CrowdStrike Falcon Reviews

I'm a security analyst. We get alerts on the cloud side that appear in the CrowdStrike console and also in our email. We can consolidate them on the console and check the process tree. You can see the hostname, user details, and all the information on the right side.  On the file part, we can see whether the malicious file has been executed and decode it to see where the hash appears.

I worked with an event-tracking tool before I started working at this company, and any insights that were triggered in that tool would be noted in the infrastructure certificate tool. The information we gather from CrowdStrike will be updated in Azure, so all the information, resolutions, etc. will be added to Azure. We can check the activity and whether the malicious file is being blocked, quarantined, or allowed.

I like Falcon's threat detection and endpoint investigation features. It's a user-friendly solution. We determine the root cause of an alert and contact the end user via our Slack channel if necessary to gather additional information to determine whether they know about the activity. We can download and investigate the malicious file in the sandbox to see what's happening. We check to see if it has been executed. We can easily delete it in the CrowdStrike console if it hasn't.

I have used CrowdStrike for two years. 

I rate CrowdStrike Falcon ten out of ten for stability. 

I rate CrowdStrike Falcon ten out of ten for scalability. 

I rate CrowdStrike support eight out of ten. They respond quickly on weekdays, but the weekend response times are slower. 

Positive

I'm working on two projects. One is using CrowdStrike Falcon and the other is using Crowdstrike XDR, which is the advanced version.

Falcon is a cloud-based platform so deployment is easy. You only need to deploy the agent to the endpoints, but the data is stored in CrowdStrike. 

I rate CrowdStrike Falcon ten out of ten. I would recommend Falcon to others. 

Falcon helps my client improve productivity. About 5,000 users at the client company are using the product. 

CrowdStrike enables the infrastructure managers to visualize all the events and get information about the network.

It's important for the customer to have surety that all the workstations are protected. 

There are some areas where some customers would prefer a different service.

About four months ago, I and my other partners started preparing a presentation to propose CrowdStrike to a client.

Falcon is a highly stable product.

I rate CrowdStrike's support 10 out of 10. 

Positive

We worked with other solutions, like Trend Micro. CrowdStrike's advantage is that the agent is light, so it doesn't require many resources on the machines. It's easy to install, and the results are useful to the organization.

I'm not directly involved with the setup. I prepare a proposal, and another department deploys the solution. Falcon doesn't require maintenance because the product runs in a cloud environment.

We use a reseller and an integrator.

I rate CrowdStrike Falcon 10 out of 10 for ROI.

My customers pay for yearly licenses. I rate CrowdStrike Falcon 10 out of 10 for affordability.

I rate CrowdStrike Falcon 10 out of 10.

We use CrowdStrike Falcon as a managed SOC for intrusion detection on our endpoints.

Being a cloud-native solution, CrowdStrike Falcon provides flexibility and always-on protection. This is extremely important to have the best protection available.

It is a fully managed service, so they provide all the necessary updates for us which is helpful.

While CrowdStrike Falcon provides us with better peace of mind in terms of protection, it also generates alerts for potential threats, requiring our investigation. However, the platform further alleviates our anxiety by automatically reviewing unaddressed alerts, offering an additional layer of security. This coverage fosters a heightened sense of security.

CrowdStrike Falcon has been instrumental in preventing breaches, allowing us to operate with significantly increased security compared to the past. This has provided us with much greater peace of mind. While no security solution is foolproof, Falcon has brought us remarkably close. 

The anomaly detection is the most valuable feature.

The portal can be clunky to navigate at times and has room for improvement.

I have been using CrowdStrike Falcon for two years.

I would rate the stability of CrowdStrike Falcon a nine out of ten. The only issue I have had is with an old version of the endpoint that was installed and has proven to be problematic. 

CrowdStrike Falcon is scalable.

The technical support is good and they provide prompt responses to all of our questions.

Positive

We implemented CrowdStrike Falcon in response to a security incident. It was the first endpoint detection and response service we had ever used, and we've been utilizing it since 2021.

