CrowdStrike Falcon Reviews

Our primary use case is IPS and IDS.

CrowdStrike Falcon is extensively used by all 2,000 employees.

The most valuable features are the complete IPS and IDS. Both the feature provide good measures for threat detection and prevent network intrusions. 

Forensic controls have room for improvement, and CrowdStrike Falcon can add more features here.

Another improvement could be the support for this product could be cheaper.

I have been using CrowdStrike Falcon for two years. We are using version 6.5.1.

It is a stable solution. I would rate it a nine out of ten.

The scalability of CrowdStrike Falcon is quite good. There are around 2,000 users in our organization. I would rate it an eight out of ten. There are a few things, such as the forensic part and the investigation, that can be improved.

I have worked on many other IDS solutions, but I found CrowdStrike Falcon to be the best.

The setup is pretty straightforward. The deployment took some time because we didn't have an NBM solution. We installed it two years ago. But now it's clear, and we don't need much time to deploy it.

The tech support is good but can be expensive when it goes out of the subscription.

I have seen a good return on investment.

There is a license-based model. We use the yearly license. I would rate pricing a seven out of ten, where one is cheap, and ten is very expensive.

I highly recommend people use CrowdStrike Falcon. Overall, I rate it a nine out of ten.

The solution is primarily utilized for EDR and XDR capabilities, with some identity management features integrated through Falcon. In essence, it is employed like other endpoint protection platforms.

CrowdStrike Falcon no longer stands out compared to other endpoint protection platforms like Carbon Black or Microsoft Defender. Therefore, neither is superior to the other when used in our organization.

Regarding features, I appreciate its integration capabilities with identity providers, but it would have been better if they had their own identity product. The documentation is well-done in the solution.

CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition.

I would like to see CrowdStrike become closer to an agentless solution where I wouldn't have to deploy software and maintain the version of the solution.

I have been using CrowdStrike Falcon for a year. Also, I am using the solution's latest version.

There is no doubt about the stability of the solution. Stability-wise, I rate the solution a ten out of ten.

The solution has been successfully deployed in thousands of enterprises, so it is proven to be scalable. Major customers are using it, indicating that scalability is not a concern.

There are two numbers to reach out to the technical support team. Considering the time taken to reach out to them with a request and get a response, I rate them a ten. Based on the technical skills of the customer support team to solve a problem, I rate them between a six and seven.

Positive

The initial setup process of the solution was straightforward. However, it is important to note that I was only setting up the solution in a POC (Proof of Concept) environment and not in a production one.

That's a difficult question to answer because CrowdStrike Falcon was implemented to replace a previous solution. While it was cheaper than the previous solution, the only initial return on investment was cost savings, as we have not yet developed key performance indicators to measure the security benefits of using CrowdStrike Falcon.

The effectiveness of a solution is not always easily measurable by simply avoiding a hack on a given day. Instead, it often requires analyzing reporting data to determine its environmental impact. This data must then be used to calculate the return on investment and compare it to the cost of ownership. In my experience, the only clear return on investment has been in the initial deployment of the solution. The solution's price has typically been lower than that of previous solutions.

In my opinion, the pricing of CrowdStrike Falcon seems aggressive.

I recommend anyone planning to use CrowdStrike Falcon to ensure that they have an integration team. This is because the solution does not have many built-in features, and it relies on partnership integration with other significant players, such as identity and network vulnerability solutions. Consequently, when deploying CrowdStrike, hiring additional personnel is necessary to comprehend the integration process. If CrowdStrike is ranked number one, then Microsoft is above CrowdStrike due to its fully integrated features. If Microsoft ever got details of incorrect licenses, it would run CrowdStrike out of business. Overall, I rate the product eight point nine out of ten.

Our main use case was looking for an endpoint solution that was able to follow our users anywhere. We have over 52,000 employees, and a majority of our people work in various places. Many employees are not in an office every day: They are at a client's sites, some work at home, some are traveling, etc. We really needed something that would give us visibility no matter where and when an employee was working.

It has improved the way that we function by giving visibility to machines that we could not see before. With our previous product, you had to be VPN'd and connected to our network. Now, we can see alerts when people are just working at home. For example, they may have clicked on something that may be malicious, now we can take action and stop things from getting worse at the end of the day with its level of visibility. We have also seen installing CrowdStrike has a lot less resource issues versus what our previous solution had on local machines.

