As an MSSP company, we work with various products and tools, including Falcon EDR and Falcon LogScale by CrowdStrike. We handle the configurations, integrations, and other tasks related to these tools on our tenant. We also create dashboards, perform quarantines, and use it for log management and fast data access.
It allows us to efficiently manage and store our data. Its compression and archiving features not only reduce storage costs but also minimize the infrastructure resources needed for data backup. Since we have multiple security solutions in place, it allows us to streamline data handling. We can selectively send security-related events to the SIEM while directing other non-security events from various tools to Falcon LogScale. This flexibility ensures that we have access to all the data we need when required, and we can easily export this data from it as necessary, optimizing our data management and making it readily available for analysis or other purposes.
It has an impressive data retention capability, allowing you to collect and store data for up to a year. Also, its data retrieval speed is remarkable, taking just a fraction of a second to access the information you need. This combination of extensive data retention and quick data retrieval sets it apart from other log management tools I've worked with in the past. It offers the capability to view live log ingestion directly from the console which means you can seamlessly manage live log data ingestion alongside accessing and analyzing older data from the past.
There are some overlapping features found in multiple tools.
We have been using it for a year now.
The solution remains stable without any notable issues. It performs exceptionally well when dealing with substantial data ingestion. Retrieving data from one or two months ago is virtually instantaneous.
As a relatively small organization, we haven't had the chance to deploy and scale it yet. Our daily data ingestion is relatively modest, typically around fifteen to twenty GB and we don't have subsidiary branches where we can replicate the same LogScale environment for further scaling. However, we are open to exploring potential opportunities for expansion in the future.
Around six months ago, we engaged in a workshop with one of CrowdStrike's Subject Matter Experts. During this session, they provided us with an overview of their products, explaining how they function, their capabilities, and the new features that had been added.
I've had experience working with Global Chronicle, Sumo Logic, and Splunk, including an Indian tool. In comparison to these solutions, Falcon LogScale appears to be a well-rounded and efficient solution. It excels in certain areas where others fall short, making it a strong choice for log management in my experience.
The initial set up is straightforward, and its operation is easily comprehensible. You can swiftly deploy it on your own without much complexity.
For on-premises deployment, you'll require a dedicated server with specific backend requirements and you'll need to obtain the OVFA from CrowdStrike LogScale. While we haven't had the chance to perform an on-premises deployment, based on my knowledge and the available documentation, the process is estimated to take around thirty to forty-five minutes to complete.
I would suggest that, based on your organization's log management needs, if you're already using an SIEM solution, you can complement it with Falcon LogScale for extended data ingestion and storage. It provides flexibility, allowing you to customize data retention based on your specific requirements and organizational compliance standards. You can tailor data ingestion to send security-related alerts to the SIEM while storing other logs for future use. Its capacity to handle vast amounts of data ingestion and provide lightning-fast query capabilities is a significant advantage. I would rate it nine out of ten.