Deploying the sensors to our endpoints is straightforward. We do have a manual process for deploying the sensors to our endpoints. There are also options to do it through a group policy. It doesn't seem overly complex.

We rolled the solution out to our entire estate which took just over one week. We had up to 300 endpoints and required a team of five people to complete the deployment.

CrowdStrike Falcon enables us to save on resources which in turn provides a 20 percent return on investment.

CrowdStrike Falcon offers excellent value for the money for our organization, particularly given our lean IT team. We lack the resources to replicate the full security services they provide without hiring additional personnel. The cost of Falcon is likely comparable to, or even less than, the salary and benefits we'd need for an extra employee. Furthermore, their on-call experts have more expertise, further enhancing the value proposition.

After a year, we reevaluated our endpoint security solution. We considered several options, including Arctic Wolf, SentinelOne, and Darktrace, alongside our existing Fortinet solutions. We participated in demos and ultimately determined that CrowdStrike's offering, both current and future, remained the best fit. While we hadn't initially explored other options before choosing CrowdStrike, external factors subsequently forced our hand. However, after a year of use and further evaluation, we reaffirmed our decision, concluding that CrowdStrike was still the most suitable solution for our needs.

I would rate CrowdStrike Falcon a nine out of ten.

We have around 300 endpoints and three people who have access to the solution.

Three people are required for maintenance.

CrowdStrike Falcon was recommended by our head office in Germany.

I recommend CrowdStrike Falcon. 

We integrate the data from this solution with ExtraHop, which is an NDR. Being able to move between both platforms and have network-level data and transactions over the network feed into XDR CrowdStrike is really powerful. It helps us make better decisions, it makes better decisions without human intervention, and it hones the analytics a little bit. The EDR aspect of it works almost exactly the same as the regular Falcon product. I will say that it's probably a lot better at scale than what we're using it for. I work at a school district, so for the individual schools, it's nice to see and isolate issues and have reports built by individual school locations rather than just everything looking like a whole hodgepodge of computers.

It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff, like look for old versions of applications that maybe you forgot about or find stuff that people are running that maybe you don't want on your network, and it lets you get rid of those. Also, its ability to do on-keyboard remote response and run PowerShell script through the sensor is pretty sick. It's ability to quarantine devices is also pretty great.

The ability to receive text alerts natively in the console would be kind of cool. Some people put their email on quiet hours, so having it natively in the system would be nice.

I know that they offer an identity piece and a firewall piece and we haven't subscribed to or purchased either of those, but having some of that data in the base program would be good, and then if you want more control, you pay for it. There's times where I want to look at an internet history of a device that's remote, or I want to see logins, successful or unsuccessful. I don't want to manage identity and I don't want CrowdStrike to alert on it, but it would be nice if the ability to see the data was included with the base product. Then that could kind of get your foot in the door with having the ability to look at that information, but not being able to do anything actionable with it.

I have been using this solution for two years. 

The solution has never failed. The only false positives that we get are ones that we test with. I do true and false positive testing every month to make sure stuff is working correctly and the solution picks up on it. 

The solution is very scalable. Our proof of concept was a few devices and now at full scale we have 50,000 devices. It's a cloud console, so if you do the implementation right and the sensor is put on in an automated process, it doesn't matter how many computers you have. It just runs. They have sensors for every kind of device: Macs, Windows, Linux, and I think even Android.

The support is great. They're quick to respond and you see the same names pretty consistently. They probably do it by region or account or something like that, so it's not just a random person every time.

The setup is as complex as you want to make it. They have engineers that help you. We did a proof of concept first and that was pretty seamless. If you want to build out a bunch of dynamic groups and have different policies affect the different groups separately, you can. If you want to purchase a bunch of licenses for integration with different products, they partner with a bunch of different security vendors and you can make it as complex or simple as you want. If you just want NextGen AV, you can just have NextGen AV and it's super simple and the sensor just sits on a computer, but if you have a bunch of data and want it to be really complicated and want to be able to do whatever you want, you can do that too. It's pretty flexible, in that sense.

