CrowdStrike Falcon Reviews

As a security analyst, I primarily focus on creating rules, conducting investigations, and integrating new devices with our CrowdStrike system. After these integrations, I also check the status to ensure everything is functioning properly.

For threat detection, CrowdStrike provides queries and searches. If I need to find any IOCs, I would say that is my best option. During a cyber war, once we gather some IOCs, we can ingest them into CrowdStrike. This ensures that if we encounter an attack using those IOCs in the future, we receive alerts, allowing us to investigate further. Also, the detection capability of CrowdStrike is quite real-time. If we enforce a policy preventing users from inserting USBs into the PC and it triggers, it happens in real-time without delay.

Currently, users manually input IOCs, and it would be beneficial if IOCs released by major companies were automatically integrated into CrowdStrike. We retrieve files from vendors, which incurs costs. Automating this process could be cost-effective and time-saving.

I think I have been using it for around seven and a half years.

There is no maintenance required because I, as a user of CrowdStrike, am part of the security team. I mainly configure new threat detections or explore new dashboards.

The stability is quite impressive, and I am enjoying it.

It is stable, and I haven't encountered any issues. It is manageable and comfortable.

I am a security analyst, and CrowdStrike is utilized as part of EDR. For websites, other attacks, and banking systems, we have used QRadar, ELK, Sentinel, and some locally built detection systems.

For me, as a security analyst, it doesn't require months or days. Many tasks can be completed in hours. With experience, even critical tasks can be done in minutes.

Whenever our company hires a new employee, they provide him with credentials. He installs the agent and inputs the credentials. The process is entirely console-based.

It depends on the size of the company and the tasks we undertake.

I don't have much information about the setup costs, but it was manageable. CrowdStrike offers three or four packages depending on the company's size, and we purchased the most expensive one for better operations.

I would recommend that if you need a quick response against real-time attackers, you should consider purchasing CrowdStrike. Windows Defender doesn't match up, so configuring it on EC2 instances is better for small and large-scale companies as well. Overall rating: nine out of ten.

Hybrid Cloud

I am using it for endpoint protection.

The features I appreciate the most are numerous; the overall product is very good, actually.

This is an advanced tool in terms of AI which is implemented and integrated. CrowdStrike Falcon has a ransom detection time of less than 50 seconds. Detection and taking down violations and breaches takes a minimum time of 59 seconds. Intelligence is very good, as AI is integrated with this solution. The integration capabilities in CrowdStrike Falcon are very good.

If tomorrow is the next release of the product, new features would be helpful, but at the moment, the product is very good. Nothing specific comes to mind about what new features they can add.

For further improvements, I can only think of one example because this is very important for us; they could reduce the price. Then it would deserve a rating of seven.

We have been using it for three to four years and have not encountered any issues.

Regarding challenges or problems with the product, I haven't noticed any current drawbacks. The challenge occurred last year in July when there was some patch update failure, which caused many issues. However, we have overcome that situation.

The stability is good.

We have been using it for three to four years and have not encountered any issues. More experience with this product might come with increased usage.

The technical support from CrowdStrike Falcon is good.

I would rate the support an eight.

Positive

The installation and deployment are straightforward. It is very good and can be integrated with the management engine.

The Return On Investment saves around 30%.

The licensing cost and setup costs are affordable.

I am a computer engineer by profession.

The maintenance is automatic.

I would rate CrowdStrike Falcon as nine overall.

Hybrid Cloud

Other

CrowdStrike Falcon is used as an endpoint detection and response platform. It's basically an antivirus solution. It is deployed on all the endpoints, including workstation servers, et cetera.

We previously had another solution. However, it was a combination of signature-based and anomaly-based detection methods. When we implemented CrowdStrike in our organization, it helped us minimize the critical gap where, in some cases, we could not identify malicious behavior.

CrowdStrike is behavioral-based; therefore, it has a behavioral-based detection method. It's not a signature-based tool. It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints.

They have a service called Overwatch. It's an incident response feature, which CrowdStrike usually provides for most of the customer's premium customers. They will be looking for particular instances. If anything really suspicious or malicious happens, they will inform us. That is one kind of feature that is really great as compared to other tools.

The ransomware protection and behavior-based detection are the best features. 

The solution has effective prevention policies. They help prevent cyber attacks or any other malicious activity.

The real-time response capability supported our incident response efforts. Whenever there is a case of any critical incident or any security breach, at the time of security breach, we can utilize RTR (real-time response) features to know what process is running. Then, we can kill the process. We can get to know, for example, what active connections are. Also, in case of quarantine, if we quarantine a particular machine with CrowdStrike, we still have access to that machine with the real-time response feature. That's quite useful.

