CrowdStrike Falcon Reviews

We use the solution for security and in demonstrations to our partners.

The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product.

I have experience with a product called SentinelOne, which has a feature that allows for the customization of query languages. I would like to see such a feature for CrowdStrike. 

I want to be able to create independent groups, each managed by its own admin, so I can isolate the group I use for demonstration purposes.

I have heard about CrowdStrike collecting personal information for marketing purposes, but that's not something I was looking for.

I've been using this solution for about six months.

The stability of the solution varies, several weeks ago I had some difficulties deploying CrowdStrike. It may have been a bug in the latest update, but a few days later this problem was solved. Sometimes there are issues and CrowdStrike deals with them very quickly. 

It amazes me. For instance, we have an end-user with 15,000 users right now and we deployed it in one week. It's a very short time considering other solutions, some of which can take one to two years to deploy completely.

I have contacted customer support four times and they have a very quick response time which is really satisfying. I believe the support team is good.  

Positive

It's pretty straightforward but with Linux if there is a kernel conflict, you may have to change your kernel version and then restart. I can't say with certainty that you won't need to restart during installation. 
It took us 15 minutes to deploy the solution for eight users. 

I personally implemented the product.

In a week

It's an expensive solution but you get a very good product for the price. Since having threat hunters and analysts cost much more than the product itself. Compared to other products, SentinelOne is definitely cheaper and the Microsoft E5 package is probably more expensive. Not many companies are willing to purchase CrowdStrike Falcon in our region due to the cost, but the market is changing. Brand awareness is increasing day by day along with the knowledge of what CrowdStrike is capable of by users and user candidates.
This solution, as well as other EDR tools, are selling slowly in our region but this will speed up in the near future. Some companies are already asking for an MSSP version of the product. 

Our end-users and partners want to know which data are going to be collected. Financial institutions need to know what is included in the telemetry data.
As a distributor, in our region it's mandatory for us to implement, as it wouldn't make sense for us to go to partners and end users with other solutions. 

I'm currently working as a cybersecurity specialist at the Arab Open University. We are trying to create centralized station input. We have nine branches in the Middle East, so we need a cloud-based solution. Our control center is in Kuwait but all nine of our branches use CrowdStrike Falcon. Our team is located in Kuwait, which is where we handle and mitigate threats from.

The most valuable CrowdStrike Falcon feature is that the user is blocked from the network completely. I think that this is a good solution. We can do a threat analysis of any machine at any time, but that threat analysis is very limited. 

There could be more flexibility in terms of policy defining and certain features, like USB controls, should come standard with the license. Many CrowdStrike Falcon competitors are cheaper and offer a slew of features in the standard license.

CrowdStrike Falcon is not so flexible. We need a specific admin control or maybe supervised controls to change or modify the settings.

I have been using CrowdStrike Falcon for almost a year now. 

CrowdStrike Falcon is stable.

CrowdStrike Falcon's scalability is good. We have thousands of students using this solution. 

CrowdStrike Falcon's technical support is good. 

Positive

Yes, we previously used Kaspersky.

I think CrowdStrike Falcon is a straightforward solution. It is not very complex. It's just plug and play.

We deployed in-house, with our own team. We just borrowed the set up files and deployed on all the stations. Only two persons at each branch worked on deployment, so we used certain software to deploy the files on the network. Deployment took us nearly a month. 

I'm not sure how much we are paying for CrowdStrike Falcon, but we have a yearly subscription. 

I am using CrowdStrike Falcon to protect my endpoints from new zero-day threats.

One of the most valuable features of CrowdStrike Falcon is when there are upgrades there are no additional fees.

CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time.

I have been using CrowdStrike Falcon for two and a half years.

CrowdStrike Falcon is stable.

CrowdStrike Falcon is scalable enough for our needs.

We have approximately 250 people using this solution in my organization.

We have used the technical support for investigations, but not for installation or anything else.

I rate the support CrowdStrike Falcon a five out of five.

I previously used McAfee but zero-day threats are not being protected. We evaluate CrowdStrike Falcon and when compared to McAfee, it was far better. 

The initial setup of CrowdStrike Falcon is easy.

Our administrator of this solution had to configure the policy for the best detection.

There is no license required to use this solution.

