CrowdStrike Falcon Reviews

We use CrowdStrike Falcon for endpoint protection and cybersecurity.

We implemented CrowdStrike Falcon to ensure our systems were secure and there were no infiltrations to our system.

We deploy CrowdStrike Falcon across a variety of platforms, including cloud and edge environments. We ensure it meets rigorous security standards, is properly certified, and adheres to our data management policy.

We integrated CrowdStrike Falcon with our end-user systems and servers.

Since implementing CrowdStrike Falcon, we haven't experienced any serious threats, and we've seen a decrease in phishing and ransomware emails. This suggests it's been very effective in mitigating those threats.

The UI is easy to use and comprehensive.

CrowdStrike Falcon's performance has improved our user productivity.

CrowdStrike Falcon offers a comprehensive dashboard that is highly effective in protecting against and blocking external infiltration attempts.

The pricing structure should allow for some flexibility.

I have been using CrowdStrike Falcon for almost 3 years.

CrowdStrike Falcon is stable.

I would rate the scalability of CrowdStrike Falcon 8 out of 10.

The technical support is good. We have not had any issues with them.

Positive

The initial deployment was straightforward. The deployment doesn't take more than one day. Those involved with the deployment are system engineers, IT analysts, and software engineers.

The implementation was completed in-house.

The price is fixed with no room for negotiation.

I would rate CrowdStrike Falcon 8 out of 10.

We have deployed CrowdStrike Falcon in multiple departments, locations, and satellite offices.

CrowdStrike Falcon doesn't require maintenance from our end other than the updates.

I recommend CrowdStrike Falcon to others.

We use CrowdStrike Falcon for intrusion prevention management.

CrowdStrike Falcon proactively blocks threats and provides us with insights.

CrowdStrike Falcon integration is seamless.

The endpoint and server management are the most valuable features of CrowdStrike Falcon.

CrowdStrike Falcon's GUI requires improvement for user-friendliness. The console's available options are unclear, making it difficult to understand and extract details. Additionally, correlating information within the console and reports proves challenging.

I have been using CrowdStrike Falcon for two years.

CrowdStrike Falcon had some initial stability issues in our environment, likely due to its new integration. However, it appears to have matured and is now functioning reliably.

Being cloud-based, CrowdStrike Falcon offers easy scalability. Adding licenses through procurement increases resources without the need for additional hardware, making scaling straightforward.

While the technical support meets all response time commitments outlined in our Service Level Agreement, some users believe they should strive for a higher standard – a Security Level Target. This means responding to security incidents immediately, not just within SLA windows. Security tools are crucial for our environment's protection, and their use shouldn't be limited by SLA constraints.

Positive

After using Symantec, Trend Micro, McAfee, and VMware Carbon Black, we migrated to CrowdStrike Falcon due to a lack of support from the previous vendors and their shortcomings in comprehensive threat detection.

I would rate CrowdStrike Falcon eight out of ten.

The maintenance required is reasonable.

We have 6,000 endpoints in our environment.

CrowdStrike Falcon shines with its user-friendliness, providing clear insights into the endpoint environment. Proactive features are a major plus, offering actionable items and valuable attack path simulations that empower better decision-making.

We use it for threat detection and threat hunting.

We are an MSP. We have deployed this in our customer environment, and we use it to detect threats in their environment. It is beneficial for customers to find cybersecurity-related threats on the endpoints.

The out-of-the-box configurations and threat intelligence provided by CrowdStrike are better than other vendors and competitors in this field. It improves our security strategy because we are building threat intelligence on top of CrowdStrike-provided detection.

We are building SIEM use cases on top of the data provided by CrowdStrike. There is reliability, and the response that we get from it is very fast. If any incident happens on the endpoint, it immediately detects that and sends that to our SIEM.

Endpoint security is a very crucial aspect of cybersecurity. Integrating CrowdStrike helps a lot to identify and dig deeper into the threats.

Its integration capability is valuable. It integrates easily with any OS. 

They are good at what they are doing, but they can add more use cases. They can improve their documentation. It is a very big aspect where they are lacking. They have documentation, but it is behind the wall of authentication. It is not available publicly.

In terms of features, I would like them to add detailed logging functionality in CrowdStrike. Currently, CrowdStrike detects the threats immediately based on the IOCs and the signature-based policies or many threat behaviors, but in terms of logging those threats, it is not very good. The information that they provide in the logs is very little. They can build more analytics into it. If they can add more information about an event, it will be beneficial for us and everyone else who is using CrowdStrike.

