CrowdStrike Falcon Reviews

We use CrowdStrike Falcon for both our server and endpoint security, including our users' laptops and PCs.

CrowdStrike Falcon has made a significant difference for us, especially in mitigating ransomware and zero-day attacks. Its proactive and defensive response approach effectively isolates threats, setting it apart from other endpoint solutions.

Integrating CrowdStrike Falcon into our environment was seamless. Once we set the policy the software was activated immediately and distributed on all our endpoints.

The real-time response is highly effective. It automatically takes immediate action whenever it detects suspicious activity, alerting us to the problem and providing clear mitigation steps. In some cases, it even pushes through updates to resolve the issue proactively.

The usability and interface of CrowdStrike Falcon for daily operations are good. 

The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action.

CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR.

The pricing has room for improvement.

I have been using CrowdStrike Falcon for three years.

In the three years of using CrowdStrike Falcon, we have not encountered any stability issues.

CrowdStrike Falcon scales well. We are using it in a large environment with no problems.

The technical support is responsive.

We previously used both Symantec Endpoint Detection and Response and Kaspersky Endpoint Detection and Response but found that they lacked the 24/7/365 monitoring and response offered by CrowdStrike Falcon. Additionally, their detection capabilities, particularly for ransomware and zero-day attacks, were not as effective.

The initial deployment was straightforward and non-disruptive. The deployment took one week to complete.

We required two people from our organization for the deployment on-site and the CrowdStrike team worked remotely.

The CrowdStrike team helped with the implementation.

CrowdStrike Falcon is one of the more expensive endpoint solutions on the market.

I would rate CrowdStrike Falcon an eight out of ten.

We deployed CrowdStrike Falcon across all our locations, including subsidiaries and remote sites in various regions.

Maintaining CrowdStrike Falcon is simple because it only requires a client agent to be installed on the machine at the kernel level, below the operating system.

We're installing the solution on some of our external servers. It has a cloud portal, and we can control everything through the cloud. It's good for remote sites.

I like that it has a centralized cloud, and all the agents provide visibility on our remote sites. It offers good central management. It can be accessed through external networks.

The management is taken care of. It's a complete solution that's taken care of by CrowdStrike. We don't have to do anything. 

We'd like to see more integration capabilities. 

We need more log storage as CrowdStrike will dump all logs to the centralized server. 

I've been using the solution for five years. 

The solution is stable enough. We have not had any downtime. The only issue is if we have issues with the internet connectivity. 

We get support from their local vendors. We have a lot of local support. If they cannot handle the case, they directly forward the issue to CrowdStrike. The downside is that support asks for too many logs. We, of course, have to investigate first and try to solve the problem ourselves. 

Neutral

I've worked with Kaspersky. They are a similar solution. I've also used Microsoft Defender, which is also very similar. We do use a lot of Microsoft products, and Defender is readily available everywhere. They are the market leaders right now. Their software has very good integration across the whole Microsoft product offering. CrowdStrike, however, we have high trust with, as they are focused specifically on security, unlike Microsoft. CrowdStrike offers updates quicker than Microsoft or other services. 

The initial setup is a very fast process. Cloud solutions are fast to set up. They just give you access to their cloud and they have an API integration. It will be up and running within a few minutes. 

The tool is very expensive. It's similar to Microsoft Defender. That said, it's not overpriced. It's worth it for the level of security. We need it for our company. 

I'd rate the solution nine out of ten. 

The following is a list of use cases that were tested and evaluated against Crowd Strike along with different competitors.

1 - Execution of Fileless Ransomware - The test was conducted using PowerShell script execution, the script was executed using privileges rights and it was successful. Although all the preventive controls were enabled in the CS falcon dashboard, CS falcon had raised a red flag regarding fileless execution, however, the moment it let us know our system got encrypted.