My advice to others is this is a good solution that does not require a lot of attention. You can install it and it runs silently in the background.

I rate CrowdStrike Falcon a nine out of ten.

CrowdStrike Falcon's most valuable features are the lightweight agent which has absolutely zero performance issues. There is no performance deterioration on the laptop on the network. It is a signature-less antivirus and anti-malware solution, it doesn't depend on signatures which better protects the systems.

The solution comes with many competitive modules, such as the Discover Module. It is helpful to us with regard to the application search. For example, which users are using which application, what is the application involved in, how many administrators and local users are there, and do the users have administrator privileges. It can give us a lot of information. Additionally, it can inform us if the user's password has changed. The solution is very useful for administrators and is overall easy to use and manage.

I have been using CrowdStrike Falcon for seven months.

CrowdStrike Falcon is a highly stable solution. We have not had any performance or compatibility problems.

The solution is scalable.

We have approximately 1,000 users using this solution in my organization. We plan to increase usage in the future.

The technical support could improve because I am in India and the support I receive is from the UK or Australia. It is difficult to manage the time difference. The service could be faster. However, when we do have the support they are knowledgeable.

We were previously using Symantec and we switched to CrowdStrike Falcon.

The initial setup is straightforward. It took us approximately two weeks to implement.

We have one person that does the implementation and support of CrowdStrike Falcon.

The licensing model is straightforward. We choose the features we want and we then can download the package we want.

I would highly recommend this solution to others.

I rate CrowdStrike Falcon a nine out of ten.

The most valuable feature of CrowdStrike Falcon is its accuracy.

CrowdStrike Falcon could improve the logs by making them free to the API.

I have used CrowdStrike Falcon for two years.

The solution is stable.

CrowdStrike Falcon is a scalable solution.

We have approximately 800 people using this solution in my organization.

CrowdStrike Falcon technical support has been fine in my experience.

I have used other solutions before CrowdStrike Falcon, such as Symantec.

Symantec does not have any advantage over CrowdStrike.

The initial setup of CrowdStrike Falcon is easy.

The price of CrowdStrike Falcon is reasonable.

I rate CrowdStrike Falcon a nine out of ten.

We are using it primarily for NGAV, but we also use their EDR product and Falcon OverWatch.

Most of our internal stuff is still on-prem. We do use SaaS for vendor products, but our internal environment is still mostly on-prem.

I think everyone is trying to move away from on-prem solutions. Having the cloud-based management console makes it a lot easier to maintain. It takes a load off our hands as engineers and analysts. It helps with upgrades and patching, I don't have to worry about on-prem servers for maintenance, but also as another thing to defend against, so getting rid of that is definitely beneficial.

As a cloud-native solution, it provides us with flexibility and always-on protection. I don't have to worry about data center failures on my end. I don't have to worry about any issues in our server rooms affecting the protection of the environment as a whole. Having CrowdStrike take that responsibility is a load off our backs.

Falcon has been very successful in preventing breaches. In the beginning, there were a lot of false positives as Falcon learned our environment, but I would definitely give it a positive rating overall for protecting our environment.

The NGAV portion is the most valuable feature. The primary reason that we went with the product was their reputation. In practice, it has been a definite step up from where we were previously.

We are using Falcon Investigate, which is their EDR tool. The EDR has made it infinitely easier to investigate into more detail on end user workstations and servers. Any sort of detection where I can go back into the EDR tool and dig down deeper into the endpoint is great. This was a function that we did not have previously.

There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it.

I have been using it less than a year. We are relatively new customers.

My impressions of the stability are positive. I haven't had any problems since implementation with stability or availability.

Minimal maintenance is required on our side post-deployment, but it still does require maintenance. If I have to build out new groups or a troubleshooting group, e.g., tweaking policies if machines change subnets, then there is still maintenance required.

All post-implementation maintenance and administration is handled by a single security engineer.

We are a relatively small firm, but I have had no problems in my deployment plans. I could easily see this scaling upwards.

In total, we are protecting roughly 1500 endpoints.

They have been very on point and helpful. I have never had to ask them where they are. They are always following up with me trying to keep the tickets live, so that is great. I have been very impressed.

