CrowdStrike Falcon Reviews

We are currently using this solution as a replacement for our antivirus solution. It also helps us in terms of forensic investigation, malware analysis, endpoint detection and response. 

First, it is a production from known and unknown interests. Second, it has an extremely low footprint, so it has minimal impact on the user endpoints in terms of CPU and memory usage. The tamper protection of the CrowdStrike agent is extremely good even if the user is having admin rights and he tries to disable these CrowdStrike services. The CrowdStrike service will respawn itself. It is practically impossible to tamper with these services. If I managed to craft some malware that would shut down the services, CrowdStrike will respond itself, and it will still to protect my endpoint.

In addition, it reduces the overall containment timing, and quickly isolates the endpoints to quickly mediate the issues. 

The EDR feature of CrowdStrike is fantastic. Also, in comparison to other solutions, it can connect remotely, so our security analysts can get into the system directly and do manual analysis as well. 

I also like the overall reports. They are crisp and to the point.

There are a couple of issues with the compatibility to some of the operating systems. But, I see that there are a lot of things in the pipeline. They have a roadmap, and continuously are improving. Within the last three months I have seen lot of new features in the overall CrowdStrike suite.

A couple of things were on the cosmetic part. CrowdStrike needed some improvements on the report functionalities, specifically the dashboard functionalities. Technically there a lot of things also coming from a visual perspective. There are a couple of things they still need to work out like the dashboards. The dashboard does not have the facility to export the reports in a PDF format, which I can quickly share with internal stakeholders. These are minor things, but they are in the pipeline.

The product is quite stable. 

It is very scalable. It can be used for 10,000 endpoint users. So, it is very scalable in terms of volume.

Tech support is helpful, but they need a little bit of improvement. The response time is good. This was not a "show-stopper" for us.

Initial setup was pretty straightforward. It has cloud-based hosting, so you can just get your installation agent, install it, authenticate the agent with your cloud instance and start managing the agent.

CrowdStrike has helped us in terms of manpower and cost savings. I work with a team of less than 10 people, and I have worked in other organizations where I used to handle more than 20 to 25 people for the same things.

The pricing will depend upon your volume of usage.

I have prior experience with Cylance and Dell Data Security Agent powered by Cylnace, which I would not say is a complete EDR. I also have prior work knowledge of SECDO, which has been acquired by Palo Alto.

It is a complete cloud-based solution, so they will have to factor in the compliance requirements as well. Not everyone is comfortable sending the data to the cloud, especially considering the privacy requirements. CrowdStrike needs to think of local and regulatory requirements. But, one thing is for sure, CrowdStrike will not take your personal data to the cloud, it only takes your metadata from the endpoint. But, if the company's having some stringency regulations, it will definitely be harder for them to keep the data in the cloud.

I am using CrowdStrike Falcon for network protection. We have government customers.

I have found the connection to search the hosts for detections very useful in CrowdStrike Falcon.

The solution could improve by providing more types of reports because it's in the detection span you cannot re-export anything. If it could be exported to a CSV file directly there it would help a lot. I currently need to do this by API to get what I need.

In the next release, it would be beneficial to have a DLP or CASB solution.

I have been using CrowdStrike Falcon for approximately one year.

The stability of CrowdStrike Falcon is very good. We have never had an issue.

CrowdStrike Falcon is scalable. We were able to deploy it in a 5,000 hosts environment it is easy to scale.

We plan to increase usage in the future. We are always looking for new clients.

The technical support is very good, it is perfect.

The setup is simple, it took approximately one week.

We deploy the solution with two people.

We are on an annual subscription for the solution. There are not any additional costs.

My advice for others is to purchase the solution it is simple to use and effective.

I rate CrowdStrike Falcon a ten out of ten.

We primarily use this solution for AV, next-gen AV, EDR or XDR.

I find most of the features to be very generic.

The solution is very good but tighter integration around XDR could be included. There are a lot of open integrations, but they are external factors that cause dependencies on the integrator, not really on CrowdStrike, so it's a bit of a challenge as there is no comprehensive solution. Additionally, the solution is dependent on Windows technical support.

We have been using CrowdStrike Falcon for approximately three years.

The solution is stable.

