CrowdStrike Falcon Reviews

Due to compliance requirements, our organization utilizes CrowdStrike Falcon as our Endpoint Detection and Response solution. This decision was particularly driven by the need to address a surge of ransomware attacks within our environment, experiencing between ten and 15 incidents at the time. The implementation of an EDR solution became crucial for effectively responding to these threats.

Our existing system lacked real-time monitoring and visibility, causing detection delays of even several minutes. CrowdStrike addressed this by offering near-instantaneous detection across the entire system. Furthermore, it allows for manual or automated response actions, significantly improving our overall incident response speed.

Integrating CrowdStrike Falcon with other solutions such as our SIEM was easy.

The key aspect of CrowdStrike Falcon is its behavioral detection approach. Unlike traditional signature-based platforms that rely on pre-defined patterns, Falcon analyzes an application's behavior to identify and respond to threats much faster. This makes it lightweight and minimizes impact on system performance. The sandbox feature is also valuable, while it incurs an additional cost, it can be valuable for deeper investigation.

The UI is not efficient. We are required to dig down to get more information, jumping from screen to screen.

I have been using CrowdStrike Falcon for three and a half years.

CrowdStrike Falcon generally ran smoothly with minimal lag.

CrowdStrike Falcon meets our scaling needs. To increase usage we simply add more agents.

Frustrated by CrowdStrike's slow and inconsistent technical support, we ended up having more success researching and resolving the issue ourselves.

Neutral

Leveraging the cloud platform, the initial deployment was straightforward. We simply needed to activate and deploy the agents. While configuration for a seasoned professional only took one to two hours, the entire deployment process typically takes a couple of days.

CrowdStrike Falcon can be more expensive than some competitors, and its base price doesn't cover every feature. For instance, adding sandboxing for advanced malware analysis incurs an extra cost.

We evaluated CrowdStrike and SentinelOne. However, since we bought the CrowdStrike, we did not move forward with SentinelOne.

CrowdStrike stands out for its superior threat detection speed, lightweight agents that don't impact system performance, and its helpful recommendations for responding to threats. This combination allows us to swiftly stop even unknown threats in their tracks.

I would rate CrowdStrike Falcon eight out of ten.

Two engineers max are required for maintenance.

We have 5,000 CrowdStrike Falcon users within our organization.

CrowdStrike Falcon utilizes a behavioral approach to security, proactively identifying threats based on their actions rather than relying on pre-defined signatures. This allows for faster response times compared to traditional signature-based systems.

We provide a service for our clients with CrowdStrike Falcon. Alerts come into the CrowdStrike Falcon dashboard, and we investigate them based on the process tree and commands running. We check everything for any infections in the host or internal connections. If a threat is confirmed, we place it into the containment section inside Falcon. 

CrowdStrike improves our detection capabilities. We use multiple tools like Symantec and this one. CrowdStrike reports on the processes and services, allowing us to investigate forensically. We can conduct a deep analysis and identify the threat at the memory level. We can do more investigation of the process to see where it started and where it is going. We can see the commands running on the backend, CPU utilization, and memory consumption. All of that information is helpful. 

CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools. 

It's integrated with multiple threat intelligence sources, such as the AbuseIPDB. That integration helps because we can easily cross-check between CrowdStrike and other solutions like an MDR or Azure AD. Hybrid analysis is integrated with CrowdStrike in our environment. There's also sandbox analysis. It's more informative. We perform a routine activity in our test environment where we simulate the process and file.

CrowdStrike Falcon sometimes wrongly flags things as malicious. Let's say a user is active on Chrome only. Sometimes, our cross-segmenting will fetch from the backend data and show that it is malicious because of memory or CPU utilization.

I have used Falcon for more than two years. 

CrowdStrike Falcon is a stable solution.  

CrowdStrike is scalable. We can query large amounts of data, and the solution responds well, whereas Splunk takes a longer time to perform a search operation.

I rate CrowdStrike support 10 out of 10. They respond quickly and don't take much time to resolve all our issues.