It is very important that our security solutions are cloud-native as continue to grow our company. I have been here for almost three years and we were 40,000 employees then, and we are over 52,000 now three years later. For us, the cloud has been important because we don't have to worry about infrastructure, connectivity, or other things like that to grow our business.

Even as we had to pivot with the pandemic to more employees working from home, we have been able to maintain the same level of security visibility. One of the big concerns for management when the pandemic stated was how we maintain security asking, "What do we have to change for security?" and it was nothing, "Let people go home. Let them work from wherever they need to." We had already taken the remote working ability into our security model. Our security operations did not change anything when employees pivoted from working at client sites (or in offices) to working at home.

As long as the machine is connected to the Internet, and CrowdStrike is running, then it will be on and we will have visibility; no VPNing in or making some type of network connection. CrowdStrike always there and running in the background; for us, that is big. We wanted something that could give us data as long as the machines connected to the Internet and be almost invisible to the employees.

Having this type of security operations gives our management a level of comfort. We know we have ransomware protection and there are automatic actions that will happen to keep those incidents from spreading. As things like SolarWinds or the Microsoft Exchange issues have come out, we have been able to use the CrowdStrike logging to do look backs through the logs that we have been maintaining for over a year to see if there were any indicators of compromise that previously occurred before this was known issue. This has been great for us to be able to report to various management. even if we may have been running a vulnerable version of this for a period of time, e.g., like the SolarWinds software.

The Prevent, EDR, and OverWatch are some of the biggest features for us. They stand out as being useful because:

1. Their high efficacy rate on detecting items.
2. The ability to detect malicious activity and take action with a machine that may not be on our network.
3. Do remediation or automated actions, especially for things like ransomware, where it would automatically stop from running and quarantine the machine.

The introduction of CrowdStrike Overwatch service has reduced security risk. It mines through data by threat hunting. Overwatch has been able to point out things to us that were potentially risky activities going on that probably wouldn't have been detected by our old solution allowing us to take some actions and reduce some risk from that perspective.

They have been able to offer Spotlight and other modules, which is great. They take the information they have and turn it into solutions.

There is so much data in their dashboarding and other stuff like, but there is also still some work to do on, "How do you boil it up to certain higher levels/executives?" There is a lot of good technical detail, but in the position that I sit in, sometimes it is a little hard when I am not in it day in, day out to come to what is the real executive level sorts of things. For example, CrowdStrike shows incidents, but what are the things that I really need to worry about as a CISO at a company? That is the one area for improvement.

Finally, they bought a company that is doing SIEM, which is interesting to me. When I first started with CrowdStrike in my previous organization, four or five years ago, I went to CrowdStrike, and said, "I don't want to have to buy or continue to support our SIEM product. I would rather use you guys. Can I pay you extra money to hold that data and do those things so we can have that functionality? Then, I can get one rid of a solution." At that time, they told me, "No, we're not a SIEM company." I did not like the answer, but I respected it. Now that they bought one, and I am like, "Wow, I guess I was just a few years too early." So, I'm glad to see those sorts of things. I am glad to see them evolving into those areas where I saw it years ago, where they are strong, and displace others.

I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization. Then, I can have less vendors and put more effort into one solution that we really want to operationalize.

I have been using it for two years at this organization. I also used it for about two years when I was at my previous organization. So, I have used it for four years in total. There was a little lull in-between when I came over to this organization as their CISO, because they were on another product and then we ended up switching in 2019 to CrowdStrike.

I have never had an issue with stability at my current organization. At my previous employer, there was one issue with an auto upgrade where it caused some issues, but it was resolved quickly.

CrowdStrike is a vast improvement compared to our previous solution, where we had to spend a lot of time. For example, when the client had to be upgraded, it was a three-to-six-month project with people having to spend dedicated time to roll it out in waves, then deal with issues when a client's machine didn't upgrade correctly. Now, upgrades happen automatically. We turned auto updates on and have never needed to look back. Nobody has to spend any time on it.

I honestly cannot tell you the last time I have heard about a CrowdStrike agent issue causing an outage on a machine or server at the end of the day.

We have had no problems with scalability. CrowdStrike can scale as much as we need them to, they are the ones taking care of all the cloud, hosting, and processing on their end. So, we have never had an issue where we have seen a degradation in alerting timing, etc.