Getting it off the ground took myself, one CrowdStrike engineer, and we could have done it with one systems engineer, but we had two because one was on the client side for the Windows hosts and one was for enterprise for the data center and servers. We did it with four people, and me and one other guy manage it ourselves.

We pay for Overwatch, which is kind of like a sock where someone that works for CrowdStrike monitors certain aspects of your network, and then they can make notes and quarantine devices for you, and they'll alert you at 2:00 in the morning. It's really great, but it takes two people to manage the alerts after a bit of tuning to make sure that the stuff that is on your network that you want to be there, that's getting picked up by CrowdStrike, is excluded. I get maybe ten alerts a day, but that comes from having good hygiene in other areas. If you're not preventing those alerts or fixing the problems that CrowdStrike is picking up, you're going to have a lot of work to do, but if you use CrowdStrike as a hygiene tool, it's a lot easier to manage.

My advice would be to automate as much of the management as you can. Sensor deployment can be really annoying, but if you figure out how to automate it in your environment, that will make it way easier. That way, as the devices are provisioned, they have the sensor on them and they just pop up into your console. I know some people do it by hand and that's a nightmare.

I would rate this solution as a nine out of ten. It's really good. 

Our main use case was looking for an endpoint solution that was able to follow our users anywhere. We have over 52,000 employees, and a majority of our people work in various places. Many employees are not in an office every day: They are at a client's sites, some work at home, some are traveling, etc. We really needed something that would give us visibility no matter where and when an employee was working.

It has improved the way that we function by giving visibility to machines that we could not see before. With our previous product, you had to be VPN'd and connected to our network. Now, we can see alerts when people are just working at home. For example, they may have clicked on something that may be malicious, now we can take action and stop things from getting worse at the end of the day with its level of visibility. We have also seen installing CrowdStrike has a lot less resource issues versus what our previous solution had on local machines.

It is very important that our security solutions are cloud-native as continue to grow our company. I have been here for almost three years and we were 40,000 employees then, and we are over 52,000 now three years later. For us, the cloud has been important because we don't have to worry about infrastructure, connectivity, or other things like that to grow our business.

Even as we had to pivot with the pandemic to more employees working from home, we have been able to maintain the same level of security visibility. One of the big concerns for management when the pandemic stated was how we maintain security asking, "What do we have to change for security?" and it was nothing, "Let people go home. Let them work from wherever they need to." We had already taken the remote working ability into our security model. Our security operations did not change anything when employees pivoted from working at client sites (or in offices) to working at home.

As long as the machine is connected to the Internet, and CrowdStrike is running, then it will be on and we will have visibility; no VPNing in or making some type of network connection. CrowdStrike always there and running in the background; for us, that is big. We wanted something that could give us data as long as the machines connected to the Internet and be almost invisible to the employees.

Having this type of security operations gives our management a level of comfort. We know we have ransomware protection and there are automatic actions that will happen to keep those incidents from spreading. As things like SolarWinds or the Microsoft Exchange issues have come out, we have been able to use the CrowdStrike logging to do look backs through the logs that we have been maintaining for over a year to see if there were any indicators of compromise that previously occurred before this was known issue. This has been great for us to be able to report to various management. even if we may have been running a vulnerable version of this for a period of time, e.g., like the SolarWinds software.

The Prevent, EDR, and OverWatch are some of the biggest features for us. They stand out as being useful because:

1. Their high efficacy rate on detecting items.
2. The ability to detect malicious activity and take action with a machine that may not be on our network.
3. Do remediation or automated actions, especially for things like ransomware, where it would automatically stop from running and quarantine the machine.

The introduction of CrowdStrike Overwatch service has reduced security risk. It mines through data by threat hunting. Overwatch has been able to point out things to us that were potentially risky activities going on that probably wouldn't have been detected by our old solution allowing us to take some actions and reduce some risk from that perspective.

