CrowdStrike Falcon Reviews

Our primary use case is as an endpoint protection service. 

We get a notification when there are some malicious activities on our PC whenever we have a detection. The other administrator and I can log in to check the exact details of what happened, what was running, and what caused the detection. We know exactly what was happening on the end user's PC and we can tell if it's something that we actually need or something that's malicious.

When something is detected you can log into the GUI and you can get very specific details about what happened. It's very helpful for investigating incidents and this sort of thing.

The GUI can use improvement, it's cloud-based so sometimes the interface can be a bit slow. The interface could use a little bit more speed. 

When I change the policies for some users, I would like to have an option to apply that policy immediately. Right now, I have to wait for the users to connect to the cloud to take the new policy. I would like for them to develop the ability to have an option to apply the post the policy immediately.

It's very stable, we haven't had any issues so far.

We haven't had any issues when it comes to scalability. We have thirty to forty users.

We haven't had to use their technical support. 

The initial setup was very straightforward. You just download the agent and install it; that's it. The deployment took two to three hours. We have two admins. One of us logs in and sees what happened.

I would advise someone considering this solution to just read the documentation. You should start with the documentation, it's very clear and very simple. Anything you need is in the documentation.

I would rate it a nine out of ten. 

We use it for threat management.

We are now able to pick up more alerts than we were with McAfee. A lot of things were being missed by our security team using McAfee. 

We are happier with CloudStrike's ease of use and touch notification than McAfee's.

I noticed that the performance hits on our operating systems are a more minimal than they were on McAfee.

We have had to open a case with the technical support to get some issues and bugs resolved, but they were resolved relatively quickly.

The scalability has been good so far. We have been using it on-premise and on the cloud. We can move it to a different cloud platform, because it is cloud agnostic.

We just moved over from McAfee to CrowdStrike, which detected a lot of things that McAfee did not. We detected a malicious code on our on-premise system, even though we are migrating our application to the cloud. It was able to detect it right away to send us what the code had tried change and execute. 

Our company decided to make the switch between the two products, and I have seen the value-add since then.

It was pretty easy to set up. We baked it into our subscripts during the start-up process.

Its integration has been pretty seamless.

I would anyone to look at this product based on our company's experience so far.

We have both the on-premise and AWS versions of the product.

It's security-related product. A security environment based on AIML. It is not like the older stuff, which used to have signature-based updates.

It has helped us with security and managing threats that we see currently in our environment.

Because it is security product and acts like an AIML smart product, not merely based on daily/weekly updates and signatures.

Unfortunately, native applications are not supported.

It manages around a few thousand endpoints and servers in our environment, and it is doing well so far.

There are no issues in terms of scalability. 

We can call the tech support, if needed. Then, they have a dedicated rep for us.

It went well. We just installed an app on all the endpoints or devices. They have a good console which helps do this. So, it is as simple as that.

We are using this for endpoint security, so it doesn't need to integrate with anything else.

We evaluated three to four other vendors.

During the PoC, we figured out that this product is far better, and it met our requirements. That is why we went for CrowdStrike. With our PoC, they did a good job in explaining the product. So, the PoC went well, and we were able to achieve what we intended to with it.

Do a thorough PoC. Don't go ever go by the sales team unless you have tested it and know it works for your environment, because every environment is unique. The sales guy will promise you the moon. Only unless you have tested, you know it delivers.

The product has met its purpose for us.

We use both the on-premise and AWS versions. They are both good products and very simple to move, install, and configure.

It logs automatically and generates alerts. It is all automatically integrated with the cloud.

CrowdStrike will detect any malicious malware attack on the machine. It will end the attack, and immediately alert us to the issue. I would say it catches the attacks 99% of the time.

I think the automatic alert feature is the most important feature. 

The management  and log aggregation need some improvement. We have had some issues with the logs. 

It is stable.

It is a scalable solution.

The setup was very straightforward. We just had to install it. We did not have to do the dependencies. 

I do not have experience with the cost or licensing of the product.

The primary use case is threat protection.

It improves a lot of our security operations for threat management. It provides a lot for our day-to-day operations too.