There are probably 10 to 15 people who access CrowdStrike or use its data regularly. It is funny because our IT people will use it to try to look for things that aren't necessarily security sorts of things, for example, "Hey, this isn't working," or, "That isn't loading," because of the level of visibility CrowdStrike has in some of the processing item. We have four or five people on the SOC. There are probably 20 or 30 accounts in there, but for the ones which are used regularly, it is probably about half that amount, like seven to 10.

My experience with the technical support has been great. Part of it is also the level of access that I have at CrowdStrike. I have been on their advisory board since the beginning and a customer. I participated in a panel at one of their last in-person sales kickoff with their CEO. I remember when the company was 200 to 300 employees and there were 1200 or 1300 at their sales kickoff.

For monitoring it, we have an outsourced IT provider (our partner) who has security operation center people. They are the ones who are really responding to the alerts at the end of the day. I think there are four or five people who cover the 24-hour time shifts.

This solution has been not nearly as compute resource heavy as some of our previous solutions. Compared to our previous solution, CrowdStrike is a lot easier to use, easier to get information out of it, and you are getting it in more real-time.

Deploying CrowdStrike's sensors to our endpoints has been fairly easy. You can do tens of thousands of hosts in less than a day. I know of another organization who deployed 60,000 endpoints over a weekend.

Each organization has to look how its IT operations function. We did our deployment in a phased approach, with lower risk systems and servers first. If you had an issue, then you could easily roll it back. Then, we rolled it out into more regions and higher risk things.

We had a desktop management employee pushing it out, then another person in our security operations center validating endpoints numbers. It is really having your support desk know as well as having your people who run endpoint management.

For monitoring it, we have an outsourced IT provider (our partner) who has security operation center people operating the solution 24/5. They are the ones who are really responding to the alerts at the end of the day. I think there are four or five people who cover the 24-hour time shift.

The amount of compute resourcing used on a machine has been significantly less than the previous produce. The biggest ROI is the operational cost reduction. We would have a project manager spend three months to roll out an upgrade of a very heavyweight, security endpoint client. At the end of the day, this could cause a one to two percent error rate where machines would have an issue, then we would need to have a tech spend a lot of time on correcting this versus having automatic updates now that take care of themselves.

You are looking at saving six to seven months of a person's time, collectively, which would have been spent on just doing this one function alone.

Years ago, when we bought CrowdStrike, you got everything it had. I was a little concerned when they broke this out into a la carte modules where you can buy EDR, Spotlight, etc., picking and choosing off the menu. I was a little worried that the solution would get watered down. However, I realized in my previous organization when we had the full suite that there were a bunch of features in it that we didn't have time to operationalize. So, I warmed up to it. I get the whole, "Look, you can pick and choose. Okay, everybody buys a steak, but do you want mashed potatoes, or do you want lobster mac and cheese?" So, you can pick the sides that you want, so you can buy the solution that you want and operationalize versus paying a lot of money and getting a bunch of things, but not using 60 percent of the tools in the box.

There are licensing and maintenance fees.

At my previous company, I did a PoC. The guy who led all the Midwest sales was somebody I knew for around a decade. So, it was, "Hey, I want to try this out because it sounds interesting." So, it was fairly easy. You got the trial. You installed it, then you connected to their cloud portal. That was it. You opened it up to be able to communicate to port 443 outbound, and that was it. It was super easy to get CrowdStrike up and running.

The PoC was important because we were able to test \ and see visibility that we weren't able to before when a system was off-network, just sitting at home, connected on an Internet, and not VPN'd in. It was those sorts of things where, "Look, this is what we can see now that we couldn't see before," as a result of doing that trial.

At my current company, we did not do any type of trial because of past experience. We did test but then just started kind of rolling it out because our other product was just too heavy to continue to operationalize.

In my previous organization had very much the same issue that my current one had. We had an endpoint solution where you didn't get any alerting from the endpoint security if you were off-network. We had salespeople who traveled, and even more people connected via VPNs, which was common. A lot of things were internal, but we were shifting to some cloud-based things. We had the issue where a salesperson connected to the network every once in a while, and we wouldn't see the alerts. By the time we got the alert, it's well past and who knows what has happened. Therefore, I started doing some searching on the Internet and found the company, CrowdStrike. I looked it up and was like, "Oh, a friend of mine, in sales, was there." So, I called him up and said, "Hey, can we talk?" That is where it started.

