CrowdStrike Falcon Reviews

We use CrowdStrike Falcon for both our server and endpoint security, including our users' laptops and PCs.

CrowdStrike Falcon has made a significant difference for us, especially in mitigating ransomware and zero-day attacks. Its proactive and defensive response approach effectively isolates threats, setting it apart from other endpoint solutions.

Integrating CrowdStrike Falcon into our environment was seamless. Once we set the policy the software was activated immediately and distributed on all our endpoints.

The real-time response is highly effective. It automatically takes immediate action whenever it detects suspicious activity, alerting us to the problem and providing clear mitigation steps. In some cases, it even pushes through updates to resolve the issue proactively.

The usability and interface of CrowdStrike Falcon for daily operations are good. 

The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action.

CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR.

The pricing has room for improvement.

I have been using CrowdStrike Falcon for three years.

In the three years of using CrowdStrike Falcon, we have not encountered any stability issues.

CrowdStrike Falcon scales well. We are using it in a large environment with no problems.

The technical support is responsive.

Positive

We previously used both Symantec Endpoint Detection and Response and Kaspersky Endpoint Detection and Response but found that they lacked the 24/7/365 monitoring and response offered by CrowdStrike Falcon. Additionally, their detection capabilities, particularly for ransomware and zero-day attacks, were not as effective.

The initial deployment was straightforward and non-disruptive. The deployment took one week to complete.

We required two people from our organization for the deployment on-site and the CrowdStrike team worked remotely.

The CrowdStrike team helped with the implementation.

CrowdStrike Falcon is one of the more expensive endpoint solutions on the market.

I would rate CrowdStrike Falcon an eight out of ten.

We deployed CrowdStrike Falcon across all our locations, including subsidiaries and remote sites in various regions.

Maintaining CrowdStrike Falcon is simple because it only requires a client agent to be installed on the machine at the kernel level, below the operating system.

We're installing the solution on some of our external servers. It has a cloud portal, and we can control everything through the cloud. It's good for remote sites.

I like that it has a centralized cloud, and all the agents provide visibility on our remote sites. It offers good central management. It can be accessed through external networks.

The management is taken care of. It's a complete solution that's taken care of by CrowdStrike. We don't have to do anything. 

We'd like to see more integration capabilities. 

We need more log storage as CrowdStrike will dump all logs to the centralized server. 

I've been using the solution for five years. 

The solution is stable enough. We have not had any downtime. The only issue is if we have issues with the internet connectivity. 

We get support from their local vendors. We have a lot of local support. If they cannot handle the case, they directly forward the issue to CrowdStrike. The downside is that support asks for too many logs. We, of course, have to investigate first and try to solve the problem ourselves. 

Neutral

I've worked with Kaspersky. They are a similar solution. I've also used Microsoft Defender, which is also very similar. We do use a lot of Microsoft products, and Defender is readily available everywhere. They are the market leaders right now. Their software has very good integration across the whole Microsoft product offering. CrowdStrike, however, we have high trust with, as they are focused specifically on security, unlike Microsoft. CrowdStrike offers updates quicker than Microsoft or other services. 

The initial setup is a very fast process. Cloud solutions are fast to set up. They just give you access to their cloud and they have an API integration. It will be up and running within a few minutes. 

The tool is very expensive. It's similar to Microsoft Defender. That said, it's not overpriced. It's worth it for the level of security. We need it for our company. 

I'd rate the solution nine out of ten. 

The following is a list of use cases that were tested and evaluated against Crowd Strike along with different competitors.

1 - Execution of Fileless Ransomware - The test was conducted using PowerShell script execution, the script was executed using privileges rights and it was successful. Although all the preventive controls were enabled in the CS falcon dashboard, CS falcon had raised a red flag regarding fileless execution, however, the moment it let us know our system got encrypted.

2 - Uploading large volume of Data over the cloud - Using customized script in the USB, a test was conducted to copy (.docx, .xlsx, .pptx, .png, .jpg, .pdf, .txt, .rtf) files from the system. It performs a copy operation from the whole disk and creates a password-protected .zip file in APPDATA of the complete files, once the protected file is created it then checks the internet connectivity. As soon as the script finds connectivity with 8.8.8.8, 8.8.4.4. it starts sending the protected .ZIP file over its CnC cloud.