The most valuable feature is its threat analysis.

I would like CrowdStrike to provide some correlation in the threat analysis, so we can visualize things better.

It is quite stable. However, whenever there is a feature release (upgrade) where we push to all the endpoints, it causes something to be blocked without us knowing.

We have not put that much stress on it, about 20 percent.

Scalability is good. We have had no issues with it.

Currently, we have about 4800 resources in the cloud.

Their technical support is good and helpful.

The AWS integration is good, and its configuration is straightforward.

We have seen ROI.

Purchasing the product through the AWS Marketplace is just a click away. Since we were using the on-premise version of the product, we continued on the cloud by purchasing it through the AWS Marketplace.

I would like them to further reduce the price, because it is quite pricey at the moment.

I would recommend CrowdStrike as a first option product, but to look at others as well.

The new features that they have released were not bad.

AWS is better than the on-premise version because it can support cloud resources.

We are currently using this solution as a replacement for our antivirus solution. It also helps us in terms of forensic investigation, malware analysis, endpoint detection and response. 

First, it is a production from known and unknown interests. Second, it has an extremely low footprint, so it has minimal impact on the user endpoints in terms of CPU and memory usage. The tamper protection of the CrowdStrike agent is extremely good even if the user is having admin rights and he tries to disable these CrowdStrike services. The CrowdStrike service will respawn itself. It is practically impossible to tamper with these services. If I managed to craft some malware that would shut down the services, CrowdStrike will respond itself, and it will still to protect my endpoint.

In addition, it reduces the overall containment timing, and quickly isolates the endpoints to quickly mediate the issues. 

The EDR feature of CrowdStrike is fantastic. Also, in comparison to other solutions, it can connect remotely, so our security analysts can get into the system directly and do manual analysis as well. 

I also like the overall reports. They are crisp and to the point.

There are a couple of issues with the compatibility to some of the operating systems. But, I see that there are a lot of things in the pipeline. They have a roadmap, and continuously are improving. Within the last three months I have seen lot of new features in the overall CrowdStrike suite.

A couple of things were on the cosmetic part. CrowdStrike needed some improvements on the report functionalities, specifically the dashboard functionalities. Technically there a lot of things also coming from a visual perspective. There are a couple of things they still need to work out like the dashboards. The dashboard does not have the facility to export the reports in a PDF format, which I can quickly share with internal stakeholders. These are minor things, but they are in the pipeline.

The product is quite stable. 

It is very scalable. It can be used for 10,000 endpoint users. So, it is very scalable in terms of volume.

Tech support is helpful, but they need a little bit of improvement. The response time is good. This was not a "show-stopper" for us.

Initial setup was pretty straightforward. It has cloud-based hosting, so you can just get your installation agent, install it, authenticate the agent with your cloud instance and start managing the agent.

CrowdStrike has helped us in terms of manpower and cost savings. I work with a team of less than 10 people, and I have worked in other organizations where I used to handle more than 20 to 25 people for the same things.

The pricing will depend upon your volume of usage.

I have prior experience with Cylance and Dell Data Security Agent powered by Cylnace, which I would not say is a complete EDR. I also have prior work knowledge of SECDO, which has been acquired by Palo Alto.

It is a complete cloud-based solution, so they will have to factor in the compliance requirements as well. Not everyone is comfortable sending the data to the cloud, especially considering the privacy requirements. CrowdStrike needs to think of local and regulatory requirements. But, one thing is for sure, CrowdStrike will not take your personal data to the cloud, it only takes your metadata from the endpoint. But, if the company's having some stringency regulations, it will definitely be harder for them to keep the data in the cloud.

Primary use is for endpoint investigations.

It allows us to determine root cause, do the analysis, a lot quicker.

Visibility into the endpoint rate. Understanding what processes are running on the system, what registry keys have been enabled. Pretty much understanding the whole frantic side of the endpoint.

It would be nice if we could extrapolate indicators of compromise and write them within sandboxes.

It's fairly stable. We haven't been having too many issues with that.

It scales quite well because it's cloud-based and subscription-based. It can scale pretty quickly.