We continue to look at other solutions such as what Microsoft has to offer. Some of it is part of our licensing and some of it is not. We continue to listen to some of the other players who are out there such as Cylance and SentinelOne. When I first looked for CrowdStrike, there was nobody else in this market space who was doing endpoint security purely from the cloud. Even when I talked to our previous solution provider about the cloud their answer was, "Oh, we can put servers on Amazon." I told them, "No, I don't want to have to manage servers, period. I want the provider to take care of this. We'll pay for that." That was kind of this weird notion for them to be a truly software as a service model. Now, it is common, and everybody is doing this service model.

A number of other solutions have caught up, mainly by copying CrowdStrike’s cloud-first framework model. A lot of them have been catching up from that perspective overall. Now, it has become a little bit of a crowded field and much more of a commodity but CrowdStrike was the industry leader when we were making our decision.

CrowdStrike is currently across all our technology stack, servers, and workstations.

When we did our proof-of-concept testing, our administrators liked that installing it was easy and did not need to reboot the system (and causing an outage). Our administrators also loved that once they did this, they didn’t have to deal with doing client upgrades once or twice a year, where you have to take servers down and reboot them. You install this once, and now you won't have to worry about this ever again. I sold this to administrators as, "You want me to make your life easier? Here is the one thing you need to do." Now, they reap the benefits.

We are looking at the cloud workload options over a course of time, as more technologies shift to cloud and we acquire other companies with more endpoints. From that perspective, we will continue to look at some of the other modules that they have but operationalizing some of modules are not in our risk profile. Some of the modules don't add as much value as they would to some other companies depending on their risk exposures.

We will look into the solution’s Horizon module in the future.

I would rate this solution as a nine out of 10.

We use this product for endpoint security and threat remediation.

The fact that this is a cloud-native solution that provides us with flexibility and always-on protection is absolutely important, especially with a good majority of our staff working remotely, now.

We've had security incidents that occurred and within a matter of just a couple of minutes, they were completely remediated and fixed and we didn't even have to think about it. We just got the report after the fact.

Falcon's ability to prevent breaches is excellent. It's affected us in that we haven't had any downtime as a result of breaches or any malware or anything like that. Ultimately, it's given us a lot of our time back. On the IT side, this is at least five to ten hours per week. On the user side, it is probably more.

The most valuable feature is threat remediation. We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur.

CrowdStrike takes care of all of the updates, so we don't even think about it or see it. This is great because we definitely spent a lot of time doing that kind of thing with our previous solution. Now that we haven't had to do it in four months, it's not even something we consider anymore.

We use both the endpoint and cloud workload protection and the detection and prevention it provides are excellent. It's tuned well to the fact that there can be a lot of false positives, so there's not a lot of potential issues that we're getting alerted about that aren't real. This means that when we do get alerts, we know that they're real and they're already being remediated for us.

It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.

I have been using CrowdStrike Falcon for approximately four months.

The stability is great and we haven't had a single issue.

It was originally deployed to 200 users and we haven't really grown since we started, so I can't speak to scalability. This represents 100% adoption in our organization, and there are no current plans to grow. As we hire more people, our usage will increase.

There are two people who work with it on a daily basis. There is the director of IT and a network administrator.

The technical support is excellent. I've only used it a couple of times and they were extremely responsive and very fast.

Prior to implementing CrowdStrike, we used BlackBerry Cylance. We switched for the ability to have full remediation so that we didn't have to do it ourselves. Also, this product is pretty much best-in-class for endpoint protection.

The only real difference that we have found with CrowdStrike, compared to Cylance, is that we no longer have to spend time remediating our issues. The detection and prevention capabilities are similar, although, with CrowdStrike, we have fewer false positives.

The initial setup is extremely easy. It took me about five minutes to deploy it to my entire organization of about 200 users. The single-center process is extremely important because it's something that we were worried about, but it turned out to be a non-issue because it only took five minutes and we haven't had to think about it again.

We initially had a plan for deployment but once we found out how easy it really turned out to be, it was basically a one-step plan.

Our return on investment comes from the fact that there is less downtime for people that do get malware and other such problems. That is something that can be quantified.