2 - Uploading large volume of Data over the cloud - Using customized script in the USB, a test was conducted to copy (.docx, .xlsx, .pptx, .png, .jpg, .pdf, .txt, .rtf) files from the system. It performs a copy operation from the whole disk and creates a password-protected .zip file in APPDATA of the complete files, once the protected file is created it then checks the internet connectivity. As soon as the script finds connectivity with 8.8.8.8, 8.8.4.4. it starts sending the protected .ZIP file over its CnC cloud.

3 - Disabling of CS Falcon Agent - I have conducted a test to disable the Falcon agent from the Windows-based OS. The agent was successfully disabled by booting up another OS and renaming of agent files from the system.

4 - Perform Privilege Task in Crowd strike - CS roles have some additional privileges. While performing host containment, it has the ability to perform the following operations without informing the user: 

* Host Containment 
* Isolating the host from the network;
* Copying data from the host machine into the CS cloud;

Considering the above situation it may cause a breach of user privacy due to which user can file a complaint against InfoSec team.

The solution fits well in the organization and took out valuable output as expected from Endpoint Detection and Response solution.

This solution supersedes the requirement of an Endpoint Protection solution. The cost of EPP can be saved while using EDR.

One good thing is the active association of the Crowd Strike team in terms of support and coordination. 

Features that require further evaluation include:

Let's take an example of ten machines that require CS falcon agent installation. Apart from agent compatibility and ease of installation, one of the most important areas is the network bandwidth which would require whenever an agent updates the server through the cloud. 

An estimated network bandwidth utilization takes 0.4 MB/hour for a single machine to update its probes over the cloud. If we estimate the total working hours in our case it is eight hours, the formula would be 0.4 X 8 = 3.2 MB per host per day is the data uploading requirement on the cloud. It is highly recommended to assess a number of agents and the network bandwidth requirements.

The CS falcon agent is a lightweight agent compared with other agents of EDR products. Moreover, the following is the list of valuable features which I found very useful:
1 - Lateral Movement  
2 - Overwatch detections
3 - Custom IOC blocking
4 - Suspicious Process and Registry operations
5 - Azure/AWS agent installation and easy integration with SIEM
6 - Triage of the complete incident is well created in the CS dashboard. It helps to show complete details about the incident.
7 - It is an agent-based license not machine-based, so once the machine gets outdated/old, installation of the same agent license in another machine is possible.

Area of Improvement

The products still require improvement in the Apple environment (Mac). Currently, this solution (as of July 2022) is not compatible with MAC OS (X), Catalina, or Big Sur.

Similarly, the product is also not compatible with Unix-based systems including AIX, Darwin, and FreeBSD.

CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine.

Additional Features required in the Next release:

The product requires an add-on feature which should be a turnkey feature if it requires to be turned on to XDR no changes should be required to be made on the user end as the agent is already installed.

The solution has been used for around two years, including the demo version with full features and final version with specific features.

This solution has been used without any compatibility issue and/or technical failure due to anti-virus installation.

When we procured Crowd Strike as an EDR it was on the Gartner top ranking as well.

The agent was being utilized in Windows Servers (2016, 2019), Linux Servers (Fedora, Red hat, Cent OS), Windows Endpoints (10, 11), and Mac. 

The solution is stable and we have used it for more than 2500+ hosts.

It is a cloud-based solution - so scalability is not an issue.

When it comes to customer service and support is that the principal engages whenever required.

Positive

This was the first product that we evaluated out of 6 (six) products.

The setup was straightforward and it's easy to use.

A vendor team was engaged in the installation of the complete solution.

Licensing is relatively low than other EDR solutions.

We evaluated Carbon Black and FireEye.

Crowd Strike is a good solution. However, it requires you to build more features in protecting Endpoint agents for example:

DOM Improvement
DLL's Injections
Detection of CNC in Network Neighbors
Detection of similar attack surfaces in the network.

The Insight feature is one we found the most useful. It does behavior-based analysis and gives us the most appropriate information.

The initial setup was easy.