We replaced Symantec Endpoint Protection. On the one hand, we wanted a fully NGAV. Symantec was still using a hybrid model, a mix of signature-based and behavioral-based detections, so moving over into a full NGAV product was important to us. We wanted to stay up to date on the ever changing nature of malware, especially since we have been seeing more malware nowadays that can evade strictly detection-based systems. Also, Symantec support was very hard to track down or talk to. All in all, CrowdStrike has been more responsive to any questions or concerns, which is big when you are dealing with vendor solutions.

Fortunately, we have not experienced any major detections. However, testing-wise, CrowdStrike has been more effective overall.

Deployment was pretty easy. We scripted out a process in GPO, then we were able to deploy it fairly seamlessly.

We managed to deploy it to all our servers within a week or two. That was mostly due to getting clearance from server owners, not due to the CrowdStrike installation. Then, for the workstations, it was a bit longer just because of office locations and when people had their computers on. The CrowdStrike process was very smooth. It was really just the bureaucracy part that took a while.

We had to change management protocols. We put it out to dev servers and workstations in detect-only mode as we deployed CrowdStrike to endpoints that had a preexisting AV system still on them, in order to avoid any time where a system would not be protected by an antivirus system. So, we deployed CrowdStrike, then disabled the previous antivirus system and activated CrowdStrike's prevention policies, then uninstalled the previous antivirus system.

Four or five people were involved in the deployment: a security engineer, two workstation engineers, and various server owners.

It is protecting our environment, so it is worth the cost.

It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably.

The pricing was very fair for what we got.

Different components are additional price points. We got the components that were right for us, but other organizations may require more (or less) components to suit their needs.

CrowdStrike is an industry leader. When we were looking for a replacement technology for NGAV, their name was on the top of a Google search.

We did a PoC with CrowdStrike. We deployed the PoC only to a select group of test machines, so we were able to deploy rather quickly. The PoC helped immensely in the decision-making process.

We did evaluate Cylance and Carbon Black. All the products that we investigated looked good. In the end, we went with CrowdStrike because of: 

1. The reputation of the organization in the AV community.
2. Its out-of-the-box readiness. 
3. Ease of maintenance and administration.

Take the time you need in the beginning to fully build out all the groups and prevention policies that you will need. It may take a bit longer during the initial setup, but it is worth it in the long run because it makes maintenance down the line much easier than having to build new groups or prevention policies as they come up. Definitely take the time needed in the beginning. Then, later down the road all you have to do is check some boxes, as opposed to building out brand new groups and prevention policies, which can take awhile.

In the beginning, there will be a bunch of false positives as it learns your environment. However, those are very easily handled within the UI, creating IOA or machine learning exceptions. With our previous solution, we had a couple hundred exceptions, and with CrowdStrike, we have six or so.

CrowdStrike has fulfilled its function very well. We got it specifically to serve the purpose that it is serving.

It is a solid nine out of 10.

We have several use cases including threat management, EDR, AV, and a SOC with 24x7 monitoring.

The fact that CrowdStrike is a cloud-native solution is very important. We don't have to deal with any upgrades on the appliances or console. The only thing we have to deal with is the upgrade of the agents. The SaaS model works very well for smaller companies like us.

The flexibility and always-on protection that is provided by a cloud-based solution are important to us. The cloud is everywhere. So, with the agent on the laptop, wherever the user may go, including home, office, or traveling, it's protected 24x7, all the time. That's what we require and this is what we got.

We haven't had cases where we have quarantined any material stuff yet, because we are relatively small and we don't see a lot of malware in our environment. In this regard, it has been relatively quiet.

In terms of its ability to prevent breaches, if you look at the cyber kill chain, the sooner you detect malicious activity, the better you are in responding as opposed to waiting for a data breach. I think CrowdStrike is capable of identifying malicious activity throughout the whole cyber kill chain. Step one is establishing when they have a foothold in the environment, and then detect whether they are moving laterally. The sooner they are discovered, the better we are at stopping data breaches.

CrowdStrike has definitely reduced our risk of data breaches. It reduces the risk of ransomware and it gives us comfort that someone is watching our back.

We had some end-of-life workstations that were running Windows 7 and for some reason, related to PCI compliance, CrowdStrike rejected them. This helped us in terms of maintaining our PCI compliance.