We made use of the free trial and the process for getting set up was extremely easy. We spoke to our sales rep and in our discussions and demos, they offered the free trial. We accepted, they sent me a link and I downloaded the agent. I was then able to install it and login in less than five minutes.

Having the free trial was very important in making our decision to implement CrowdStrike because without being able to test it, it's not something that we would have chosen.

The pricing is definitely high but you get what you pay for, and it's not so high that it prices itself out of the market. That said, it's definitely one of the highest. There are no costs in addition to the standard licensing fees and the fact that it's keeping us safe, and it's proven that it works, is worth it.

We evaluated solutions from several vendors including Sophos, Trend Micro, McAfee, Kaspersky, and perhaps another one. A lot of these other endpoint solutions don't offer a full remediation option, and that was a big deal for us.

Also, reputation was important. We had used a couple of others in the past and there were issues where they would make an update that would negatively affect all of our computers. For example, our users could no longer access certain important websites. We haven't had that problem with CrowdStrike.

In terms of ease of use, CrowdStrike is extremely easy. Comparatively, we've had less time in the administration console than we have previously.

My advice for anybody who is looking into implementing CrowdStrike is to go ahead and do it. There is nothing to worry about and they deliver as promised.

I would rate this solution a nine out of ten.

We use CrowdStrike Falcon mostly for EDR.

We implemented CrowdStrike Falcon to gain better control over our endpoints, servers, and work sessions. Unlike traditional antivirus programs, Falcon's sophisticated features allow us to comprehensively manage and enhance security, providing a more robust solution for our specific needs.

In the past year, Falcon has significantly improved our organization's security by consolidating endpoint management. With a single call to Falcon, we can oversee all endpoints, eliminating the need for multiple platforms and streamlining our security operations for better efficiency and awareness.

The most valuable feature of CrowdStrike Falcon for me is its unified sensor, applicable across all models. This consistency simplifies operations, and while the analytics and server capabilities are significant, having a single sensor for all models stands out as the key advantage in managing security effectively.

There is room for improvement in managing multiple customer IDs. Enhancements in the console web for better control and customization of sensor features would be valuable to ensure a smoother experience in handling various customer IDs and installations.

I have been using CrowdStrike Falcon for about a year.

I have not had any stability issues with CrowdStrike Falcon.

I would rate the scalability of CrowdStrike Falcon as a ten out of ten.

The technical support is not very good. I would rate it as an eight out of ten. One improvement could be reducing the response time for cases, as waiting two or three days, even for less critical issues, can be a bit long. Additionally, a better feedback loop on submitted ideas would enhance the efficiency of communication with the product group, providing more clarity on whether proposed features or versions will be considered.

Positive

Before Falcon, we used Trellix. We switched to Falcon for enhanced security, moving beyond just antivirus protection. Falcon provides more advanced features and a comprehensive security solution.

The deployment of Falcon was relatively easy, with no major issues except occasional misconfigurations on the filter. The process for individual work sessions is fast, taking around a few minutes, but for servers, it requires more time due to the need for antivirus removal and sensor replacement, involving server restarts. Overall, the deployment time depends on the scope, ranging from minutes for work sessions to more extended periods for servers.

At the moment, we have around twenty thousand users in our environment. Our setup spans multiple locations, mainly in Portugal, and we operate on various operating systems, including Mac, Linux, and Windows.

Falcon, being a SaaS product, doesn't require maintenance on our end. Updates are needed for servers, but they can be easily managed through the web interface without causing any inconvenience for us.

I would recommend conducting a proof of concept with CrowdStrike Falcon before making a decision. While the product has strengths, I would advise new users to address questions and doubts directly with the product team, especially when seeking new features or improvements. Ensure there is a clear communication channel for feedback and inquiries. Overall, I would rate CrowdStrike Falcon as a nine out of ten.

We use CrowdStrike Falcon for endpoint security and response, and Horizon to manage and protect our data.

Following a 2021 security incident, the general response team recommended implementing CrowdStrike. We adopted their suggestion and found its network threat detection and prevention capabilities invaluable.

I like the feature called RTC, the remote time connector. It allows us to connect to a computer via the command line and execute commands for various functions and investigations. This eliminates the need for any additional programs. We can launch the connection and its subcommands from a single console.

The containment feature is another valuable tool. It allows us to isolate any machine exhibiting suspicious behavior or facing a detected threat. Once activated, containment immediately severs the machine's network connection and blocks user access.