It's pretty stable.

The scalability is good.

Most organizations are currently looking for a scheduled scan to meet their compliance needs. Other players like Symantec and Trend Micro, FireEye, et cetera, are still providing the signature-based regular scheduled scans also, which is not available in CrowdStrike. That is one parameter that we feel should be there in CrowdStrike. CrowdStrike is only working on the dynamic or the files under execution. CrowdStrike is not scanning the static files.

The product could be more accurate in terms of performance.

We'd like to have a single-click recovery option. With some machines getting corrupted by malware, we need an easy way to start with a blank slate if things happen. That one feature should be there in the EDR.

I've been working with the solution for three years. 

With CrowdStrike, we have found that there are a few missed detections. We would not say it is completely reliable or 100% reliable, however, the ratio of missed detection is more in CrowdStrike. In SentinelOne, we found that it was more accurate. We are seeing it act more efficiently.

We haven't had any issues with scalability. Being a cloud solution, it can scale well. 

Technical support is average. We are not seeing any extraordinary service and not many issues also. It's average, it is as expected.

I'm also familiar with Symantec, Trend Micro, SentinelOne, and FireEye.

The initial setup was pretty straightforward. It's not overly complex. You still need expertise, however, it's pretty reasonable. 

We did not need any outside assistance. 

The pricing of the solution is average. 

We are a managed security service provider.

We are using a SaaS offering and therefore, in terms of the version, we are not bothering so much on worrying which we are on. It is automatically getting updated. We are running on the latest version at all times.

While I would recommend the solution, CrowdStrike, when it first came into the market, it was sort of a single choice for many customers. Now, we can see there are many other competitors also. Those are providing pretty good functionalities in a more efficient way. We could see that other solutions are better than CrowdStrike.

I'd rate the solution seven out of ten.

We use the solution for end-user devices.

The reporting console is phenomenal, and I can get a lot of data out of it. The reporting capabilities are much better than anything I've used before. With CrowdStrike Falcon, we can track machines much better.

One of the things that we built and used quite regularly is a remote wipe capability within CrowdStrike Falcon. The solution should have included remote wipe capability out of the box.

If we have a compromised or stolen machine, we can quarantine it within the CrowdStrike console. However, it doesn't include a feature that enables you to remotely wipe that machine via the console. We had to build that in separately.

I have been using CrowdStrike Falcon for two years.

We haven’t faced any issues with the solution’s stability.

The solution's scalability has been amazing. We started by deploying it to 30 users, and over three months, we expanded to 5,000 users with no issues.

For technical support, I open a ticket with the MSP, and they deal with it. Our MSP is excellent at resolving support tickets.

We previously used Symantec Endpoint Protection. We switched to CrowdStrike Falcon because it was a new vendor with new technology.

The solution's initial setup was very easy because we did an SCCM push for deployment.

Our MSP did a lot of the deployment work for us. The solution was deployed by a small team in three months. It took four of us to deploy the tool to 5,000 users.

The solution's pricing is great for us.

It took us about three months to adjust to the new client and switch from a file-level scanner to an AI-based CrowdStrike scanner to see where we felt the differences. CrowdStrike Falcon is deployed on the cloud in our organization. From an end-user perspective, the solution does not require any maintenance after deployment.

New users should be prepared for unexpected alerts. CrowdStrike Falcon views things very differently than many conventional antivirus tools.

Overall, I rate the solution a nine out of ten.

It also helps you with access, like we have dark web monitoring and admin protection management. So, the use cases can vary from organization to organization, but every organization has different value in it.

It helps to prevent unauthorized access or identity theft from external sites. If your identity is stolen, you can ban it.

Real-time monitoring is important because it runs multiple things on a single platform, like IDA, EDR, XDR, and SIM solutions. It captures all technology with one agent, which makes it easier for us to fix customer issues. 

Having a single console is helpful, especially when customers have multiple vendors for their products. It's easier to manage one partner. In this case, CrowdStrike Falcon helps.