File integrity monitoring could be improved. They need to have more clarity on the policies and how we can apply them to get the file modification details. In terms of vulnerability management, CrowdStrike doesn't have the network scanning feature, which other competitors have.

We sometimes get false positives. We have had to create some exceptions. However, we have been able to minimize the noise. 

I have been using CrowdStrike for more than 3 years.

This is a very stable solution. I'd rate the solution 9 out of 10. 

We have a single instance across multiple locations. People in the company work from different locations, and we have agents installed to workstations, et cetera. We have around 8,000 workstations and around 5,000 servers. Then, we have about 20 people working on it directly regularly.

The solution is absolutely scalable, and companies can scale it as needed. I'd rate the solution 9 out of 10 in terms of scalability. 

I'm absolutely satisfied with CrowdStrike's support. They have a robust support team that is always there to help.

Positive

We were previously using Symantec. CrowdStrike has a wider range of features and has been the market leader in its category. After a quick POC, we decided to move to it. 

The initial setup was straightforward. There were no major hiccups in implementing it. We were clearly guided by the CrowdStrike team. We just followed the steps provided. It took 45 to 60 days to implement.

CrowdStrike is a cloud-based solution. We don't have to deploy any instance on-premises or cloud. CrowdStrike provides us access to their instance. We simply have to install the agents on our systems. Those agents will communicate to the CrowdStrike Falcon cloud. It will all be managed by CrowdStrike, and we will have access to the console. On the console, we have all the features and all the different options we need to manage the platform. There is no maintenance required.

We had 3 people participating in the deployment. From the system side, there are multiple teams involved from the deployment point of view. That said, 90% of the work was done by the security platform team.

I'd rate the ease of deployment 4.5 out of 5. 

We have witnessed an ROI. It's been the first line of defense for us. It has saved us on costs. However, those are hard to quantify as we haven't faced a breach.

The solution is expensive, however, if you look at the features, it's worth the cost.

I'm a customer and end-user.

I would absolutely recommend this product to any organization with a prior POC under its belt. A company needs to test it in their environment. That said, I would highly recommend anyone to test it out.

I'd rate the solution 9 out of 10. 

Public Cloud

I'm a tax lawyer, so the IRS requires me to have a security program. 

Everything is automatic. I install the sensor and renew the service. Periodically, I get a notice that they've shut something down. It couldn't be less painful, and it couldn't be more reassuring. I never need to do anything with it. I don't tweak it or update it. 

You place a sensor on your computers that requires a very small amount of memory. It's about 39k or so to run the sensor. It's not like other programs that slow down the computer. CrowdStrike is constantly scanning your computer from the cloud and responds in a millisecond when it detects anything. 

The content-filtering features for children could be improved. We have young grandchildren aged 12 and 8. My daughter, their mother, wants to keep them from getting in trouble on the net. She looked at all these other solutions from Google, Microsoft, etc., and she couldn't figure out how to make any of those work. I told her that I bet CrowdStrike could handle this. Sure enough, CrowdStrike can do exactly that. It's the same solution that the Defense Department gets. It works, but it's a little complicated to implement. It could be simpler to set the policies. 

I have used CrowdStrike Falcon for three or four years. 

I rate CrowdStrike support 10 out of 10. It's an email-based procedure. You create a case, and they notify you when it's assigned. You get an email from the technician, and you correspond back and forth. I usually request a phone call. They respond quickly. It's usually within half an hour to an hour. The tech support is perfectly adequate and certainly helps with whatever you want. They're nice, and the people seem intelligent.

Positive

Setting up CrowdStrike Falcon is easy. They give you this enormous knowledge base. I almost never use it, but it covers absolutely everything. They also do a lot of handholding for the installation. You can get somebody to call you and tell you that everything is in the right place and it's doing all the right stuff. You can also do it by yourself, and you'll get an email message saying your sensor has been installed on this endpoint.

It took me about half an hour to an hour to download and install the sensor, but I also think it was influenced by the level at which I use CrowdStrike. I am their most basic user. A more complicated environment like the Defense Department might take more time.

CrowdStrike Falcon offers a great value. I'm the smallest kind of customer they had. It's a big step up. I had a more robust subscription, but I found I didn't use any of it ever, so I just cut back to the same thing that I had to begin with. You hardly notice any difference.

Crowdstrike Falcon is relatively cheap. 

We also considered Palo Alto. It had a device, but once you got it, you had some technical issues to deal with. I don't know if Palo Alto's requirements were more or less onerous than CrowdStrike's, but it seemed a little more complicated. 