They have been able to offer Spotlight and other modules, which is great. They take the information they have and turn it into solutions.

There is so much data in their dashboarding and other stuff like, but there is also still some work to do on, "How do you boil it up to certain higher levels/executives?" There is a lot of good technical detail, but in the position that I sit in, sometimes it is a little hard when I am not in it day in, day out to come to what is the real executive level sorts of things. For example, CrowdStrike shows incidents, but what are the things that I really need to worry about as a CISO at a company? That is the one area for improvement.

Finally, they bought a company that is doing SIEM, which is interesting to me. When I first started with CrowdStrike in my previous organization, four or five years ago, I went to CrowdStrike, and said, "I don't want to have to buy or continue to support our SIEM product. I would rather use you guys. Can I pay you extra money to hold that data and do those things so we can have that functionality? Then, I can get one rid of a solution." At that time, they told me, "No, we're not a SIEM company." I did not like the answer, but I respected it. Now that they bought one, and I am like, "Wow, I guess I was just a few years too early." So, I'm glad to see those sorts of things. I am glad to see them evolving into those areas where I saw it years ago, where they are strong, and displace others.

I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization. Then, I can have less vendors and put more effort into one solution that we really want to operationalize.

I have been using it for two years at this organization. I also used it for about two years when I was at my previous organization. So, I have used it for four years in total. There was a little lull in-between when I came over to this organization as their CISO, because they were on another product and then we ended up switching in 2019 to CrowdStrike.

I have never had an issue with stability at my current organization. At my previous employer, there was one issue with an auto upgrade where it caused some issues, but it was resolved quickly.

CrowdStrike is a vast improvement compared to our previous solution, where we had to spend a lot of time. For example, when the client had to be upgraded, it was a three-to-six-month project with people having to spend dedicated time to roll it out in waves, then deal with issues when a client's machine didn't upgrade correctly. Now, upgrades happen automatically. We turned auto updates on and have never needed to look back. Nobody has to spend any time on it.

I honestly cannot tell you the last time I have heard about a CrowdStrike agent issue causing an outage on a machine or server at the end of the day.

We have had no problems with scalability. CrowdStrike can scale as much as we need them to, they are the ones taking care of all the cloud, hosting, and processing on their end. So, we have never had an issue where we have seen a degradation in alerting timing, etc.

There are probably 10 to 15 people who access CrowdStrike or use its data regularly. It is funny because our IT people will use it to try to look for things that aren't necessarily security sorts of things, for example, "Hey, this isn't working," or, "That isn't loading," because of the level of visibility CrowdStrike has in some of the processing item. We have four or five people on the SOC. There are probably 20 or 30 accounts in there, but for the ones which are used regularly, it is probably about half that amount, like seven to 10.

My experience with the technical support has been great. Part of it is also the level of access that I have at CrowdStrike. I have been on their advisory board since the beginning and a customer. I participated in a panel at one of their last in-person sales kickoff with their CEO. I remember when the company was 200 to 300 employees and there were 1200 or 1300 at their sales kickoff.

For monitoring it, we have an outsourced IT provider (our partner) who has security operation center people. They are the ones who are really responding to the alerts at the end of the day. I think there are four or five people who cover the 24-hour time shifts.

This solution has been not nearly as compute resource heavy as some of our previous solutions. Compared to our previous solution, CrowdStrike is a lot easier to use, easier to get information out of it, and you are getting it in more real-time.

Deploying CrowdStrike's sensors to our endpoints has been fairly easy. You can do tens of thousands of hosts in less than a day. I know of another organization who deployed 60,000 endpoints over a weekend.

Each organization has to look how its IT operations function. We did our deployment in a phased approach, with lower risk systems and servers first. If you had an issue, then you could easily roll it back. Then, we rolled it out into more regions and higher risk things.