One thing that is not yet available is attack simulation. For example, if someone tries to attack your Active Directory on inactive accounts, a cyber attacker could hack those accounts and try to get into your company. This could be a feature to add. It would give a fake reply each time someone tries to hack it. Multiple companies that I know of would like that.

I have been using it for two years. 

It is a stable product.

I would rate the scalability a nine out of ten.  It's a scalable solution that is very easy to deploy.

It is suitable for every kind of business, including small, medium, or enterprise businesses.

Technical support depends on a system integrator.

CrowdStrike technical support regarding Identity Protection has a team, but if there's no issue with the agent, you can work it out yourself.

The support is good.

Positive

The initial setup is easy. We only have one option available right now: on the cloud. It gets applied to endpoints, but it's cloud-based.

It is very easy to integrate this product into our existing environment.

It's a premium product.

From my end, it works. But it can be recommended or viewed by a personal customer. We are not the sole user of CrowdStrike Falcon. It's the end user.

I would recommend using it. For me, it is the best product ever. Overall, I would rate it an eight out of ten.  

A popular choice for Data Loss Prevention is CrowdStrike Falcon. This is the primary function our clients leverage it for, as it offers industry-leading DLP capabilities.

CrowdStrike Falcon has helped our customers secure their confidential data.

The DLP is the most valuable feature of CrowdStrike Falcon. Additionally, the scanning is good and the deployment is easy.

The console is not user-friendly or visually appealing and has room for improvement. I would like a single pane of glass dashboard.

I have been an integrator of CrowdStrike Falcon for one day. 

CrowdStrike Falcon is stable.

I have also worked with Trend Micro and Panda.

The initial deployment is straightforward. I would rate the ease of setup nine out of ten.

Two people are required for the deployment.

I need to upgrade the software occasionally but it doesn't require continuous maintenance.

While the specific deployment time varies depending on each client's individual environment, on average the process can be completed in a couple of days.

I only deploy the solution for clients, I don't calculate their ROI.

CrowdStrike Falcon's pricing is reasonable. We can customize features and that affects the pricing.

We pay 40,000 dirhams per 100 users.

I would rate CrowdStrike Falcon nine out of ten.

Our clientele ranges from small to enterprise-level businesses.

I recommend CrowdStrike Falcon as it provides all the features of an EDR.

We use CrowdStrike Falcon for endpoint protection and cybersecurity.

We implemented CrowdStrike Falcon to ensure our systems were secure and there were no infiltrations to our system.

We deploy CrowdStrike Falcon across a variety of platforms, including cloud and edge environments. We ensure it meets rigorous security standards, is properly certified, and adheres to our data management policy.

We integrated CrowdStrike Falcon with our end-user systems and servers.

Since implementing CrowdStrike Falcon, we haven't experienced any serious threats, and we've seen a decrease in phishing and ransomware emails. This suggests it's been very effective in mitigating those threats.

The UI is easy to use and comprehensive.

CrowdStrike Falcon's performance has improved our user productivity.

CrowdStrike Falcon offers a comprehensive dashboard that is highly effective in protecting against and blocking external infiltration attempts.

The pricing structure should allow for some flexibility.

I have been using CrowdStrike Falcon for almost 3 years.

CrowdStrike Falcon is stable.

I would rate the scalability of CrowdStrike Falcon 8 out of 10.

The technical support is good. We have not had any issues with them.

Positive

The initial deployment was straightforward. The deployment doesn't take more than one day. Those involved with the deployment are system engineers, IT analysts, and software engineers.

The implementation was completed in-house.

The price is fixed with no room for negotiation.

I would rate CrowdStrike Falcon 8 out of 10.

We have deployed CrowdStrike Falcon in multiple departments, locations, and satellite offices.

CrowdStrike Falcon doesn't require maintenance from our end other than the updates.

I recommend CrowdStrike Falcon to others.