The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate. Essentially, they're an extension of my team and I like that. We're a small company and we only have a base of approximately 260 employees. As such, we cannot afford to hire skilled security people. So this makes sense for a smaller company like us.

There is a helpful feature to look into the vulnerability of the endpoint, which allows us to see which PCs have been patched and which ones have not. That helps my team to focus on those PCs that require their attention.

The deployment process is an area that needs to be improved. For some reason, CrowdStrike does not provide any help in terms of how to deploy the agent in a more efficient manner. They just don't provide the support there, which leaves their customers to figure out how to push agents out, either through GPO or through BigFix or through SCCM, and there was no support on that side. Not being able to complete the deployment in an efficient manner is one of the huge weaknesses.

It would be good if they had a feature to remove agents. We're in a transaction processing environment and if CrowdStrike is affecting a transaction processing server, we need to uninstall that agent pretty fast. Right now, the uninstall has to be done manually, which is not great. If we have a dashboard capability to uninstall agents, I think that would be great.

The dashboard seems a little bit too clunky in the sense that it's spread out in so many ways that if you don't log in on a daily basis, you're going to forget where things are. They can do a better job in organizing the dashboard.

I have been using CrowdStrike Falcon for approximately five months.

I haven't had any issues for five months since we've installed it, which is good to know. No users have complained about any CPU spikes or false positives, which we like.

If you have a way to deploy agents in a rapid manner, I think the scalability is there. As we buy and acquire companies, we have to roll out agents to those places. Right now, it's still very manually intensive and it slows down the process a lot. So, I think the scalability can be improved with a rapid deployment feature.

Our strategy right now is just to install CrowdStrike for PCs and laptops. Once we get comfortable with the technology, we can start testing the servers. It's just that we haven't finished the deployment to PCs and workstations yet.

We have approximately 260 endpoints and we're probably about 20% complete in terms of deployment.

We've raised support tickets such as the request for rapid deployment capabilities. However, we only received responses to the effect that they do not support anything like it. In that regard, the support has not been great.

That said, we don't use the support site a lot because we haven't had any issues with CrowdStrike. So, I can't say much about that.

Prior to CrowdStrike, we used Carbon Black Threat Hunter.

There is a huge difference between the two products. CrowdStrike is quiet. I think that Carbon Black Threat Hunter just locks everything that has to do with the endpoint. You generate a lot of noise, but it means nothing. Whereas CrowdStrike is more about real threats and we haven't seen much from it.

On the other hand, with Carbon Black Threat Hunter, we were able to deploy pretty fast and we could uninstall agents pretty quickly from the dashboard.

I had originally heard about CrowdStrike Falcon from my peers. A lot of CSOs that I have roundtable discussions with speak highly about it.

The sensor deployment is a manual process right now, where we have to log into every workstation, every server, and install it manually. It's very time-consuming.

It's an ongoing process across our organization.

One of our security engineers is in charge of deployment. However, we don't have someone on it full time. He works on this when he has time available, so we probably only have one-third of a person working on it.

We completed a PoC using the trial version, and it was pretty easy to do. It took us less than an hour to deploy. It was just a matter of downloading a trial agent and setting it up.

Having the trial version was important because the easier the PoC is, the better the chances are of us buying the tool.

At approximately 40% more, Falcon is probably too expensive compared to Cisco AMP and Cylance, although that is because of the OverWatch feature. If you took out the OverWatch feature then they should be about the same. There are no costs in addition to the standard licensing fee.

We evaluated other products including Cisco AMP and Cylance. Neither of these products has the Overwatch feature that CrowdStrike has. The reason why we chose CrowdStrike was that we need to have 24x7 monitoring of our endpoints. That's the main difference.

In terms of ease of use, CrowdStrike is not so great. Cisco AMP has a better, cleaner dashboard and they're more mature in the way that you navigate. It's as though they have spent time getting customers to click on features and then figured out which is the quickest way to get to what you want, whereas CrowdStrike is not there in that sense.

Cylance is even better in terms of ease of use. They dumb it down to only a small number of menus and dashboards. There are probably only five dashboards that I look at on Cylance, whereas with CrowdStrike, I have to look at many.

My advice for anybody who is considering CrowdStrike is definitely to start with a PoC, and then definitely to subscribe to OverWatch. I think that OverWatch is the main benefit to it.