We had a desktop management employee pushing it out, then another person in our security operations center validating endpoints numbers. It is really having your support desk know as well as having your people who run endpoint management.

For monitoring it, we have an outsourced IT provider (our partner) who has security operation center people operating the solution 24/5. They are the ones who are really responding to the alerts at the end of the day. I think there are four or five people who cover the 24-hour time shift.

The amount of compute resourcing used on a machine has been significantly less than the previous produce. The biggest ROI is the operational cost reduction. We would have a project manager spend three months to roll out an upgrade of a very heavyweight, security endpoint client. At the end of the day, this could cause a one to two percent error rate where machines would have an issue, then we would need to have a tech spend a lot of time on correcting this versus having automatic updates now that take care of themselves.

You are looking at saving six to seven months of a person's time, collectively, which would have been spent on just doing this one function alone.

Years ago, when we bought CrowdStrike, you got everything it had. I was a little concerned when they broke this out into a la carte modules where you can buy EDR, Spotlight, etc., picking and choosing off the menu. I was a little worried that the solution would get watered down. However, I realized in my previous organization when we had the full suite that there were a bunch of features in it that we didn't have time to operationalize. So, I warmed up to it. I get the whole, "Look, you can pick and choose. Okay, everybody buys a steak, but do you want mashed potatoes, or do you want lobster mac and cheese?" So, you can pick the sides that you want, so you can buy the solution that you want and operationalize versus paying a lot of money and getting a bunch of things, but not using 60 percent of the tools in the box.

There are licensing and maintenance fees.

At my previous company, I did a PoC. The guy who led all the Midwest sales was somebody I knew for around a decade. So, it was, "Hey, I want to try this out because it sounds interesting." So, it was fairly easy. You got the trial. You installed it, then you connected to their cloud portal. That was it. You opened it up to be able to communicate to port 443 outbound, and that was it. It was super easy to get CrowdStrike up and running.

The PoC was important because we were able to test \ and see visibility that we weren't able to before when a system was off-network, just sitting at home, connected on an Internet, and not VPN'd in. It was those sorts of things where, "Look, this is what we can see now that we couldn't see before," as a result of doing that trial.

At my current company, we did not do any type of trial because of past experience. We did test but then just started kind of rolling it out because our other product was just too heavy to continue to operationalize.

In my previous organization had very much the same issue that my current one had. We had an endpoint solution where you didn't get any alerting from the endpoint security if you were off-network. We had salespeople who traveled, and even more people connected via VPNs, which was common. A lot of things were internal, but we were shifting to some cloud-based things. We had the issue where a salesperson connected to the network every once in a while, and we wouldn't see the alerts. By the time we got the alert, it's well past and who knows what has happened. Therefore, I started doing some searching on the Internet and found the company, CrowdStrike. I looked it up and was like, "Oh, a friend of mine, in sales, was there." So, I called him up and said, "Hey, can we talk?" That is where it started.

We continue to look at other solutions such as what Microsoft has to offer. Some of it is part of our licensing and some of it is not. We continue to listen to some of the other players who are out there such as Cylance and SentinelOne. When I first looked for CrowdStrike, there was nobody else in this market space who was doing endpoint security purely from the cloud. Even when I talked to our previous solution provider about the cloud their answer was, "Oh, we can put servers on Amazon." I told them, "No, I don't want to have to manage servers, period. I want the provider to take care of this. We'll pay for that." That was kind of this weird notion for them to be a truly software as a service model. Now, it is common, and everybody is doing this service model.

A number of other solutions have caught up, mainly by copying CrowdStrike’s cloud-first framework model. A lot of them have been catching up from that perspective overall. Now, it has become a little bit of a crowded field and much more of a commodity but CrowdStrike was the industry leader when we were making our decision.

CrowdStrike is currently across all our technology stack, servers, and workstations.