I have been using this solution for four years. I have had hands-on experience with it for about two to three years.

It is a stable product.

I have not interacted with their support team. It is not a part of my job.

I work with multiple vendors, not only CrowdStrike, in the endpoint space, and the CrowdStrike UI is better than others. The response of CrowdStrike is better than other vendors.

It is deployed on the cloud. Its deployment is of moderate complexity. It is not easy, and it is also not difficult. Overall, it is easy to deploy and manage CrowdStrike Falcon across the organization.

I would definitely recommend CrowdStrike Falcon. It is better than other solutions, such as VMware Carbon Black. CrowdStrike is doing better in this space. 

If you are using CrowdStrike Falcon for the first time, it will be easy for you. You can definitely use it.

Overall, I would rate CrowdStrike Falcon an eight out of ten. 

We use the EDR feature.

This is unlike any other EDR solution that I am familiar with. It provides very good protection and the ability to crosscheck environments. It's really helpful in investigating any alerts and is easy to use. You can use some of the Splunk language to search. 

We've tried some integrations with solutions, closing off false positives and things like that. Falcon could include more features in that area. In addition, some features are modularized and we're unable to buy them as we're in the healthcare field and limited in the amount we can invest. 

I've been using this product for close to 18 months. 

We haven't had any stability issues. 

The solution is very scalable but we had issues with some groups, that manage their own devices and wanted to have access to self-manage them. We weren't able to do that, unfortunately.

My team has interacted with tech support and I believe the issues were resolved in a timely manner.

Positive

We previously used other solutions such as Setinel One.

The initial setup was very straightforward and smooth.

Falcon is more expensive than every other solution on the market. That said, they do have a better product than anyone else.

Some of the default settings are set to 'easy' which isn't sufficient. We had some conversations around this and the recommendation was to change some of these settings to more aggressive ones on the policy side. I know some organizations have had issues automatically updating CrowdStrike to the latest version. I recommend going through the change process but saving it at minus one for a while to avoid all the negative downtimes where you might need to roll back to the previous update.

When we switched to CrowdStrike, we didn't expect it to find anything that was already on the computer because the primary reason we swapped was because of EDR. But it did find things that were dormant as well as other things.

I rate this solution nine out of 10. 

Falcon helps my client improve productivity. About 5,000 users at the client company are using the product. 

CrowdStrike enables the infrastructure managers to visualize all the events and get information about the network.

It's important for the customer to have surety that all the workstations are protected. 

There are some areas where some customers would prefer a different service.

About four months ago, I and my other partners started preparing a presentation to propose CrowdStrike to a client.

Falcon is a highly stable product.

I rate CrowdStrike's support 10 out of 10. 

Positive

We worked with other solutions, like Trend Micro. CrowdStrike's advantage is that the agent is light, so it doesn't require many resources on the machines. It's easy to install, and the results are useful to the organization.

I'm not directly involved with the setup. I prepare a proposal, and another department deploys the solution. Falcon doesn't require maintenance because the product runs in a cloud environment.

We use a reseller and an integrator.

I rate CrowdStrike Falcon 10 out of 10 for ROI.

My customers pay for yearly licenses. I rate CrowdStrike Falcon 10 out of 10 for affordability.

I rate CrowdStrike Falcon 10 out of 10.

It is currently our antivirus and EDR platform that we use to export incidents to our SIEM and automation platform, SOAR. We use Demisto for our SOAR.

The solution is fully deployed in our organization. We are primarily Windows. There are four major hospital sites with a couple thousand endpoints each. We probably have 600 remote workers due to COVID-19. I would probably say there are 7,000 VDIs inside of Citrix. Then, the rest are probably small clinical sites with no more than 50 to 80 people at each one. They make up the bulk of the rest, and probably 99 percent of that is Windows or server-based. We only have maybe 30 Macintoshes in the whole system and about as many Linuxen.

We are using Windows agent 618.

It talks to a lot of our other systems. It allows us to correlate data between our firewalls. This way, we can connect whether network activity is relating to an endpoint detection for faster correlation. It provides more data about the endpoint quicker than if we were to go out to the endpoint and collect that data manually. In general, I see that it speeds up our playbooks pretty dramatically, as far as our workflow.