3 - Disabling of CS Falcon Agent - I have conducted a test to disable the Falcon agent from the Windows-based OS. The agent was successfully disabled by booting up another OS and renaming of agent files from the system.

4 - Perform Privilege Task in Crowd strike - CS roles have some additional privileges. While performing host containment, it has the ability to perform the following operations without informing the user: 

* Host Containment 
* Isolating the host from the network;
* Copying data from the host machine into the CS cloud;

Considering the above situation it may cause a breach of user privacy due to which user can file a complaint against InfoSec team.

The solution fits well in the organization and took out valuable output as expected from Endpoint Detection and Response solution.

This solution supersedes the requirement of an Endpoint Protection solution. The cost of EPP can be saved while using EDR.

One good thing is the active association of the Crowd Strike team in terms of support and coordination. 

Features that require further evaluation include:

Let's take an example of ten machines that require CS falcon agent installation. Apart from agent compatibility and ease of installation, one of the most important areas is the network bandwidth which would require whenever an agent updates the server through the cloud. 

An estimated network bandwidth utilization takes 0.4 MB/hour for a single machine to update its probes over the cloud. If we estimate the total working hours in our case it is eight hours, the formula would be 0.4 X 8 = 3.2 MB per host per day is the data uploading requirement on the cloud. It is highly recommended to assess a number of agents and the network bandwidth requirements.

The CS falcon agent is a lightweight agent compared with other agents of EDR products. Moreover, the following is the list of valuable features which I found very useful:
1 - Lateral Movement  
2 - Overwatch detections
3 - Custom IOC blocking
4 - Suspicious Process and Registry operations
5 - Azure/AWS agent installation and easy integration with SIEM
6 - Triage of the complete incident is well created in the CS dashboard. It helps to show complete details about the incident.
7 - It is an agent-based license not machine-based, so once the machine gets outdated/old, installation of the same agent license in another machine is possible.

Area of Improvement

The products still require improvement in the Apple environment (Mac). Currently, this solution (as of July 2022) is not compatible with MAC OS (X), Catalina, or Big Sur.

Similarly, the product is also not compatible with Unix-based systems including AIX, Darwin, and FreeBSD.

CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine.

Additional Features required in the Next release:

The product requires an add-on feature which should be a turnkey feature if it requires to be turned on to XDR no changes should be required to be made on the user end as the agent is already installed.

The solution has been used for around two years, including the demo version with full features and final version with specific features.

This solution has been used without any compatibility issue and/or technical failure due to anti-virus installation.

When we procured Crowd Strike as an EDR it was on the Gartner top ranking as well.

The agent was being utilized in Windows Servers (2016, 2019), Linux Servers (Fedora, Red hat, Cent OS), Windows Endpoints (10, 11), and Mac. 

The solution is stable and we have used it for more than 2500+ hosts.

It is a cloud-based solution - so scalability is not an issue.

When it comes to customer service and support is that the principal engages whenever required.

Positive

This was the first product that we evaluated out of 6 (six) products.

The setup was straightforward and it's easy to use.

A vendor team was engaged in the installation of the complete solution.

Licensing is relatively low than other EDR solutions.

We evaluated Carbon Black and FireEye.

Crowd Strike is a good solution. However, it requires you to build more features in protecting Endpoint agents for example:

DOM Improvement
DLL's Injections
Detection of CNC in Network Neighbors
Detection of similar attack surfaces in the network.

We use the solution for end-user devices.

The reporting console is phenomenal, and I can get a lot of data out of it. The reporting capabilities are much better than anything I've used before. With CrowdStrike Falcon, we can track machines much better.

One of the things that we built and used quite regularly is a remote wipe capability within CrowdStrike Falcon. The solution should have included remote wipe capability out of the box.

If we have a compromised or stolen machine, we can quarantine it within the CrowdStrike console. However, it doesn't include a feature that enables you to remotely wipe that machine via the console. We had to build that in separately.

I have been using CrowdStrike Falcon for two years.

We haven’t faced any issues with the solution’s stability.

The solution's scalability has been amazing. We started by deploying it to 30 users, and over three months, we expanded to 5,000 users with no issues.

For technical support, I open a ticket with the MSP, and they deal with it. Our MSP is excellent at resolving support tickets.

We previously used Symantec Endpoint Protection. We switched to CrowdStrike Falcon because it was a new vendor with new technology.