Despite implementing tuning rules specifically designed to address them, we are still encountering a significant number of false positives. This issue persists even after collaborating with their support team to find a solution.

I have worked with their technical support on several problems that were never fully resolved.

I have been using CrowdStrike Falcon for three years.

While we encountered some bugs with on-demand scanning, the overall performance and stability of the system are positive. CrowdStrike Falcon is less resource-intensive than our old McAfee solution, which often led to performance complaints due to its high memory consumption.

CrowdStrike Falcon is scalable. Adding new features or licenses to CrowdStrike Falcon is seamless, with no disruption to our system's performance. Installing new modules is easy because it uses the same sensor.

While I've found screen sharing helpful with other support teams, CrowdStrike's technical support has never proactively suggested it. Instead, they've always initiated contact by calling me back after I submitted a ticket. We recently offered to screen share, but it seems it's not their preferred method. The support is good but it is not the best I have used.

Positive

Previously, we utilized Carbon Black for our endpoint security needs. However, we transitioned to CrowdStrike for several compelling reasons. As a prominent market competitor with widespread adoption among organizations, CrowdStrike offered a robust platform capable of meeting our evolving security requirements.

The 2021 incident further underscored the importance of robust security tools. CrowdStrike's capabilities proved invaluable in navigating the aftermath and instilled confidence in its continued effectiveness for future challenges.

Beyond its proven track record, CrowdStrike seamlessly integrates with our existing security ecosystem. The platform's comprehensive feature set simplifies endpoint management from a centralized console. Additionally, its granular telemetry across various modules provides invaluable insights during incident detection, enabling us to gather holistic information from each affected machine.

Furthermore, CrowdStrike consolidates our security stack by encompassing next-generation firewalls, endpoint detection and response, and real-time endpoint scanning, eliminating the need for separate solutions like McAfee. This streamlined approach enhances operational efficiency and simplifies security management.

The initial deployment presented some challenges due to the need to install the solution on all machines. This phase, requiring careful coordination among ten people over several weeks, involved connecting all the computers to the network. However, once this foundation was laid, the subsequent rollout proceeded smoothly.

The implementation was completed in-house by our people.

The return on investment is evident in the enhanced security posture achieved through continuous monitoring and immediate isolation of compromised machines. This proactive approach not only mitigates risk but also provides significant peace of mind for our team, alleviating concerns and optimizing their performance.

While CrowdStrike Falcon offers significant security benefits, its high price point might make it prohibitively expensive for many small and medium-sized businesses, including companies like ours.

I would rate CrowdStrike Falcon a nine out of ten.

CrowdStrike Falcon is a great tool. Investing in proper training on the CrowdStrike Falcon platform is highly recommended for any organization seeking to maximize its potential and avoid navigation struggles within the console. However, it's important to note that effective utilization of Falcon without CrowdStrike's managed services necessitates the formation of a dedicated team responsible for managing the solution. 

Our company's line of business includes financial transactions with an insurance policy that requires EDR protection. Compliance is part of our policy and agreement with customers. 

We currently have 1,100 users of the solution. 

The solution is silent and sits on your system as one single agent.

Only one or two MB of memory are consumed which is much less than other products. 

The solution is AI-driven so it self-activates to find issues and provide alerts or notifications rather than running all the time.

The portal is very user-friendly so it is not difficult to manage. 

The solution doesn't require system restarts. That is one disadvantage of Symantec or Kaspersky because they require restarts when you uninstall or reinstall. 

Technical support could be better than what is currently offered. 

I have been using the solution for three months. 

The solution is stable with no issues. 

We have only used the solution for three months so will continue to monitor stability for the next several months. 

I rate stability an eight out of ten. 

The solution is scalable. We do not yet have the requirement to take an in-depth look at scalability. 

I rate scalability an eight out of ten. 

Technical support could be better because there are ownership issues. 

For example, when you raise a support case there is not much communication between the account manager and support. The account manager is supposed to own the case but instead is disconnected from it. 

I rate support a six out of ten. 

Neutral

We previously used Symantec and Kaspersky. 

The setup is pretty easy to walk through without much trouble. 

I rate setup an eight out of ten. 

We utilized a third-party for implementation. They helped us with the admin console, training, and the pilot setup that we eventually took over. Our internal team included two security staff and four support staff.