I would say technical support is fairly good. They understand the technology quite well so they are able to support us a lot better.

The most important criteria when selecting a vendor come down to the capability of the technology, the cost, the support, how it fits into our overall architecture strategy, and the stability of the company. For instance, if it's a small company and they go under, you might as well have not invested in it.

I would rate this solution an eight out of 10 because it has all the features that we need. It's within our budget, and it fits into our overall architecture strategy. There are a few features that could be added, as mentioned.

I would recommend this technology.

We primarily use CrowdStrike Falcon for malware detection, endpoints, and application behavior detection. The company has different teams, but our team handles the Windows and Mac hosts.

Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches.

Dashboard creation is one of the areas for improvement in CrowdStrike Falcon. Sometimes, management asks for a custom dashboard, so my team has to collect data from CrowdStrike Falcon, integrate that in Splunk, then create the dashboard in Splunk. The Splunk dashboard is more elaborate, so the CrowdStrike Falcon dashboard needs improvement.

Another area for improvement in the tool is the malware detection report, as it needs to be more detailed and include some graphics so that if you want to present that data in a nutshell, it's easier to do. For example, the report should consist of some graphical representation that shows a month's worth of data.

In terms of an additional feature I'd like CrowdStrike Falcon to have, it's the device posture assessment feature that detects the device posture within the network. Whichever device connects to the corporate network, my company should be able to analyze the device posture. Then there should be communication with the network, which means that as soon as a device connects, CrowdStrike Falcon can assess the device posture, detect its corporate asset, and decide whether it should be allowed on the network.

I've been using CrowdStrike Falcon since January or February, so it's been eleven months, but my company used it even before I joined the organization.

Overall, CrowdStrike Falcon is a stable product. My company is satisfied with its stability.

Per my experience, CrowdStrike Falcon is scalable.

The CrowdStrike Falcon technical support is good because it's responsive, and the team reverts to you within a reasonable timeframe and in an excellent manner, which is essential for support. However, my team didn't have many cases because CrowdStrike Falcon doesn't require much support.

My company also took product training and implemented the learnings within the environment. CrowdStrike Falcon is effective and gives the required throughput and output, so in the last ten or eleven months, support cases have been very low, but whenever an issue is raised, the level of support has been excellent.

The company previously used Kaspersky, but CrowdStrike Falcon was far better. I heard that there was some attack, and Kaspersky couldn't handle that. CrowdStrike Falcon, on the other hand, offers excellent protection even from multiple malware attacks, and it has a good application behavior analysis feature.

My company did extensive penetration testing on CrowdStrike Falcon, which had good or far better results than Kaspersky. The company had a bad experience with Kaspersky.

The initial setup for CrowdStrike Falcon is moderate in terms of difficulty, so it's not very easy, but it's not complex as well.

How long the setup takes depends on how you want to deploy CrowdStrike Falcon, but at the moment, it doesn't take much time for my company. It's quicker, but any company implementing CrowdStrike Falcon for the first time may need some good training or some hands-on experience. Otherwise, compared to other products, I would say CrowdStrike Falcon is better, implementation-wise.

As I'm part of the technical team, not the budgeting team, I don't have information on CrowdStrike Falcon pricing.

My company uses multiple products related to cybersecurity, for example, Netskope. For endpoint security, my company uses Microsoft Defender ATP and Endgame. My company is also working with CrowdStrike Falcon. For vulnerability management, my company uses Qualys, in particular for the AWS environment.

I don't remember the exact version of CrowdStrike Falcon I'm using, but I know that the tool is on Windows, Mac, and some AWS environments within the company.

Within the company, the total number of endpoints is around seven hundred. Two admins handle the endpoints for CrowdStrike Falcon.

My advice for anyone looking to implement CrowdStrike Falcon is to go for it, especially if you want to add value to your cybersecurity, specifically endpoint protection and application behavior analysis. CrowdStrike Falcon has reliable results, so I prefer it over other tools.

My rating for CrowdStrike Falcon is nine out of ten.

My company is a customer, and not a partner of CrowdStrike Falcon.