The solution's initial setup was very easy because we did an SCCM push for deployment.

Our MSP did a lot of the deployment work for us. The solution was deployed by a small team in three months. It took four of us to deploy the tool to 5,000 users.

The solution's pricing is great for us.

It took us about three months to adjust to the new client and switch from a file-level scanner to an AI-based CrowdStrike scanner to see where we felt the differences. CrowdStrike Falcon is deployed on the cloud in our organization. From an end-user perspective, the solution does not require any maintenance after deployment.

New users should be prepared for unexpected alerts. CrowdStrike Falcon views things very differently than many conventional antivirus tools.

Overall, I rate the solution a nine out of ten.

It also helps you with access, like we have dark web monitoring and admin protection management. So, the use cases can vary from organization to organization, but every organization has different value in it.

It helps to prevent unauthorized access or identity theft from external sites. If your identity is stolen, you can ban it.

Real-time monitoring is important because it runs multiple things on a single platform, like IDA, EDR, XDR, and SIM solutions. It captures all technology with one agent, which makes it easier for us to fix customer issues. 

Having a single console is helpful, especially when customers have multiple vendors for their products. It's easier to manage one partner. In this case, CrowdStrike Falcon helps.

One thing that is not yet available is attack simulation. For example, if someone tries to attack your Active Directory on inactive accounts, a cyber attacker could hack those accounts and try to get into your company. This could be a feature to add. It would give a fake reply each time someone tries to hack it. Multiple companies that I know of would like that.

I have been using it for two years. 

It is a stable product.

I would rate the scalability a nine out of ten.  It's a scalable solution that is very easy to deploy.

It is suitable for every kind of business, including small, medium, or enterprise businesses.

Technical support depends on a system integrator.

CrowdStrike technical support regarding Identity Protection has a team, but if there's no issue with the agent, you can work it out yourself.

The support is good.

Positive

The initial setup is easy. We only have one option available right now: on the cloud. It gets applied to endpoints, but it's cloud-based.

It is very easy to integrate this product into our existing environment.

It's a premium product.

From my end, it works. But it can be recommended or viewed by a personal customer. We are not the sole user of CrowdStrike Falcon. It's the end user.

I would recommend using it. For me, it is the best product ever. Overall, I would rate it an eight out of ten.  

We use CrowdStrike Falcon to investigate security detections for malicious activities in our environment.

CrowdStrike utilizes machine learning algorithms and detection rules to generate alerts for suspicious activity within our environment. We then investigate these detections individually, analyzing the details of each event.

In addition to automated detection, CrowdStrike allows for custom queries. For instance, if we need to investigate a specific host, we can leverage a cloud security language to examine its activity. Similarly, we can use CrowdStrike to search for activity related to particular users or hosts.

CrowdStrike Falcon provides significant additional value. It excels at identifying suspicious activity the moment an application appears in the environment, immediately bringing these incidents to the attention of our response team. Upon receiving an alert, our team can investigate and take appropriate action if anything malicious is found. In essence, CrowdStrike Falcon acts as a strong barrier against attackers.

In the past 3 years, we have encountered many scenarios where CrowdStrike Falcon has helped mitigate potential security breaches.

The detection and response console is the most valuable feature.

We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike. In these cases, the access disable process can be quite slow.

I'm using CrowdStrike Query Language, and I've noticed an issue with event backups. Searches exceeding a certain event threshold aren't capturing all results. For instance, if I run a search that returns 10,000 events in a single day, only 2,000 events are backed up. This limitation with CrowdStrike Query Language needs to be investigated.

I have been using CrowdStrike Falcon for over 3 years.

CrowdStrike Falcon is generally stable, although event searches may occasionally experience slow performance.

CrowdStrike Falcon's scalability is dependent on the license acquired.

The technical support live chat can experience long wait times. Submitting a ticket may result in a quicker response.

The company was using Carbon Black before I joined. When I came on board, they decided to switch to CrowdStrike.

I would rate CrowdStrike Falcon 9 out of 10.

CrowdStrike Falcon is deployed across multiple end-user systems and locations.

I recommend CrowdStrike Falcon. It's a wonderful security platform that's easy to use and requires minimal effort to maintain.

Our organization uses CrowdStrike Falcon for a variety of security tasks, including incident response, investigations, malware analysis, and threat hunting. This comprehensive platform excels at detecting malware across various technologies and endpoints within our environment.