We have what we call our phishing playbook. It is an all-in-one, where an email comes into the organization, a user reports it to us, it comes into our automation platform, and then it kicks off a whole bunch of other stuff. For the phishing playbook (which does have a malware component to it) to go out to all the individual tools, that could have taken two and a half hours for it to run the entire phishing book manually, going to all those individual pieces. Now, we can have one done in 15 minutes. The phishing playbook is a catch-all that has multiple systems in there too. As far as collecting data from many different parts, it speeds that up. In general, we have noticed time savings. 

I would give them probably about as high as I would be willing to give any organization. I would give them an eight out of 10, as far as their effectiveness, for preventing breaches. In general, we feel more secure knowing that we are not relying on multiple different technologies to provide a different kind of protection. We were using a couple other different pieces of software to do a portion of what CrowdStrike is doing for us. We are getting a more comprehensive protection, which is good.

We like the ability that if there is an issue at a third-party clinic that is affiliated with us in some way, then we can go in there quickly and install our agent, protecting them if something were to happen. For example, we had at doctor's offices where there were phishing incidents, then we went in there and installed the CrowdStrike agent. 

I like the herd immunity, their Falcon X version. If another organization somewhere else gets hit by a piece of malware that has not been seen before, we will get that protection in however long it takes them to analyze it and push that detection to everybody else. I find that extremely helpful.

The second most useful feature to me is the intelligence modules.

I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good.

When we first went to CrowdStrike and purchased it, a lot of my team members all had the same issue: There was too much information. Initially, when the user logged in, they were getting dumped on, like a five-gallon bucket of ice. Trying to sort through it all, you can get lost easily. Until you have really had time in the solution to really digest how to use things, it is information overload. We didn't get that from Palo Alto XDR.

I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup. 

We have been using it since about June of last year. That is around when we officially purchased it, but we had been running it as a PoC since about March or April of last year.

The stability has been fantastic. I have had no stability issues at all. It has never caused a problem of any sort that we have had across in the organization for a PC "acting funny" kind of ticket coming in. Those have never been CrowdStrike agents.

Because this is a cloud-native solution, it provides us with flexibility and always-on protection. That is just the nature of what SaaS applications are. In a very general sense, I wasn't looking at CrowdStrike because it is a SaaS application. That has been a minor point to me. Just one of those, "Oh yeah, your SaaS." It is almost expected nowadays with a lot of your more modern XDR platforms that it has to be always-on, 99.999 percent uptime.

As far as general maintenance, it makes it a bit easier as far as overhead. If there were servers onsite, we would have to take care of those as well as the care and feeding of them. Making it SaaS does make it easier, which provides us some extra man-hours as far as taking care of the hardware behind running it. There is that added benefit, which is nice. The configuration of the agents probably makes it a bit more automated, so that is nice as well. These are just secondary points to me. If we had to do the maintenance, I would be perfectly happy with doing it.

All our security team monitors it. There are five of us in the console daily actively using it. I am probably the only true administrator who will change policies or anything like that in there.

A couple people have access outside of the security team, but I have not seen them login. We have a couple of our server admins have access where they have view rights, but they don't go in because they don't have issues. One or two people on our Citrix team have access, but they don't go in either. Also, one or two of our end users might have access.

The scalability has been fast and easy. We did so many endpoints very quickly without any issues.

It is fully deployed across our organization. We can't really expand anymore unless we are adding/buying clinics.

Now that we are a full-on customer, CrowdStrike technical support has always been spot on. It is one of the best that we have. It is way better than Microsoft and many other pieces of software out there. In my personal experience with the technical support, it is one of the best that we have had. That could be because we have an awesome TAM and great customer service manager. If I reach out to them, then they are on top of things.

One factor behind why we chose CrowdStrike is that we were getting rid of multiple agents to go to one CrowdStrike agent. When we had Carbon Black Protection previously, they were ripping us off. It was a lot. We are paying substantially less with CrowdStrike. Carbon Black Protection is only for application whitelisting, and that is all it does. It is not AV. It is not anything else. That was just one piece of software that we were using. So, getting rid of Carbon Black Protection more than paid for CrowdStrike, and then some.

We were also previously using Microsoft SCEP.