We were moving from Symantec and Kaspersky. We targeted our servers first because Symantec is difficult to uninstall and there is an interim process for removal. Once completed, we installed the solution. 

It took about two months to complete implementation across all systems. 

We did our homework in advance for cost or other things to calculate ROI. The solution met our expectations so ROI is rated a seven out of ten. 

The pricing is competitive and includes all features and support.

I rate pricing an eight out of ten. 

We evaluated Microsoft Defender, Sophos, Symantec, and Trend Micro before choosing CrowdStrike Falcon. 

I recommend using the solution and rate it an eight out of ten. 

We integrate the data from this solution with ExtraHop, which is an NDR. Being able to move between both platforms and have network-level data and transactions over the network feed into XDR CrowdStrike is really powerful. It helps us make better decisions, it makes better decisions without human intervention, and it hones the analytics a little bit. The EDR aspect of it works almost exactly the same as the regular Falcon product. I will say that it's probably a lot better at scale than what we're using it for. I work at a school district, so for the individual schools, it's nice to see and isolate issues and have reports built by individual school locations rather than just everything looking like a whole hodgepodge of computers.

It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff, like look for old versions of applications that maybe you forgot about or find stuff that people are running that maybe you don't want on your network, and it lets you get rid of those. Also, its ability to do on-keyboard remote response and run PowerShell script through the sensor is pretty sick. It's ability to quarantine devices is also pretty great.

The ability to receive text alerts natively in the console would be kind of cool. Some people put their email on quiet hours, so having it natively in the system would be nice.

I know that they offer an identity piece and a firewall piece and we haven't subscribed to or purchased either of those, but having some of that data in the base program would be good, and then if you want more control, you pay for it. There's times where I want to look at an internet history of a device that's remote, or I want to see logins, successful or unsuccessful. I don't want to manage identity and I don't want CrowdStrike to alert on it, but it would be nice if the ability to see the data was included with the base product. Then that could kind of get your foot in the door with having the ability to look at that information, but not being able to do anything actionable with it.

I have been using this solution for two years. 

The solution has never failed. The only false positives that we get are ones that we test with. I do true and false positive testing every month to make sure stuff is working correctly and the solution picks up on it. 

The solution is very scalable. Our proof of concept was a few devices and now at full scale we have 50,000 devices. It's a cloud console, so if you do the implementation right and the sensor is put on in an automated process, it doesn't matter how many computers you have. It just runs. They have sensors for every kind of device: Macs, Windows, Linux, and I think even Android.

The support is great. They're quick to respond and you see the same names pretty consistently. They probably do it by region or account or something like that, so it's not just a random person every time.

The setup is as complex as you want to make it. They have engineers that help you. We did a proof of concept first and that was pretty seamless. If you want to build out a bunch of dynamic groups and have different policies affect the different groups separately, you can. If you want to purchase a bunch of licenses for integration with different products, they partner with a bunch of different security vendors and you can make it as complex or simple as you want. If you just want NextGen AV, you can just have NextGen AV and it's super simple and the sensor just sits on a computer, but if you have a bunch of data and want it to be really complicated and want to be able to do whatever you want, you can do that too. It's pretty flexible, in that sense.

Getting it off the ground took myself, one CrowdStrike engineer, and we could have done it with one systems engineer, but we had two because one was on the client side for the Windows hosts and one was for enterprise for the data center and servers. We did it with four people, and me and one other guy manage it ourselves.

We pay for Overwatch, which is kind of like a sock where someone that works for CrowdStrike monitors certain aspects of your network, and then they can make notes and quarantine devices for you, and they'll alert you at 2:00 in the morning. It's really great, but it takes two people to manage the alerts after a bit of tuning to make sure that the stuff that is on your network that you want to be there, that's getting picked up by CrowdStrike, is excluded. I get maybe ten alerts a day, but that comes from having good hygiene in other areas. If you're not preventing those alerts or fixing the problems that CrowdStrike is picking up, you're going to have a lot of work to do, but if you use CrowdStrike as a hygiene tool, it's a lot easier to manage.

My advice would be to automate as much of the management as you can. Sensor deployment can be really annoying, but if you figure out how to automate it in your environment, that will make it way easier. That way, as the devices are provisioned, they have the sensor on them and they just pop up into your console. I know some people do it by hand and that's a nightmare.

I would rate this solution as a nine out of ten. It's really good.