CrowdStrike Falcon functions as a threat detection platform. It identifies malware based on pre-defined signatures and rules. Upon detection, it triggers a response and provides a dashboard for further analysis. This allows us to assess if the malware poses a risk to our organization or if it's a false positive. For confirmed threats, we can then delve deeper for a thorough investigation to uncover any underlying malicious intent.

Our primary goal is to prevent malware-related risks proactively. By leveraging CrowdStrike Falcon, a premium endpoint detection and response tool, we can safeguard our organization from malware exploitation attempts employed by hackers.

The primary advantage of CrowdStrike Falcon is twofold: reducing malware risk and providing advanced investigation capabilities. Traditional antivirus solutions struggle to keep pace with ever-evolving malware threats. CrowdStrike Falcon utilizes cutting-edge technology to proactively prevent these threats, minimizing the risk of infection. Falcon also features a threat intelligence platform that keeps us informed about the latest global malware threats and compromised tactics. This real-time awareness empowers us to proactively prevent threats before they impact our environment.

Recently CrowdStrike Falcon detected and mitigated malware that would have compromised several vulnerabilities in our environment.

Falcon's real-time response capability ensures we can quickly access any compromised host. This is a valuable advantage over other EDR tools.

The most valuable features of CrowdStrike Falcon include Falcon Fusion workflows and endpoint detection capabilities.

I've found that CrowdStrike's technical support could benefit from increased technical expertise. In my experience, their representatives haven't been able to resolve my issues as effectively as I would have liked.

I have been using CrowdStrike Falcon for 1.5 years.

I would rate the stability of CrowdStrike Falcon nine out of ten.

I would rate the scalability of CrowdStrike Falcon eight out of ten.

I've found the technical support staff to be less knowledgeable than I'd expect. Ideally, they should have expertise in all CrowdStrike modules, as we utilize a wide range of them.

Neutral

We previously used security solutions from Symantec, Trend Micro, Trellix, and Mandiant. However, CrowdStrike Falcon stood out as a more premium offering. Its advanced capabilities and comprehensive approach to security ultimately led us to switch providers after careful consideration of several factors.

The initial deployment was straightforward and took less than 15 days to complete.

There were between 30 to 40 people involved in the deployment. 

Our security engineering team implemented CrowdStrike Falcon entirely in-house. We also received some support from our internal desktop team and leveraged the expertise of an internal managed service provider team. No third-party vendors were involved in the deployment.

CrowdStrike Falcon is more expensive than other EDR solutions with similar features.

I would rate CrowdStrike Falcon nine out of ten.

After deployment, there are some simple maintenance tasks to keep everything functioning well.

New users should learn about the different modules of CrowdStrike Falcon and their functionalities to work effectively with the tool.

We use CrowdStrike Falcon for intrusion prevention management.

CrowdStrike Falcon proactively blocks threats and provides us with insights.

CrowdStrike Falcon integration is seamless.

The endpoint and server management are the most valuable features of CrowdStrike Falcon.

CrowdStrike Falcon's GUI requires improvement for user-friendliness. The console's available options are unclear, making it difficult to understand and extract details. Additionally, correlating information within the console and reports proves challenging.

I have been using CrowdStrike Falcon for two years.

CrowdStrike Falcon had some initial stability issues in our environment, likely due to its new integration. However, it appears to have matured and is now functioning reliably.

Being cloud-based, CrowdStrike Falcon offers easy scalability. Adding licenses through procurement increases resources without the need for additional hardware, making scaling straightforward.

While the technical support meets all response time commitments outlined in our Service Level Agreement, some users believe they should strive for a higher standard – a Security Level Target. This means responding to security incidents immediately, not just within SLA windows. Security tools are crucial for our environment's protection, and their use shouldn't be limited by SLA constraints.

Positive

After using Symantec, Trend Micro, McAfee, and VMware Carbon Black, we migrated to CrowdStrike Falcon due to a lack of support from the previous vendors and their shortcomings in comprehensive threat detection.

I would rate CrowdStrike Falcon eight out of ten.

The maintenance required is reasonable.

We have 6,000 endpoints in our environment.

CrowdStrike Falcon shines with its user-friendliness, providing clear insights into the endpoint environment. Proactive features are a major plus, offering actionable items and valuable attack path simulations that empower better decision-making.