The two products had similar pricing. Palo Alto was about $750 for the device and a small amount for maintenance and whatnot. The other one is $500 a shot. The fact that you can get some other form of security software for a tenth of that price doesn't matter. It's just not even worth thinking about.

I rate CrowdStrike Falcon 10 out of 10. It's extraordinarily easy to implement and use. You can do some advanced things that require some expertise, but those levels of security would be more appropriate for larger enterprises.

We use the solution for Windows and non-Windows infrastructure. We have Falcon clients on all our machines.

We integrate with CyberArk, which includes DNA reporting, particularly for identifying old and ticket-based attacks. We’ve implemented this integration to receive risk-based scoring. Our strategy focuses on preventing privilege escalation, as our last major incident, NotPetya, resulted from this vulnerability. To address this, we’ve implemented measures through CyberArk and CrowdStrike.

When we encounter phishing attacks via email, we sandbox any reported items. Whenever a suspicious email is reported, we conduct sandboxing in CrowdStrike and block emails, domains, and IPs based on the resulting threat intelligence.

The most critical aspect is preventing privilege escalation, particularly for domain admins with the highest credentials. With our integration of CyberArk, passwords are never transmitted to the endpoint. Instead, a secure RDP file is created, and Falcon is used to prevent privilege escalation attempts.

As customers, we always update our systems whenever a new release is available, with clients connecting directly to the Internet for these updates. We have an agent who manages these updates on the clients, but as an organization, we don’t have control over them. CrowdStrike should assess the impact on endpoints before releasing such updates.

Our organization now seeks AI-based stock monitoring to prioritize thousands of alerts generated across various platforms. The AI integration is still in its early stages, so we would like to see Falcon develop tools that can integrate with multiple platforms and help identify the highest-priority alerts.

I have been using CrowdStrike Falcon Threat Intelligence since 2017. We are using the latest version of the solution.

I rate the solution’s stability a nine out of ten.

The integration part is very good. CrowdStrike collaborates with most security vendors, so it's very easy to get one platform for our risk factors across the enterprise.

40 thousand devices are using this solution. We get many alerts from Falcon, sometimes from end users and sometimes from Internet-facing servers.

I rate the solution's scalability a nine out of ten.

We struggle to get specialized resources from CrowdStrike in a few cases.

Neutral

CrowdStrike Falcon Black is an on-premise solution that was very complicated, so we faced performance issues. The main reason for the switch is the performance issues reported by multiple application owners.

Initially, we faced many challenges because we had to open ports from each of our subnets to Falcon, as it’s a SaaS solution. Each client needs to communicate with Falcon servers for threat intelligence. Due to the complexity of our network, we had to carefully consider all security aspects when opening the external communication ports to Falcon.

It took 25 to 30 days to deploy it completely.

We began with our Tier 0 servers, which had the most critical and highest privileges. After securing those, we moved on to Tier 1 and Tier 2 as we continued deployment. Our approach was to first address the highest risk factors across the enterprise and then gradually move on to securing endpoints like user desktops and laptops.

I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.

We took professional services from CrowdStrike, so it was done in-house with only two people: one from the execution team and one from the cybersecurity team.

When we track the annual priority cases, especially the security incidents, we have made many improvements. That is ROI in terms of tracking security incidents.

I rate the product’s pricing a six out of ten, where one is cheap and ten is expensive.

Most customer requirements focus on email security, so we’ve implemented Mimecast. CrowdStrike Falcon integrates with Mimecast, allowing us to provide advanced security beyond Office 365’s capabilities. With DMARC in place, Falcon helps us identify domains that pose a risk to the organization.

I advise you to look for customer feedback, and then they should also look for Gartner and other industry leaders so you get the ranking.

Overall, I rate the solution a seven out of ten.

Public Cloud

We provide a service for our clients with CrowdStrike Falcon. Alerts come into the CrowdStrike Falcon dashboard, and we investigate them based on the process tree and commands running. We check everything for any infections in the host or internal connections. If a threat is confirmed, we place it into the containment section inside Falcon. 

CrowdStrike improves our detection capabilities. We use multiple tools like Symantec and this one. CrowdStrike reports on the processes and services, allowing us to investigate forensically. We can conduct a deep analysis and identify the threat at the memory level. We can do more investigation of the process to see where it started and where it is going. We can see the commands running on the backend, CPU utilization, and memory consumption. All of that information is helpful. 

CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools. 