When we did our proof-of-concept testing, our administrators liked that installing it was easy and did not need to reboot the system (and causing an outage). Our administrators also loved that once they did this, they didn’t have to deal with doing client upgrades once or twice a year, where you have to take servers down and reboot them. You install this once, and now you won't have to worry about this ever again. I sold this to administrators as, "You want me to make your life easier? Here is the one thing you need to do." Now, they reap the benefits.

We are looking at the cloud workload options over a course of time, as more technologies shift to cloud and we acquire other companies with more endpoints. From that perspective, we will continue to look at some of the other modules that they have but operationalizing some of modules are not in our risk profile. Some of the modules don't add as much value as they would to some other companies depending on their risk exposures.

We will look into the solution’s Horizon module in the future.

I would rate this solution as a nine out of 10.

CrowdStrike Falcon is used as an endpoint detection and response platform. It's basically an antivirus solution. It is deployed on all the endpoints, including workstation servers, et cetera.

We previously had another solution. However, it was a combination of signature-based and anomaly-based detection methods. When we implemented CrowdStrike in our organization, it helped us minimize the critical gap where, in some cases, we could not identify malicious behavior.

CrowdStrike is behavioral-based; therefore, it has a behavioral-based detection method. It's not a signature-based tool. It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints.

They have a service called Overwatch. It's an incident response feature, which CrowdStrike usually provides for most of the customer's premium customers. They will be looking for particular instances. If anything really suspicious or malicious happens, they will inform us. That is one kind of feature that is really great as compared to other tools.

The ransomware protection and behavior-based detection are the best features. 

The solution has effective prevention policies. They help prevent cyber attacks or any other malicious activity.

The real-time response capability supported our incident response efforts. Whenever there is a case of any critical incident or any security breach, at the time of security breach, we can utilize RTR (real-time response) features to know what process is running. Then, we can kill the process. We can get to know, for example, what active connections are. Also, in case of quarantine, if we quarantine a particular machine with CrowdStrike, we still have access to that machine with the real-time response feature. That's quite useful.

File integrity monitoring could be improved. They need to have more clarity on the policies and how we can apply them to get the file modification details. In terms of vulnerability management, CrowdStrike doesn't have the network scanning feature, which other competitors have.

We sometimes get false positives. We have had to create some exceptions. However, we have been able to minimize the noise. 

I have been using CrowdStrike for more than 3 years.

This is a very stable solution. I'd rate the solution 9 out of 10. 

We have a single instance across multiple locations. People in the company work from different locations, and we have agents installed to workstations, et cetera. We have around 8,000 workstations and around 5,000 servers. Then, we have about 20 people working on it directly regularly.

The solution is absolutely scalable, and companies can scale it as needed. I'd rate the solution 9 out of 10 in terms of scalability. 

I'm absolutely satisfied with CrowdStrike's support. They have a robust support team that is always there to help.

Positive

We were previously using Symantec. CrowdStrike has a wider range of features and has been the market leader in its category. After a quick POC, we decided to move to it. 

The initial setup was straightforward. There were no major hiccups in implementing it. We were clearly guided by the CrowdStrike team. We just followed the steps provided. It took 45 to 60 days to implement.

CrowdStrike is a cloud-based solution. We don't have to deploy any instance on-premises or cloud. CrowdStrike provides us access to their instance. We simply have to install the agents on our systems. Those agents will communicate to the CrowdStrike Falcon cloud. It will all be managed by CrowdStrike, and we will have access to the console. On the console, we have all the features and all the different options we need to manage the platform. There is no maintenance required.

We had 3 people participating in the deployment. From the system side, there are multiple teams involved from the deployment point of view. That said, 90% of the work was done by the security platform team.

I'd rate the ease of deployment 4.5 out of 5. 

We have witnessed an ROI. It's been the first line of defense for us. It has saved us on costs. However, those are hard to quantify as we haven't faced a breach.

The solution is expensive, however, if you look at the features, it's worth the cost.

I'm a customer and end-user.

