed to address, then I worked with the individual teams.

The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment.

We did the free trial to kick the tires. Part of that head trial was having us load stuff and trying to get by it, and we weren't. That trial really helped sell us that it was a good product.

Getting the free trial was very easy. It has been years now, but it was as simple as just going to the website and requesting a free trial, then it was stood up maybe even that same day. It is hard to remember now, but it was very quick.

The pricing and licensing are fairly good. It is definitely not a cheap product, but I have felt that it is worth the money that we spent. So, we have discussed it in the past, and were like, "Yes, it is probably pricier than some other solutions, but we also feel they really are the leader. We are very comfortable with their level of expertise. So, it's kind of worth the price that we pay."

We do add their OverWatch protection, which is an extra bit of an add-on, but that gives us 24/7 SOC-type watching. So, we have added that on, which has been valuable as well. Outside of that, there have been no more additional costs.

We were looking for an EDR solution. At the time, CrowdStrike was the leader. We were very big into Gartner reviews, and we went off of Gartner. We just wanted the best that was out there.

Do it. It is a great product. I seriously think it is worth considering. We have been completely happy with the solution that we have been running on for years now and have never regretted our decision. I highly recommend it.

We plan on possibly looking into the added features that they offer to see if there is something there that can increase our incident response or add value to our business.

It is our primary EDR, so we are using it 100 percent for that and plan on using it for other avenues. We found Discover can help us with the inventory for applications. So, I am looking for other business opportunities there to help us, which will be our goal in the future.

It has given us some insight into how threat actors work. The biggest thing for us has been threat actor education. They give you intel which helps you identify what attackers you would more likely be targeted by. A lot of this comes with our OverWatch protection. Their threat intel has probably been the biggest thing for us.

Overall, I hate to give a perfect score, but it is probably a 10 out of 10. It is a really great product. 

We use CrowdStrike Falcon as our EDR solution, including antivirus.

As Symantec ended its endpoint protection, we were able to roll out CrowdStrike.

It is important to us that CrowdStrike is cloud-based because the way I understand it, that's their main engine for their next-gen EDR solution. The fact that it's cloud-native, flexible, and offers always-on protection is important because we want to have 24-hour monitoring of our environment. It is important to us that we don't have to worry about upgrades.

This product has worked flawlessly to prevent breaches, and then it has allowed us to prevent any downtime.

It has minimized our footprint because having the ability to implement the prevention policies has allowed us to focus on other projects. The prevention policies are working for us.

The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint.

We would like to be able to perform on-demand scanning, rather than relying on the scheduler. Right now, CrowdStrike does not have an on-demand scanner. They have the always-on, but we have found instances where artifacts are being blocked from running, but they're not being removed. With an on-demand scanner, we would have the ability to remove those artifacts from an end user's machine.

I would like to see the multi-site environment functionality added in the next release. Currently, we are working under a single-site environment, and on the roadmap, they mentioned having the ability to have a multi-site environment.

We have been using CrowdStrike Falcon for approximately eight months.

Stability-wise, they are very advanced in the next-gen antivirus game. CrowdStrike Falcon is always available.

We have approximately 5,000 machines that are being managed. As time moves on, this number will grow, but we don't expect it to get larger in the near future.

I would rate the technical support that we received during the deployment, as well as post-deployment, very well. They were very knowledgeable and gave us all of the tools we needed to have a successful deployment.

Prior to Falcon, we were using Symantec antivirus. It was out of date, which is why we replaced it.

It is very easy to deploy the solution's sensor to our endpoints. We use an automated process. 

Our deployment took between two and three months, with paperwork, communication, and roll-out timeframes. Our implementation strategy included using IBM's BigFix application to push to Windows machines, and then we used a solution for the Mac to push it out remotely as well.

Our IT Services team deployed this solution, and they leveraged consultants from CrowdStirke to get the proper packages for the process.

I'm sure that there is administration and upgrades to do, as sensors need to be updated or policies need to be adjusted. We have a group of approximately five people who are security engineers, IT Services, and directors who use it.

With respect to pricing, my suggestion to others is to evaluate the environment and purchase what you need.

We looked at different options, such as Carbon Black, as we were replacing Symantec as our EDR solution, and CrowdStrike was the top winner. CrowdStrike is always on, 24 hours. Analysis, with the prevention and the detection policies, as well as the USB policies, are all very beneficial. The one thing that CrowdStrike did not have is the on-demand scanner.

My advice for anybody who is interested in implementing CrowdStrike Falcon is to review and evaluate your environment and compare their EDR solutions.

I would rate this solution a ten out of ten.

Our primary use for CrowdStrike is as an EDR system. We are protecting more then 9.000 devices.

I like the detection rates of mobile threats.

The policies allow us to define the level of protection.

The dashboards are good, as well as user management.

The management reporting functionality needs to be improved.

We would like to see more features for vulnerability management included.

We have been using CrowdStrike Falcon since one year.

This is a stable product.

We haven't had any problems with scalability and it expands with the company's needs.

We have 20,000 users and about 20 of them are administrators.

We have been in touch with technical support for a few issues. They are quite good and the response is fast.

We were using Cylance prior to CrowdStrike, and these two products overlapped for a time. We also use an on-premises solution called F-Secure.

CrowdStrike has a much lower rate of false positives than Cylance and the dashboard makes it easier to use.

The initial setup is very simple. It took two months to deploy for 20,000 clients.

Our in-house team handled the implementation and deployment. No maintenance is required.

The pricing is good and there are no costs in addition to the standard licensing fees. It is similar to that of Cylance and our on-premises solution.

This is a product that I absolutely recommend.

I would rate this solution a nine out of ten.