It's integrated with multiple threat intelligence sources, such as the AbuseIPDB. That integration helps because we can easily cross-check between CrowdStrike and other solutions like an MDR or Azure AD. Hybrid analysis is integrated with CrowdStrike in our environment. There's also sandbox analysis. It's more informative. We perform a routine activity in our test environment where we simulate the process and file.

CrowdStrike Falcon sometimes wrongly flags things as malicious. Let's say a user is active on Chrome only. Sometimes, our cross-segmenting will fetch from the backend data and show that it is malicious because of memory or CPU utilization.

I have used Falcon for more than two years. 

CrowdStrike Falcon is a stable solution.  

CrowdStrike is scalable. We can query large amounts of data, and the solution responds well, whereas Splunk takes a longer time to perform a search operation.

I rate CrowdStrike support 10 out of 10. They respond quickly and don't take much time to resolve all our issues.

Positive

I have used Symantec and Rapid7.

Falcon was already deployed when I started working. It requires some maintenance. We need to make some adjustments for some use cases, or we might need to implement upgrades that require downtime. 

CrowdStrike Falcon is expensive because it's based on the number of services. 

I rate CrowdStrike Falcon 10 out of 10. It has delivered some good results. 

On-premises

It gives an overview and insights into my AD accounts. It shows if any identity, like an AD user, is compromised, has a weak password, or is logging in from an unusual system. Any anomalies.

I like the insights and detailed view of my AD structure. How protected it is, or is there any loophole or an area that needs more protection. 

Another feature I like is that it gives insights into all my domain controllers and ADCs. The configuration is also really easy.

The real-time monitoring feature is good. For example, a user account is hacked. It alerts me that it's been hacked and prompts me to look into it or have the user change their password. I can then log in to my AD, change the password, or notify the user that their account has been compromised and ask them to change their password.

AI capabilities of CrowdStrike are also good. 

When I use Identity Protection, I want the full stack, like going for XDR. If anything happens, like a laptop being compromised using a password, it gives me the entire attack flow. For example, the attack came from a particular user, like an IT admin. If their identity is hacked and they log into multiple systems, and those systems are affected, we can see those details and provide good support or recovery for customers and partners.

I'm concerned about the recent issue in July 2024. It involved a faulty content configuration update. What if another update causes the same problem again?

I have been using it for two years.

Stability, I would rate it as a seven out of ten. There are a few instances where our customers have complained about the digital signatures it uses. Sometimes, even if you create a policy, it still tends to block it. A few applications get flagged as malicious even though the customer trusts them. Even if you create an exception rule, it might still block it after a few weeks. Also, there's the recent issue we faced with CrowdStrike and Windows. So, based on that, I'd give it a seven out of ten.

There is room for improvement. They need to conduct more thorough R&D before releasing updates. I think they didn't do that this time, but it was just a one-time issue. However, what if it happens again? That's a concern.

Scalability-wise, I would give it a ten out of ten. It's simple because it's a SaaS solution. For example, this month, I have 50 users. Next month, I have 50 additional users. I just need to buy more licenses and add those systems to CrowdStrike. If I need to put them in certain groups with specific policies, that's easy too.

We work with all types of businesses, including small, medium, and enterprise businesses. Scalability is simple. I don't even need to install it on my laptop. One more good thing is that it offers an XDR view where I can add other components, like the email security solution Proofpoint. I can integrate it, so I'll get my emails and everything will be in a single pane of glass.  

We have a Technical Account Manager (TAM). We can directly call them and raise a ticket. Initially, it was a six or even a five because we had to send an email, and it would take three to four days for them to reply. Now, with the TAM, we can get issues resolved faster.

Positive

I have experience with CrowdStrike, apart from their Cloud Security offering, which is on GCP. I've worked with CrowdStrike Identity Protection, Device Control, Device Control, EDR, XDR - basically everything except their cloud solution.

The initial setup is straightforward. I don't need to install an agent in my AD, and I can get alerts from my read-only domain controller, which is also good.

I would rate my experience with the initial setup a ten out of ten, with ten being easy and one being difficult. 

It's not required to deploy on-premises. It's a SaaS solution. I just need to download the agent and install it on each of my devices, whether they're VMs or my laptop. 

One more good thing is that I don't need to be in my office network for it to keep protecting me. I can take the system home, and it will still be protected.

The deployment itself takes about a day to install everything if it's user-based. But for CrowdStrike to learn what to block and what not to block in your specific environment, it will take easily about two weeks. There will be some applications that it might consider a threat because it's a next-gen AV that uses AI. 

So, some applications the customer uses might be flagged. I can whitelist them or create a policy to allow them. That's also a very good feature of CrowdStrike. 