I would absolutely recommend this product to any organization with a prior POC under its belt. A company needs to test it in their environment. That said, I would highly recommend anyone to test it out.

I'd rate the solution 9 out of 10. 

We use CrowdStrike Falcon for both our server and endpoint security, including our users' laptops and PCs.

CrowdStrike Falcon has made a significant difference for us, especially in mitigating ransomware and zero-day attacks. Its proactive and defensive response approach effectively isolates threats, setting it apart from other endpoint solutions.

Integrating CrowdStrike Falcon into our environment was seamless. Once we set the policy the software was activated immediately and distributed on all our endpoints.

The real-time response is highly effective. It automatically takes immediate action whenever it detects suspicious activity, alerting us to the problem and providing clear mitigation steps. In some cases, it even pushes through updates to resolve the issue proactively.

The usability and interface of CrowdStrike Falcon for daily operations are good. 

The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action.

CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR.

The pricing has room for improvement.

I have been using CrowdStrike Falcon for three years.

In the three years of using CrowdStrike Falcon, we have not encountered any stability issues.

CrowdStrike Falcon scales well. We are using it in a large environment with no problems.

The technical support is responsive.

Positive

We previously used both Symantec Endpoint Detection and Response and Kaspersky Endpoint Detection and Response but found that they lacked the 24/7/365 monitoring and response offered by CrowdStrike Falcon. Additionally, their detection capabilities, particularly for ransomware and zero-day attacks, were not as effective.

The initial deployment was straightforward and non-disruptive. The deployment took one week to complete.

We required two people from our organization for the deployment on-site and the CrowdStrike team worked remotely.

The CrowdStrike team helped with the implementation.

CrowdStrike Falcon is one of the more expensive endpoint solutions on the market.

I would rate CrowdStrike Falcon an eight out of ten.

We deployed CrowdStrike Falcon across all our locations, including subsidiaries and remote sites in various regions.

Maintaining CrowdStrike Falcon is simple because it only requires a client agent to be installed on the machine at the kernel level, below the operating system.

We have several use cases including threat management, EDR, AV, and a SOC with 24x7 monitoring.

The fact that CrowdStrike is a cloud-native solution is very important. We don't have to deal with any upgrades on the appliances or console. The only thing we have to deal with is the upgrade of the agents. The SaaS model works very well for smaller companies like us.

The flexibility and always-on protection that is provided by a cloud-based solution are important to us. The cloud is everywhere. So, with the agent on the laptop, wherever the user may go, including home, office, or traveling, it's protected 24x7, all the time. That's what we require and this is what we got.

We haven't had cases where we have quarantined any material stuff yet, because we are relatively small and we don't see a lot of malware in our environment. In this regard, it has been relatively quiet.

In terms of its ability to prevent breaches, if you look at the cyber kill chain, the sooner you detect malicious activity, the better you are in responding as opposed to waiting for a data breach. I think CrowdStrike is capable of identifying malicious activity throughout the whole cyber kill chain. Step one is establishing when they have a foothold in the environment, and then detect whether they are moving laterally. The sooner they are discovered, the better we are at stopping data breaches.

CrowdStrike has definitely reduced our risk of data breaches. It reduces the risk of ransomware and it gives us comfort that someone is watching our back.

We had some end-of-life workstations that were running Windows 7 and for some reason, related to PCI compliance, CrowdStrike rejected them. This helped us in terms of maintaining our PCI compliance.

The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate. Essentially, they're an extension of my team and I like that. We're a small company and we only have a base of approximately 260 employees. As such, we cannot afford to hire skilled security people. So this makes sense for a smaller company like us.

There is a helpful feature to look into the vulnerability of the endpoint, which allows us to see which PCs have been patched and which ones have not. That helps my team to focus on those PCs that require their attention.

The deployment process is an area that needs to be improved. For some reason, CrowdStrike does not provide any help in terms of how to deploy the agent in a more efficient manner. They just don't provide the support there, which leaves their customers to figure out how to push agents out, either through GPO or through BigFix or through SCCM, and there was no support on that side. Not being able to complete the deployment in an efficient manner is one of the huge weaknesses.

