We performed a comparison between CrowdStrike Falcon and Group-IB Threat Intelligence based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have FortiEDR installed on all our systems. This protects them from any threats."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"NGAV and EDR features are outstanding."
"Ability to get forensics details and also memory exfiltration."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"The solution was relatively easy to deploy."
"Impressive detection capabilities"
"I get alerts when scripts are detected in the environment."
"The stability is very good."
"CrowdStrike Falcon's scalability is good. We have thousands of students using this solution."
"As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage."
"It seems to do a pretty good job of protecting the host. It offers good insights that it gives you when it has a detection. It's pretty incredible."
"We are now able to find the root cause analysis on any threat. We can figure out where the issue came in versus just dealing with where it is at the moment."
"At this point what is most valuable is the interface, which is easy to navigate."
"Enables us to understand what processes are running on the system, what registry keys have been enabled."
"The features we showcase to potential customers are prevention, malware protection, zero-day protection, and application scripting. Vulnerability assessment is another valuable feature."
"The tool's most valuable feature is the sandbox."
"Threat Intelligence's best feature is threat activation."
"We have found the site intelligence features to be the most valuable."
"The totality of the recordings is quite important. The networks, the new threat actors, the new methods, tactics, techniques, and procedures."
"The most valuable Group-IB Threat Intelligence features are their detections, especially in terms of account and card information leakage. This data sets Group-IB apart from some of the competition."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"Intelligence aspects need improvement"
"Detections could be improved."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"This solution is relatively expensive."
"On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant."
"For CrowdStrike to work, all the machines need to have an internet connection. This makes it challenging to assist customers without an internet connection. We would like to have a mechanism or relay to make this possible."
"The installation process for this software needs to be simplified."
"Technical support could be better than what is currently offered."
"The console is a little cluttered and at times, finding what you're looking for is not intuitive."
"CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR."
"Any kind of integration that you want to do, such as using the API to connect to a SIEM, is complex and it will be expensive to do."
"The lack of appliance-based or on-premise options for this solution is its biggest downfall. Clients request them often."
"Threat Intelligence's OT security could be improved."
"Group-IB Threat Intelligence should improve integration for SIEM and SOAR solutions."
"The web intelligence could be improved. It is not as good as the intelligence from other solutions."
"As the landscape evolves, they could provide a little more detail or specificity to map it to the MITRE ATT&CK framework."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while Group-IB Threat Intelligence is ranked 9th in Threat Intelligence Platforms with 5 reviews. CrowdStrike Falcon is rated 8.8, while Group-IB Threat Intelligence is rated 8.8. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Group-IB Threat Intelligence writes "Easy to setup, highly stable and scalable and efficiently tracks threat actors and analyze their tactics". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas Group-IB Threat Intelligence is most compared with Recorded Future, Kaspersky Threat Intelligence Services, Mandiant Advantage, Anomali ThreatStream and LogRhythm SIEM. See our CrowdStrike Falcon vs. Group-IB Threat Intelligence report.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.