Positive

I have used Symantec and Rapid7.

Falcon was already deployed when I started working. It requires some maintenance. We need to make some adjustments for some use cases, or we might need to implement upgrades that require downtime. 

CrowdStrike Falcon is expensive because it's based on the number of services. 

I rate CrowdStrike Falcon 10 out of 10. It has delivered some good results. 

It gives an overview and insights into my AD accounts. It shows if any identity, like an AD user, is compromised, has a weak password, or is logging in from an unusual system. Any anomalies.

I like the insights and detailed view of my AD structure. How protected it is, or is there any loophole or an area that needs more protection. 

Another feature I like is that it gives insights into all my domain controllers and ADCs. The configuration is also really easy.

The real-time monitoring feature is good. For example, a user account is hacked. It alerts me that it's been hacked and prompts me to look into it or have the user change their password. I can then log in to my AD, change the password, or notify the user that their account has been compromised and ask them to change their password.

AI capabilities of CrowdStrike are also good. 

When I use Identity Protection, I want the full stack, like going for XDR. If anything happens, like a laptop being compromised using a password, it gives me the entire attack flow. For example, the attack came from a particular user, like an IT admin. If their identity is hacked and they log into multiple systems, and those systems are affected, we can see those details and provide good support or recovery for customers and partners.

I'm concerned about the recent issue in July 2024. It involved a faulty content configuration update. What if another update causes the same problem again?

I have been using it for two years.

Stability, I would rate it as a seven out of ten. There are a few instances where our customers have complained about the digital signatures it uses. Sometimes, even if you create a policy, it still tends to block it. A few applications get flagged as malicious even though the customer trusts them. Even if you create an exception rule, it might still block it after a few weeks. Also, there's the recent issue we faced with CrowdStrike and Windows. So, based on that, I'd give it a seven out of ten.

There is room for improvement. They need to conduct more thorough R&D before releasing updates. I think they didn't do that this time, but it was just a one-time issue. However, what if it happens again? That's a concern.

Scalability-wise, I would give it a ten out of ten. It's simple because it's a SaaS solution. For example, this month, I have 50 users. Next month, I have 50 additional users. I just need to buy more licenses and add those systems to CrowdStrike. If I need to put them in certain groups with specific policies, that's easy too.

We work with all types of businesses, including small, medium, and enterprise businesses. Scalability is simple. I don't even need to install it on my laptop. One more good thing is that it offers an XDR view where I can add other components, like the email security solution Proofpoint. I can integrate it, so I'll get my emails and everything will be in a single pane of glass.  

We have a Technical Account Manager (TAM). We can directly call them and raise a ticket. Initially, it was a six or even a five because we had to send an email, and it would take three to four days for them to reply. Now, with the TAM, we can get issues resolved faster.

Positive

I have experience with CrowdStrike, apart from their Cloud Security offering, which is on GCP. I've worked with CrowdStrike Identity Protection, Device Control, Device Control, EDR, XDR - basically everything except their cloud solution.

The initial setup is straightforward. I don't need to install an agent in my AD, and I can get alerts from my read-only domain controller, which is also good.

I would rate my experience with the initial setup a ten out of ten, with ten being easy and one being difficult. 

It's not required to deploy on-premises. It's a SaaS solution. I just need to download the agent and install it on each of my devices, whether they're VMs or my laptop. 

One more good thing is that I don't need to be in my office network for it to keep protecting me. I can take the system home, and it will still be protected.

The deployment itself takes about a day to install everything if it's user-based. But for CrowdStrike to learn what to block and what not to block in your specific environment, it will take easily about two weeks. There will be some applications that it might consider a threat because it's a next-gen AV that uses AI. 

So, some applications the customer uses might be flagged. I can whitelist them or create a policy to allow them. That's also a very good feature of CrowdStrike. 

So, for the initial setup takes two weeks. For it to get to know your environment and work smoothly, just to install agents and set up the dashboard, policies, and all that, it takes about one day.