It would be good if they had a feature to remove agents. We're in a transaction processing environment and if CrowdStrike is affecting a transaction processing server, we need to uninstall that agent pretty fast. Right now, the uninstall has to be done manually, which is not great. If we have a dashboard capability to uninstall agents, I think that would be great.

The dashboard seems a little bit too clunky in the sense that it's spread out in so many ways that if you don't log in on a daily basis, you're going to forget where things are. They can do a better job in organizing the dashboard.

I have been using CrowdStrike Falcon for approximately five months.

I haven't had any issues for five months since we've installed it, which is good to know. No users have complained about any CPU spikes or false positives, which we like.

If you have a way to deploy agents in a rapid manner, I think the scalability is there. As we buy and acquire companies, we have to roll out agents to those places. Right now, it's still very manually intensive and it slows down the process a lot. So, I think the scalability can be improved with a rapid deployment feature.

Our strategy right now is just to install CrowdStrike for PCs and laptops. Once we get comfortable with the technology, we can start testing the servers. It's just that we haven't finished the deployment to PCs and workstations yet.

We have approximately 260 endpoints and we're probably about 20% complete in terms of deployment.

We've raised support tickets such as the request for rapid deployment capabilities. However, we only received responses to the effect that they do not support anything like it. In that regard, the support has not been great.

That said, we don't use the support site a lot because we haven't had any issues with CrowdStrike. So, I can't say much about that.

Prior to CrowdStrike, we used Carbon Black Threat Hunter.

There is a huge difference between the two products. CrowdStrike is quiet. I think that Carbon Black Threat Hunter just locks everything that has to do with the endpoint. You generate a lot of noise, but it means nothing. Whereas CrowdStrike is more about real threats and we haven't seen much from it.

On the other hand, with Carbon Black Threat Hunter, we were able to deploy pretty fast and we could uninstall agents pretty quickly from the dashboard.

I had originally heard about CrowdStrike Falcon from my peers. A lot of CSOs that I have roundtable discussions with speak highly about it.

The sensor deployment is a manual process right now, where we have to log into every workstation, every server, and install it manually. It's very time-consuming.

It's an ongoing process across our organization.

One of our security engineers is in charge of deployment. However, we don't have someone on it full time. He works on this when he has time available, so we probably only have one-third of a person working on it.

We completed a PoC using the trial version, and it was pretty easy to do. It took us less than an hour to deploy. It was just a matter of downloading a trial agent and setting it up.

Having the trial version was important because the easier the PoC is, the better the chances are of us buying the tool.

At approximately 40% more, Falcon is probably too expensive compared to Cisco AMP and Cylance, although that is because of the OverWatch feature. If you took out the OverWatch feature then they should be about the same. There are no costs in addition to the standard licensing fee.

We evaluated other products including Cisco AMP and Cylance. Neither of these products has the Overwatch feature that CrowdStrike has. The reason why we chose CrowdStrike was that we need to have 24x7 monitoring of our endpoints. That's the main difference.

In terms of ease of use, CrowdStrike is not so great. Cisco AMP has a better, cleaner dashboard and they're more mature in the way that you navigate. It's as though they have spent time getting customers to click on features and then figured out which is the quickest way to get to what you want, whereas CrowdStrike is not there in that sense.

Cylance is even better in terms of ease of use. They dumb it down to only a small number of menus and dashboards. There are probably only five dashboards that I look at on Cylance, whereas with CrowdStrike, I have to look at many.

My advice for anybody who is considering CrowdStrike is definitely to start with a PoC, and then definitely to subscribe to OverWatch. I think that OverWatch is the main benefit to it.

The biggest lesson that I have learned from CrowdStrike is about the different threats that are out there. They have a nice dashboard with information about threats, and you can read it and learn from it.

I would rate this solution a seven out of ten.