There was a slight decrease in lag time when we removed Carbon Black and put CrowdStrike on, but CrowdStrike moved it back up slightly. However, it was still less than the Carbon Black agent. We did see a slight performance increase with the OnBase application, which is linked to Epic.

CrowdStrike requires tuning out-of-the-box. When we first installed, we set the protections and configurations as recommended from CrowdStrike. We were getting absolutely inundated by detections and incidents. It required probably about a month or two of tuning to really dial into the number of what we would call, "expected incidents". Even now, I would say about 90 percent of what we see are probably false positives, but they are false positives that make us scratch our head, and say, "Is this really something or not?" These are not, "Oh hey, this is Windows Media Player that is getting flagged." These are legitimate false positives worth the investigation, but it takes some dialing in. 

It was exceedingly easy to deploy the solution’s sensor to our endpoints. We had zero issues. We used Microsoft SCCM. We programmed the string and all the commands, then we were off to the races. We programmed one SCCM job by GPO to do all of it. We had 14 total failures, which we found out later was not a CrowdStrike issue. It was an endpoint issue for those failures. Across 20,000-plus endpoints, 14 failures is really good. We deployed it in five days. That includes production servers, test servers, medical endpoints, etc.

The PoC deployment was only 25 endpoints. It was just downloading the agent, then manually installing it. That was a 48-megabyte install. It took two minutes, click two check boxes, enter a string, and you're off to the races. The test install was super easy too.

Our implementation strategy was probably the same as many other organizations. We did the workstations and laptops first, then we did test servers followed by the production servers. 

We had to tailor how many agents we were pushing out at a time via SCCM. The way we had built our job, it was doing a CrowdStrike install, but it was also uninstalling a couple of other pieces. It was having issues on that uninstalled portion. So, the SCCM job would fail. Then, we would get a kind of success where CrowdStrike was installed, but it had failed to uninstall the other portion. Therefore, it was a strange kind of limbo where CrowdStrike and Carbon Black did not play well together at all, like it would absolutely just fail. For example, we had a couple instances where they were both on a machine at once, so we had to tailor how many machines we were doing in a time break, e.g., every 30 minutes, we were doing 500 machines. Every 30 minutes is essentially what we did for a couple of days at a time during business hours so we could monitor it.

It was just the SCCM guy and monitoring it like a hawk. That is all we did for those five days. We just watched it. He was the one doing all the work. He programmed the job and everything. I just gave him the code and watched the CrowdStrike console. If necessary, I went into Carbon Black and manually uninstalled it from there too.

The only help I had from CrowdStrike was to confirm this would work in Citrix. For example: 

• Do we have the correct install language for Citrix? Because the VDI requires a couple of different switches turned on. 
• Is SCCM going to work?  
• Does this look right to you? 

We just basically had them bless it off, "Yeah, it says right here in the manual that this is good." We kind of followed the manual, then we had no issues. However, we just wanted to make sure about that Citrix VDI. So, we did have them actually look at that and make sure that the switches were good.

Agent overhead on the systems has been lowered slightly. We haven't had any tickets coming in, saying, "Oh no, CrowdStrike is messing up my PC. Come fix it." We had this with Carbon Black Protection. It has cut down on the number of support requests for other teams. 

I can't even talk about performance overhead, which is good. Our Citrix team hasn't noticed any extra increases in their Citrix workloads, as far as Citrix Server usage overhead, because we also deploy the CrowdStrike agent virtually. It has not slowed down any of the clinical applications, which was a huge win. If it had slowed down any of our clinical applications, especially the more time-sensitive ones, then it would have been a no-go. It would have been a red flag, "You're out the door," and it did not slow any of them down.

We saw ROI by removing Carbon Black Protection, which costs way more than CrowdStrike costs us. Right there, we already earned back and saved money by removing that solution. Turning off Carbon Black Protection and Microsoft SCEP AV were a huge amount of system overhead saved. Easily coordinating between multiple different pieces of software and gathering that information quickly was another time save. 

I am saving at least an hour or two a day by not having to go into Carbon Black Protection to figure out some sort of strange whitelisting issue.

One part that I don't like about CrowdStrike is that you have to pay for the extra feature of Falcon X. I don't like the a la carte nature of it. I do find that feature to be one of the most useful.