It offers seamless integration with the existing security infrastructure. We haven't faced any challenges because our customers use CrowdStrike only for endpoint and server security. They haven't gone to the XDR level yet. However, many other OEMs I've spoken to, like Zerto, have said that the CrowdStrike and Zerto integration is very seamless. So, if anything happens on my server end, I'll know when it happened and what the issue is from CrowdStrike. Or, for example a ransomware attack happens, I can restore from my Zerto application.

The benefit I've seen is their backend, which powers the EDR, XDR, and NGAV. It's really good because it can detect anything due to the wide range of customers they have. 

For example, one customer has a vulnerability because of a zero-day attack. All the other customers will benefit because it propagates to the cloud and analyzes if other customers are on the same version of the drivers or any other Windows patch. If they are, it will tell us that there's an issue and provide remediation steps. Many of our customers find this very helpful. It's called the CrowdStrike community.

I would rate it a seven out of ten, where one is cheap, and ten is expensive because it's a bit on the costlier side. Compared to Symantec or Trend Micro, CrowdStrike is more expensive.

Overall, I would rate the product an eight out of ten because of one recent issue that happened. 

I'm concerned about the recent issue that happened. What if another update causes the same problem again? Is it really as good as it seems? Even our customers have given very good feedback, they get more insights into what's happening, what they should do, and what remediation steps to take. So, in that way, it's very good.

I would recommend it, especially if you're going for endpoint security. I'd definitely recommend CrowdStrike first because it's more mature than SentinelOne and other EDR solutions in the APAC region.

CrowdStrike Falcon is our platform for IT security, encompassing endpoint security, cloud security, and EDR capabilities.

CrowdStrike protected us from a cyberattack. That's why I believe it's a very effective product. It's already prevented attacks on 2 occasions. It successfully quarantined suspicious files, essentially making our organization much safer.

We also leverage CrowdStrike Falcon Overwatch, a managed threat-hunting service offered by CrowdStrike. This service complements CrowdStrike's EDR functionality, which provides automated detection and response capabilities against external attacks. In our case, CrowdStrike successfully identified and automatically contained a cyberattack launched against our organization.

Our CrowdStrike Falcon integration with our SIEM is proving to be flexible.

The most valuable aspects of CrowdStrike Falcon for me are its device observability, identification, and software and OS recognition. It also excels in external media control, particularly USB access. The ability to disable USB access to flash drives significantly improves security.

Furthermore, Falcon helps identify patches needed for Windows, Mac, and other operating systems. This provides valuable reports and insights into our system vulnerabilities, allowing us to proactively address them.

If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products.

I have been using CrowdStrike Falcon for 2 years.

I would rate the stability of CrowdStrike Falcon 8 out of 10.

We've deployed CrowdStrike Falcon across all 3,000 of our endpoints, and it has demonstrated excellent scalability. Therefore, scalability is not a concern for CrowdStrike in terms of performance or its ability to handle growth.

I would rate the scalability a 9 out of 10.

The deployment was straightforward, taking 2 months for 3,000 endpoints. We implemented it directly where needed. The process was simple and easy. We believe this approach offers advantages due to its lower complexity compared to other methods. Careful planning was essential, and with a clear plan for sensor installation, we were able to execute the deployment successfully.

While a third party handled the implementation, the OEM provided us with direct training on Falcon alongside CrowdStrike.

CrowdStrike Falcon has demonstrably provided a positive return on investment. We've already encountered two specific instances where, without CrowdStrike, the company would have faced millions in damages. In one case, we would have likely lost our entire SAP system.

The pricing of CrowdStrike Falcon is competitive.

After evaluating SentinelOne, we found CrowdStrike to be a superior solution. CrowdStrike offers advantages in dashboard compatibility and a feature called Overwatch, which gives it a competitive edge.

I would rate CrowdStrike Falcon 8 out of 10.

CrowdStrike Falcon is deployed in multiple branches across India.

No maintenance is required from our end.