The solution is scalable, but price and support are a bit of a challenge.

We previously used different solutions, and the primary differentiating factor was marketing.

The initial setup was straightforward.

The price is high in comparison to similar brands.

I rate the solution a seven out of ten. I advise new users first to understand their use case, its vulnerability and its importance.

We are currently using this solution as an ERD tool to control and remediate threat from the endpoint remotely, it serves as a next-gen antivirus solution. It can also be used in a forensic investigation, threat hunting, trend analysis, malware analysis, etc.

• CrowdStrike is a SaaS-based solution which means it can be operated from anywhere, which gives the admins access to control the endpoints from multiple endpoints.
• It has a very low footprint, using 1-2 % CPU and around 40 Mb of RAM, and the agent size is small and easy to deploy as well.
• It has segregation of roles at various levels for the analysts, admins, SMEs, etc.

• It can connect to host and isolate it from the network if needed; this feature helps us to investigate the endpoint without visiting the endpoint and then testing. 
• It saves time and helps to contain the threat in less time.
• complete visibility into the endpoint 

The current version of Falcon does not support DLP which is a may be a good to have in a EDR Solution. It must be included in the future version if possible. There must be a on-premise versions. MDM is also coming soon must also have ability to be controled from same dashboard.

The solution is pretty stable, and it does pretty accurate work. I have never encountered any issue in this dept.

The solution is scalable to multiple thousands of systems at once. There is no restriction for that.

The support portal of CrowdStrike is active and helpful if needed.

We compared multiple solutions in EDR and out of them, CrowdStrike gave the most features and value for money.

It is pretty straightforward and without any complex mechanism.

We as a team implemented the solution on our own, with the help of the manual and help desk.

It helps to manage a lot of threats with pretty less manpower and in a graceful way.

The setup of CrowdStrike is very simple. It supports all three platforms (Windows, MacOS, Linux), and it has support for the specific version of the above OS. Which means sometimes, a particular OS won't be compatible with the CrowdStrike version.

Before choosing the solution, we evaluated various products from the Gartner magic quadrant for endpoint protection platforms (EDR and MDR).

It comes with various modules, so you can choose the module that you need on the basis of the costing it comes with. This is definitely not cheap; it comes with a cost which may depend on the organization if they need it.

The primary use case of this solution is as endpoint detection and response.

At this point what is most valuable is the interface, which is easy to navigate.

In the six months that I have been using CrowdStrike, it has not been able to detect anything. We have been using Trend Micro and it has detected some malicious activities.

We have CrowdStrike conduct some inner forensic investigations in hopes that it will be more advanced and detect things that may have been missed by Trend Micro.

It would be helpful to have some prebuilt search queries based on the top ten queries in the industry for detection.

I have been using CrowdStrike for six months.

It's a SaaS-based solution that maintains itself. It updates automatically so that we are always using the latest version.

It is not like an on-premises solution where you maintain and upgrade the version to get the newest release. It's a cloud service that is maintained by the vendor.

From my understanding, CrowdStrike is scalable as it's a cloud solution. 

This is not an area that we have fully explored as we have less than 20 end-points.

There has not been any contact with technical support or community support. I have been able to do what I needed through the documentation provided.

We are currently using CrowdStrike, and also running another AV because CrowdStike is not detecting any malicious activities and the other AV is. We are giving it some more time to see if anything happens.

We decided to start using CrowdStrike for our external facing servers because it is the market leader in EDRs. While Trend Micro has an EDR, they call it XPR it is still new to the market.

The initial setup is straightforward, it is easy to install and only took a few minutes.

We have deployed it on our external facing servers.

The pricing could be reduced. If it was more reasonable that would be great.

I would rate this solution a seven out of ten.

It logs automatically and generates alerts. It is all automatically integrated with the cloud.

CrowdStrike will detect any malicious malware attack on the machine. It will end the attack, and immediately alert us to the issue. I would say it catches the attacks 99% of the time.

I think the automatic alert feature is the most important feature. 

The management  and log aggregation need some improvement. We have had some issues with the logs. 

It is stable.

It is a scalable solution.

The setup was very straightforward. We just had to install it. We did not have to do the dependencies. 

I do not have experience with the cost or licensing of the product.