The pricing and licensing are reasonable. I don't think we are getting charged more than what it is worth. It is fair, but I do not like how it is a la carte. I realize they do that so other organizations can buy and get the agent, getting it cheaper than you could otherwise.
However, if you want the main core package, which has all the main features with the exception of maybe the multi-cloud protections, that can get pricier for an organization. So, you have to pick and choose what you want. I do not care for a la carte pricing.

We had contacted one of our software vendors, who put us in contact with CrowdStrike directly. We did a PoC for about 60 days. This was right at the COVID-19 kickoff. They weren't as strict on the 14 days, then you are done. They said, "Use it for as long as you like." 

Getting the free trial was super easy. As soon as they spun it up in the cloud, they said, "Here is your login information. Soon as you get your agent, here is the connection string that you will need with this agent when you have run your install." Done. 

When I got the go ahead from my director that we had officially purchased it, I was able to fully deploy to our 22,000-plus endpoints in five days. We had a full deployment in five days.

The free trial was critical. I don't think we would have gone with it if we had not been able to at least kick the tires on it some. We had to make sure that it wasn't going to interfere with our medical applications that are time sensitive.

The other major vendor that we were looking at besides CrowdStrike was Palo Alto XDR. CrowdStrike is a more mature product than Palo XDR, but with that goes some bureaucratic sluggishness. I personally had some issues with CrowdStrike, as far as getting support in a timely manner when I was still a trial customer. Now, as a full-on customer, I don't have any of those issues as far as slow support. They are always very on top of things. But as a test drive, it took far too long getting any support to get a user reset and logged into the platform. It took days. I was very upset about that. However, with that maturity, you have your full built-in intelligence module, which is one of their big selling points. It was fantastic having all that data.

Palo Alto XDR probably had more out-of-the-box API integrations that we use, because we use the Palo Alto XSOAR. It would have linked immediately and perfectly right out-of-the-box. Basically, with a click of a button, it would have been on. A majority of our security work comes from XSOAR. That would have been a huge win. Because of legal issues, CrowdStrike and XSOAR have an API link, but it is not terribly useful or intuitive to use without a lot of customization. Unfortunately, with a small team, nobody really has time to dig into the API and do all sorts of customization, trying to program it to get it to be just right. We have too much more operational work to do.

Other than that, the protections between the two are equal. I didn't see any decrease in that. I would just say CrowdStrike was more feature-based, and that Palo Alto's feature-base wasn't fully quite there yet. Things were a little bit more intuitive to me on the Palo Alto product than the CrowdStrike product. However, the maturity of the CrowdStrike product eventually won out.

I personally liked the Palo Alto product a little bit better than CrowdStrike because I could see where it was going. It was a difference of GUIs, essentially. With the recent updates from CrowdStrike, it has made this a little bit better.

Our CIO had a previous good experience with CrowdStrike. That was the reason why we went with CrowdStrike over XDR. Essentially, what it boiled down to, someone with a higher pay grade above me had a previous good experience.

We just signed a contract with an organization for another piece of software to do our multi-cloud protection.

We get a lot of our ideas for software that we want to take for a test drive through Magic Quadrant reports.

It being SaaS was of no importance to me. If I wanted the solution, then had to build an on-site server for it or not, that makes no difference to me. I know for some people who have overhead, that is where it matters. Personally, it does not at our organization. I was more interested in getting the best of breed.

CrowdStrike Store is pretty interesting and always intrigues me. It typically will take you to another vendor's website for another piece of software that you would have to buy and install. So, it is one of those things like, "Oh, that is nice to know that you integrate with these other people. But, we don't have money right now to be looking at these other people's software that easily integrates but still requires their own agent to be installed on the PC." It is kind of an advertisement shop saying we work well with these other pieces of software.

Try it. Try all the features. Because if you go with a trial and don't try all the features, then you are not going to know if it's going to work for you or not. Try everything that you possibly can. I know some organizations who will "try it" and install it, but they won't do anything with it. In this case, we actually did. We actually tried to use all the features and create issues. We tried to kick the system over, and it didn't. 

Biggest lesson learnt: Rely more on our technology, trust our processes, and trust the software more. I think that is just an organization maturing from an old-school antivirus and application whitelisting/blacklisting mentality to a next-generation antivirus mentality, where you are trusting your software to operate. You are trusting your processes and playbooks to run automatically. As we matured and went with CrowdStrike, we are now relying more on our automated processes to run.