I recommend CrowdStrike Falcon. It is not a solution we need to think twice about using.

We use CrowdStrike Falcon as a managed SOC for intrusion detection on our endpoints.

Being a cloud-native solution, CrowdStrike Falcon provides flexibility and always-on protection. This is extremely important to have the best protection available.

It is a fully managed service, so they provide all the necessary updates for us which is helpful.

While CrowdStrike Falcon provides us with better peace of mind in terms of protection, it also generates alerts for potential threats, requiring our investigation. However, the platform further alleviates our anxiety by automatically reviewing unaddressed alerts, offering an additional layer of security. This coverage fosters a heightened sense of security.

CrowdStrike Falcon has been instrumental in preventing breaches, allowing us to operate with significantly increased security compared to the past. This has provided us with much greater peace of mind. While no security solution is foolproof, Falcon has brought us remarkably close. 

The anomaly detection is the most valuable feature.

The portal can be clunky to navigate at times and has room for improvement.

I have been using CrowdStrike Falcon for two years.

I would rate the stability of CrowdStrike Falcon a nine out of ten. The only issue I have had is with an old version of the endpoint that was installed and has proven to be problematic. 

CrowdStrike Falcon is scalable.

The technical support is good and they provide prompt responses to all of our questions.

Positive

We implemented CrowdStrike Falcon in response to a security incident. It was the first endpoint detection and response service we had ever used, and we've been utilizing it since 2021.

Deploying the sensors to our endpoints is straightforward. We do have a manual process for deploying the sensors to our endpoints. There are also options to do it through a group policy. It doesn't seem overly complex.

We rolled the solution out to our entire estate which took just over one week. We had up to 300 endpoints and required a team of five people to complete the deployment.

CrowdStrike Falcon enables us to save on resources which in turn provides a 20 percent return on investment.

CrowdStrike Falcon offers excellent value for the money for our organization, particularly given our lean IT team. We lack the resources to replicate the full security services they provide without hiring additional personnel. The cost of Falcon is likely comparable to, or even less than, the salary and benefits we'd need for an extra employee. Furthermore, their on-call experts have more expertise, further enhancing the value proposition.

After a year, we reevaluated our endpoint security solution. We considered several options, including Arctic Wolf, SentinelOne, and Darktrace, alongside our existing Fortinet solutions. We participated in demos and ultimately determined that CrowdStrike's offering, both current and future, remained the best fit. While we hadn't initially explored other options before choosing CrowdStrike, external factors subsequently forced our hand. However, after a year of use and further evaluation, we reaffirmed our decision, concluding that CrowdStrike was still the most suitable solution for our needs.

I would rate CrowdStrike Falcon a nine out of ten.

We have around 300 endpoints and three people who have access to the solution.

Three people are required for maintenance.

CrowdStrike Falcon was recommended by our head office in Germany.

I recommend CrowdStrike Falcon. 

We use the solution for endpoint security. We use the tool to ensure the endpoints are protected from abnormal activities, people don't run different scripts, and people don't compromise endpoints and use them to get into the network.

The solution's most valuable feature is that it is robust and can detect almost every malicious activity that occurs within the endpoint.

I would like a centralized deployment where I could roll out or push it to all endpoints.

I have been using CrowdStrike Falcon Surface for two years.

CrowdStrike Falcon Surface is a very stable solution.

CrowdStrike Falcon Surface is a very scalable solution. A lot of customers are using CrowdStrike Falcon Surface. One of our customers for the solution has 12,000 endpoints.

The solution's technical support is handled centrally by CrowdStrike, and the support was also good and knowledgeable.

I didn't deploy the solution, but I supported customers that use it. I think it took them up to six months to deploy the CrowdStrike Falcon Surface.

The solution somehow doesn't allow intrusion and minimizes fraud or cyber-attacks. Within the time we're using it, CrowdStrike Falcon Surface detected a lot of intrusion from malicious individuals. It was able to prevent a lot of insider threats where people internally will want to run some malicious scripts within the environment.

