Falcon LogScale Reviews

I am familiar with Falcon LogScale from CrowdStrike because I have heard about it, and we also have a special department with colleagues whose expertise is CrowdStrike and the products.

I cannot answer whether Falcon LogScale is a reasonable price as I do not know.

I would have to check with the projects to determine the typical use cases of Falcon LogScale.

My job is to bring the specialists and the customer together regarding Falcon LogScale, and most of the time, I am not involved in those meetings. However, I know that my colleagues always involve CrowdStrike in these projects, so we do not do it alone. We do it together with the vendor.

My customers also use the search and visualization features of Falcon LogScale. I am an account manager, so I have an overall view of my customers, but I do not know every product and every project in detail because it is impossible.

I do not know if I use Falcon LogScale's query language and dashboards personally, but my customers use it. However, I do not know what exactly they are using.

Regarding security, I work with many different vendors, and my customers are mostly banks and insurances.

That is a difficult question regarding Falcon LogScale. That is really a question for the professionals, and I am not a professional, so I do not know.

I have been working with Falcon LogScale for about five years.

I have only heard the best about CrowdStrike's support. My customer never complains, so I am happy if the customer does not complain.

I am using vendor assistance during implementation.

The implementation path is always very long. My customers are all very regulated, and in Germany, we have very strict regulations. That is always an obstacle because there is so much paperwork that needs to be filled out. The path from discussing security to implementing something is always a very long process.

I am referring to the documentation part, and with DORA, the Digital Operational Resilience Act, customers have many questions regarding vendors. They ask if it is an American company, if it is a European company, and where their data is located. It is always a very long process.

Initially, the log was for log management. We store our logs for achieving compliance and log retention for longer periods. This function, LogScale, is now a platform where we can do correlation as well. It has become a next-generation SIM.

The solution definitely saves us time because it has a Google-like search. We can pull out log information in seconds, whereas traditional solutions would take hours or days. Additionally, the compression ratio is very high, which means our storage costs are minimal.

The fast search and index-free data retention are very valuable. The platform now works on an AI and ML-based engine, and we can analyze anything that is stored.

The integration could improve. Easy parser writing should be an option to ingest log in a human-readable format for unsupported devices. For visibility perspective, the dashboard should be more user-friendly. It should visualize what is happening in the complete ingestion, showing how many log sources there are, data volumes, and use cases or correlation rules triggered based on AI and ML analytics.

We have used LogScale for approximately one and a half years.

Stability is good. I would rate it nine out of ten.

Currently, scalability needs improvement in the visualization and representation of LogScale. The integration needs to be dimensioned.

CrowdStrike support is good, but in some cases, it takes time to resolve on-premises solutions. I would rate the support seven out of ten.

Neutral

There are no previous solutions mentioned.

If the user wants to install it in their infrastructure on-premises, it's complex. If they are using a cloud as a SaaS service, it is easy.

The pricing is average. I would rate it six or seven out of ten.

In the India market, OpenText is the direct competitor for log management and SIM products. IBM's QRadar is also mentioned.

LogScale can be used across all company segments.

I'd rate the solution eight out of ten.

As an MSSP company, we work with various products and tools, including Falcon EDR and Falcon LogScale by CrowdStrike. We handle the configurations, integrations, and other tasks related to these tools on our tenant. We also create dashboards, perform quarantines, and use it for log management and fast data access.

It allows us to efficiently manage and store our data. Its compression and archiving features not only reduce storage costs but also minimize the infrastructure resources needed for data backup. Since we have multiple security solutions in place, it allows us to streamline data handling. We can selectively send security-related events to the SIEM while directing other non-security events from various tools to Falcon LogScale. This flexibility ensures that we have access to all the data we need when required, and we can easily export this data from it as necessary, optimizing our data management and making it readily available for analysis or other purposes.

It has an impressive data retention capability, allowing you to collect and store data for up to a year. Also, its data retrieval speed is remarkable, taking just a fraction of a second to access the information you need. This combination of extensive data retention and quick data retrieval sets it apart from other log management tools I've worked with in the past.  It offers the capability to view live log ingestion directly from the console which means you can seamlessly manage live log data ingestion alongside accessing and analyzing older data from the past.

There are some overlapping features found in multiple tools.

We have been using it for a year now.

The solution remains stable without any notable issues. It performs exceptionally well when dealing with substantial data ingestion. Retrieving data from one or two months ago is virtually instantaneous.

As a relatively small organization, we haven't had the chance to deploy and scale it yet. Our daily data ingestion is relatively modest, typically around fifteen to twenty GB and we don't have subsidiary branches where we can replicate the same LogScale environment for further scaling. However, we are open to exploring potential opportunities for expansion in the future.

Around six months ago, we engaged in a workshop with one of CrowdStrike's Subject Matter Experts. During this session, they provided us with an overview of their products, explaining how they function, their capabilities, and the new features that had been added.

Positive

I've had experience working with Global Chronicle, Sumo Logic, and Splunk, including an Indian tool. In comparison to these solutions, Falcon LogScale appears to be a well-rounded and efficient solution. It excels in certain areas where others fall short, making it a strong choice for log management in my experience.

The initial set up is straightforward, and its operation is easily comprehensible. You can swiftly deploy it on your own without much complexity.

For on-premises deployment, you'll require a dedicated server with specific backend requirements and you'll need to obtain the OVFA from CrowdStrike LogScale. While we haven't had the chance to perform an on-premises deployment, based on my knowledge and the available documentation, the process is estimated to take around thirty to forty-five minutes to complete.

I would suggest that, based on your organization's log management needs, if you're already using an SIEM  solution, you can complement it with Falcon LogScale for extended data ingestion and storage. It provides flexibility, allowing you to customize data retention based on your specific requirements and organizational compliance standards. You can tailor data ingestion to send security-related alerts to the SIEM while storing other logs for future use. Its capacity to handle vast amounts of data ingestion and provide lightning-fast query capabilities is a significant advantage. I would rate it nine out of ten.

This is a next-generation SIEM solution. It's used for fast search results compared to traditional SIEM solutions that take much longer due to the huge volume of data.

The traditional SIEM could not cope with the indexing algorithm, but with Falcon LogScale, we can get the result within a few seconds when we search for a keyword.

One of the key features is the fast search functionality, enabling us to get results within a few seconds.

So far, there are no features in need of improvement. The price could be lower.

I've been working with LogScale for about half a year.

There don't appear to be any complexities with stability. The rating for stability is nine out of ten.

I rated scalability as eight. It has the ability to scale well.

Customer service is rated nine out of ten. So far, so good.

Positive

The setup process was simple. We managed to get it done within a day.

The pricing could be lower.

The main competitor on the market is Splunk.

I'd rate the solution eight out of ten.