I would give it an eight out of 10. There are areas of improvement, especially with the search because it's a time burden and causes issues for our team. Other than that, everything else that we are getting has been fantastic. It is great overall.

I have been surprised by the new features coming out. When they add a new feature to an agent release, it doesn't seem pell-mell. They have a thoughtful consideration to what they are adding. The upgrade schedule is not overly burdensome nor is their path for pushing out those new features burdensome. We can keep up with them. So, they are not pushing out 20 features on one agent and none for the next 10 iterations, and then another 20. It's one or two every couple of iterations. It is trickling, which makes it easier to test things and run them through our CAB. That has been helpful.

We are a CrowdStrike Falcon distributor that helps clients monitor their environments for malicious activity coming from the internet.

Both users and administrators find CrowdStrike Falcon easy to use.

I like the vulnerability assessment and proactive hunting features of CrowdStrike Falcon.

To simplify the budgeting process for our clients, CrowdStrike should consider offering bundled packages that include essential features. The separate model pricing structure can make it challenging for clients to gain approval for their security needs.

CrowdStrike could consider regional pricing models to better reflect the economic realities of different markets.

I have been using CrowdStrike Falcon for 2 years.

CrowdStrike Falcon is stable.

CrowdStrike Falcon is scalable.

We have also used Sophos. CrowdStrike Falcon is a better solution but Sophos is more affordable.

The deployment is straightforward.

The cost of CrowdStrike Falcon in Latin America seems high relative to the economic conditions in the region.

I would rate CrowdStrike Falcon 9 out of 10.

To realize the benefits of CrowdStrike Falcon, it's recommended to conduct a proof of concept first. You should then start to see the advantages within a few months.

No maintenance is required from our end.

To ensure the successful implementation of CrowdStrike Falcon, it's essential to have a complete network map and inventory of all resources and devices.

We are using it as an EDR solution for endpoint protection. 

Everything is changing rapidly nowadays, and new threats can come into the organization from any source. I have found this product to be very useful. 

If I want to drill down into an unusual activity or something else, I can do that. I can go deep into what processes were involved, what network operations were involved, and what unauthorized users wanted to do. I can see how CrowdStrike processed and blocked the operation. The investigation is very easy for me. I can go to the tree level and see what is going on. It is very useful.

The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that. In my previous experience, when anything was getting scanned, our PCs would become slow. Users would complain about PCs getting slow. This is a positive point of CrowdStrike Falcon.

The dashboard area must be improved. We have integration with Splunk, and we are creating a dashboard there. Their dashboard area must be up to date. It should have more details and more options to create the reports and things like that.

I have some concerns about their support. I am not happy or satisfied with their support. Something happened, and we opened a ticket. Their support engineer just vanished, and after a month, he came back and told us that he was off work and could not pursue the ticket. He said that he now has the time, but logs are gone because there is a time limit. We were asked to repeat the test. This is very unusual for me. 

In my organization, we have been using it for the last one and a half years. I have been using it for the last two to three months because I recently joined the organization.

From my understanding and observation, it is a stable product, but I have been using this product only for the last two to three months. I am just in the learning phase.

We have almost 3,000 users using this solution. 

I would rate CrowdStrike's support team a three out of ten. Their support is unacceptable for us. We are doing some testing ourselves. When we found an issue where CrowdStrike should have blocked something but did not, we opened a ticket with CrowdStrike. They tried to communicate with us and looked at the files that we shared. We had updated signatures, and we shared with them the SHA values, but after that, they suddenly vanished. Just two days ago, I got an email from them that the engineer was on leave and he is back now. They asked us to perform the activity again, which is unacceptable.

When any issue happened with Symantec, we opened a ticket, and they would accept their mistake if something was not caught by Symantec. They would then update the definitions and send us the latest updates. This is the way to work on the latest technology trends.

Negative

I have experience with Symantec endpoint protection. As compared to Symantec, CrowdStrike is a very good product. I have also worked with Microsoft Defender.

Every product has some advantages and disadvantages. I have worked with Microsoft Defender and Symantec, and now, I am working with CrowdStrike. Every organization's needs are very different. It depends on what the organization wants. For example, the security requirements of the banking sector are very high. The banking sector has different requirements, the retail sector has different requirements, and a software development organization has different requirements. An organization should weigh the pros and cons and decide based on the requirements.

Overall, I would rate CrowdStrike Falcon an eight out of ten.