It detects those malicious attacks quickly, and we can prevent them. It minimized a lot of cyber and fraud-related activities that could have cost the bank a lot of money.

CrowdStrike Falcon Surface is a cloud-based solution. In light of the recent global IT outage that affected CrowdStrike, they should do proper change management.

Overall, I rate the solution a nine out of ten.

The Insight feature is one we found the most useful. It does behavior-based analysis and gives us the most appropriate information.

The initial setup was easy.

It's pretty stable.

The scalability is good.

Most organizations are currently looking for a scheduled scan to meet their compliance needs. Other players like Symantec and Trend Micro, FireEye, et cetera, are still providing the signature-based regular scheduled scans also, which is not available in CrowdStrike. That is one parameter that we feel should be there in CrowdStrike. CrowdStrike is only working on the dynamic or the files under execution. CrowdStrike is not scanning the static files.

The product could be more accurate in terms of performance.

We'd like to have a single-click recovery option. With some machines getting corrupted by malware, we need an easy way to start with a blank slate if things happen. That one feature should be there in the EDR.

I've been working with the solution for three years. 

With CrowdStrike, we have found that there are a few missed detections. We would not say it is completely reliable or 100% reliable, however, the ratio of missed detection is more in CrowdStrike. In SentinelOne, we found that it was more accurate. We are seeing it act more efficiently.

We haven't had any issues with scalability. Being a cloud solution, it can scale well. 

Technical support is average. We are not seeing any extraordinary service and not many issues also. It's average, it is as expected.

I'm also familiar with Symantec, Trend Micro, SentinelOne, and FireEye.

The initial setup was pretty straightforward. It's not overly complex. You still need expertise, however, it's pretty reasonable. 

We did not need any outside assistance. 

The pricing of the solution is average. 

We are a managed security service provider.

We are using a SaaS offering and therefore, in terms of the version, we are not bothering so much on worrying which we are on. It is automatically getting updated. We are running on the latest version at all times.

While I would recommend the solution, CrowdStrike, when it first came into the market, it was sort of a single choice for many customers. Now, we can see there are many other competitors also. Those are providing pretty good functionalities in a more efficient way. We could see that other solutions are better than CrowdStrike.

I'd rate the solution seven out of ten.

The tool helps to increase security because the threats we face keep changing, so we need better protection. In the past, we've faced some attacks on our network, and while we managed to deal with them, we realized we needed even stronger protection. That's why we decided to implement CrowdStrike Identity Protection.

The main feature we rely on is the product's intelligence. We appreciate the advice from the team during implementation. One of the main reasons we chose this product is its compatibility with Office 365.

Improvement is always possible. It's challenging to gauge how much future mitigation is provided, especially since we've only been using the product for about one and a half years. Every product faces this challenge because nothing is ever completely foolproof. So, besides relying on technology, we also focus on increasing our staff's awareness of security issues. Feedback from my colleagues suggests that the reporting and dashboarding of incidents could be improved.

I have been working with the product for one and a half years. 

I rate the tool's stability an eight out of ten. 

Scalability isn't a problem for us. Many big multinational companies use CrowdStrike Identity Protection, so it's designed to handle environments like ours without any issues. My company has 500 users. 

The tool's deployment is easy. Thanks to the installation scripting we utilized, the technical rollout took about two weeks. Then, there was some additional time, around two to four weeks, for customization and configuration. After that, the systems were up and running. So, all in all, it took about three months to have our mitigation strategies in place. We have one engineer for maintenance. 

I rate the overall product an eight out of ten. I would recommend it to others. However, it's crucial to understand areas where the product might not provide coverage and how to mitigate those gaps. For example, it covers endpoints, networks, and Office 365 environments, but are there other areas in the attack surface that it doesn't address well? It's essential to be aware of any potential gaps upfront.

The solution helps in preventing incidents. However, it's challenging to quantify the exact impact because we don't know what would have happened without it. It's similar to having insurance for your house.