The biggest lesson that I have learned from CrowdStrike is about the different threats that are out there. They have a nice dashboard with information about threats, and you can read it and learn from it.

I would rate this solution a seven out of ten.

We implemented CrowdStrike because we needed to identify a new solution to address a 100% remote workforce, both because of COVID, but in general, our workforce is very distributed around the country.

The primary way that CrowdStrike has improved the way our organization functions is visibility. When we do have an issue, the ability to see what was happening before, during, and after the issue on the target laptop or server is far better than what we were used to.

Having the updates happening automatically, with a third-party defining those updates and pushing those in, also providing us visibility into the current status of all of our endpoints, is critical.

We use Falcon's endpoint and cloud workload protection, which is deployed on our Azure cloud servers. It is definitely one of the top options available to any organization. We had reviewed 10 different applications in the EDR space and Falcon was one of the top three that we had identified.

In terms of preventing breaches, so far, it's doing great. Definitely, in our testing that we do every month, it is identifying issues that arise with more certainty. Simply, the team has more confidence in what they're utilizing as a tool and it has freed them up to work on things that are a more efficient use of their time.

The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed.

It is important to us that this cloud-native solution provides us with flexibility and always-on protection because we have a 100% distributed workforce, in place even before COVID. To manage 600 remotely-deployed laptops requires a cloud-managed solution.

The console is a little cluttered and at times, finding what you're looking for is not intuitive. Once you find it, it's great, but it's not always very intuitive as to how to find exactly what you're looking for sometimes.

I have been using CrowdStrike Falcon for six months.

We have had no issues at all with stability, and no conflicts on any of our endpoints or servers.

It seems to be limitless from a scalability standpoint. Definitely, there would be no impact on our end, and we haven't noticed or run into any issues as we scaled from our initial 10 systems to 600. There was no difference in speed or reporting, et cetera.

So, scalability does not seem to be an issue.

Technical support is an area for improvement. If you have an actual issue, such as an identified threat, then they are very good. However, if you're struggling to figure out what might have occurred, we're still trying to figure out how to get our best support from CrowdStrike in those situations.

Prior to Falcon, we were using Webroot.

The primary improvement that we have seen is visibility. We had no visibility into what happened before, during, and after a situation with Webroot, but with CrowdStrike, we have that visibility, which allows our team to make educated decisions. In terms of detection and prevention, I believe it's all experiential so far. Falcon has been very good at both detection and remediation for any issue that has come up.

The sensor setup and deployment were extremely easy. We were able to deploy a hundred percent of our endpoints within 60 days. We found it to be very smooth.

It was a very simple deployment strategy to get the agent out to the end-users. It was so smooth that we didn't even have to notify the end-users that it was being done. It just happened automatically. 

There was no conflict between CrowdStrike and our existing EDR that we were going to get rid of. After the installation, we were able to have the old EDR totally removed within 30 days.

We had two people for deployment and we have one for maintenance. Their roles are in information security.

We have seen ROI in that our team is freed up to work on things that are more important.

We took advantage of Falcon's free trial before purchasing it, and it was very easy to get it. We were on the phone with a representative discussing our next steps and they offered the free trial, and we were set up and functional with it the next morning. Having a free trial period is something that is expected. If anybody wants our business in this space then it's necessary because we aren't going to purchase something without trying it first.

The pricing is not bad. It's on the higher end of the market, but you get what you pay for. It's a little on the confusing side because the name of the item they're selling doesn't match what you see when you log into the product.

If you buy "Protect" and you log into the product, you don't see "Protect". You see something else, like "Identify" or whatever. So, they need to do a better job of aligning product names from the sale to within the product.

There are add-on fees for different packages that you can buy, and we are looking at adding on some feature functionality as we go forward.

We evaluated 10 different solutions in the EDR space. The top three included CrowdStrike Falcon, Carbon Black, and Microsoft's ATP.

CrowdStrike was a little better, cost-wise, than the other two. Also, I felt that the console for managing the platform was easier for my team.

My advice for anybody who is looking into implementing this product is that every organization is slightly different in its needs, and CrowdStrike may or may not be the right solution. Once you can do a trial and a bake-off of multiple options, you'll find if CrowdStrike is the right solution or not.

I would rate this solution a nine out of ten.