So, for the initial setup takes two weeks. For it to get to know your environment and work smoothly, just to install agents and set up the dashboard, policies, and all that, it takes about one day.

It offers seamless integration with the existing security infrastructure. We haven't faced any challenges because our customers use CrowdStrike only for endpoint and server security. They haven't gone to the XDR level yet. However, many other OEMs I've spoken to, like Zerto, have said that the CrowdStrike and Zerto integration is very seamless. So, if anything happens on my server end, I'll know when it happened and what the issue is from CrowdStrike. Or, for example a ransomware attack happens, I can restore from my Zerto application.

The benefit I've seen is their backend, which powers the EDR, XDR, and NGAV. It's really good because it can detect anything due to the wide range of customers they have. 

For example, one customer has a vulnerability because of a zero-day attack. All the other customers will benefit because it propagates to the cloud and analyzes if other customers are on the same version of the drivers or any other Windows patch. If they are, it will tell us that there's an issue and provide remediation steps. Many of our customers find this very helpful. It's called the CrowdStrike community.

I would rate it a seven out of ten, where one is cheap, and ten is expensive because it's a bit on the costlier side. Compared to Symantec or Trend Micro, CrowdStrike is more expensive.

Overall, I would rate the product an eight out of ten because of one recent issue that happened. 

I'm concerned about the recent issue that happened. What if another update causes the same problem again? Is it really as good as it seems? Even our customers have given very good feedback, they get more insights into what's happening, what they should do, and what remediation steps to take. So, in that way, it's very good.

I would recommend it, especially if you're going for endpoint security. I'd definitely recommend CrowdStrike first because it's more mature than SentinelOne and other EDR solutions in the APAC region.

I used the tool since my company wanted a product with next-generation antivirus and EDR, as it can help with the detection of malicious activities and behavior detection, and the MI and machine learning part in the tool also helps.

Only for the customized IOCs, there is a need to highlight certain aspects, and based on it, we get to block only the hash values but is not based on the file name, like .exe, or other extensions, so I can't block them, making it in an area where the solution needs to improve.

My company had raised a concern with CrowdStrike's support team when one of the antivirus applications that communicates with CrowdStrike started misbehaving. For both the aforementioned tools, the same support ticket had to be raised. If my company had to provide any suggestions regarding the whitelisting part, there was a delay of over a month when dealing with the product's support team. If the tool's support team suggests users follow certain steps, and if it is not followed or is not in progress, then after two or three days, the tool's support team needs to join a video call and provide a resolution to the users.

Some policies in the tool need to be fine-tuned. Customized IOCs need to be improved since they have certain shortcomings. With the customized IOCs, it can be made possible to block a file extension with a filename or file extension type of blocking. Providing users with the ability to customize policies would be a good improvement to the solution.

I have been using CrowdStrike Falcon Threat Intelligence for a year. I am a user of the tool.

Stability-wise, I rate the solution an eight and a half out of ten.

Scalability-wise, I rate the solution an eight out of ten.

My company's cybersecurity and IT security team use the tool. In my company, there are 15,000 users. For servers, there are 1,500 users.

Right now, there is no need to increase the usage of the tool.

The solution's technical support is not good. I rate the technical support a four to five out of ten.

Neutral

I have experience with Palo Alto.

The detection and other functionalities in CrowdStrike and Palo Alto are the same, but cost-wise, CrowdStrike is reasonable. Technically, I would prefer Palo Alto over CrowdStrike.

The product's deployment phase is easy. I rate the setup phase of the tool as a ten on a scale where one is difficult and ten means it is an easy process.

The solution can be deployed in the cloud and on an on-premises model.

The solution can be initially deployed in a minute.

Considering the number of users, servers, cloud, and on-premises environment, it hardly takes 15 to 20 days. When there are laptop and desktop users who are online, and there is a need to install the agent, then there can be some issues, and with such minor things, ten days are more than enough for the installation.

CrowdStrike is a reasonably priced tool.

In terms of the ability of the tool to deal with threats, I would say that the product does it by around 85 percent.

The real-time response of the tool is good, and I feel it is around 90 to 95 percent.

The tool's incident-handling capability is good.

Considering the influence of the product on our company over some time, I would say that the solution is cost-effective and offers good threat detection features. The tool's interface is also good.

The tool's AI features are good, but they are not useful for our company since the area of detection is not something in our bucket right now.

If you have a big budget, go with Palo Alto. If you have a low budget and want a tool that provides more accuracy during detection, then it is better to go with CrowdStrike.

I rate the tool a nine out of ten.

Hybrid Cloud