CrowdStrike Falcon Reviews

The most valuable feature of CrowdStrike Falcon is its accuracy.

CrowdStrike Falcon could improve the logs by making them free to the API.

I have used CrowdStrike Falcon for two years.

The solution is stable.

CrowdStrike Falcon is a scalable solution.

We have approximately 800 people using this solution in my organization.

CrowdStrike Falcon technical support has been fine in my experience.

I have used other solutions before CrowdStrike Falcon, such as Symantec.

Symantec does not have any advantage over CrowdStrike.

The initial setup of CrowdStrike Falcon is easy.

The price of CrowdStrike Falcon is reasonable.

I rate CrowdStrike Falcon a nine out of ten.

There are two things which customers really like about CrowdStrike. If they buy managed services from CrowdStrike, it offers them detection of security issues in one minute. If you buy their professional services, they offer insurance where you can claim up to $5 million if there's a breach. This is a huge upsell for customers. 

I started using EDR, but now they have different offerings relating to theft, security, ID theft security and XPR. Their channel management team is very good and we like working with them.

In a future release, I would like to see more integrations for data breaches and security features.

I have been using this solution for two years. 

It's very stable and the whole management console is fast. 

Once you are onboarded, they can activate different features on the same platform for you. You don't need to do the redeployment every time you click on a feature for the customer. This makes upselling really easy.

The customer support for this solution is good. We have not had any bad feedback from customers. They are very quick to the call and have been very supportive and helpful.

Positive

The initial setup is straightforward. There are a number of ways you can deploy the agent through the Play Store. The deployment is not very complex unless the customer's environment is very complex.

 CrowdStrike is well priced. On a yearly basis, it costs between $60 and $100 per user.

We compared CrowdStrike Falcon with Trend Micro, Trellix or SentinelOne.

When we talk about security to customers, we include consideration of Cisco to give them unified security plus XDR.

The product is inherently cloud-based.

Knock on wood. Between our management of the platform and having subscribed to Falcon Overwatch, the managed threat hunting service, I haven't had a concern in six years. I have yet to deploy this product in an environment that has later incurred a breach. I have the utmost confidence that would be very unlikely to occur.

Every time that I have deployed it, it was more about Falcon Insight and its EDR protection. Then, the team in the company would be so pleased with the results that there was minimal resistance adding additional stack elements. Prior to their announcement of several new modules last Fall, we had acquired the entire stack. 

Each element of the stack continues to further develop their capability and empowerment of team members. For example, CrowdStrike Falcon Spotlight was an interesting tool to assess vulnerability management, but the capability of that module alone has just continued to develop in a very favorable direction. Also, the discover tool is extremely valuable. 

Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that.

As a cloud-native solution, it provides us with flexibility and always-on protection, which is critically important.

There is nothing existing today that I would change very much about the solution. Because of the capability of the data that they are ingesting, they have the ability to create tools leveraging that data to enhance the capability of the platform. The possibilities are endless.

I have been using CrowdStrike Falcon for about five and a half years

There are no questions about stability. I continue to see, especially in the last six months, that CrowdStrike is making very purposeful acquisitions to tactically and strategically build upon the platform. Many companies acquire smaller companies to get a fraction of a piece of technology that tends to be an add-on or something that may compliment the core product, but CrowdStrike is making more strategic moves to acquire technology that they can directly integrate into the existing platform to make it even better and more effective.

Updates can be handled one of a number of ways. This is something that has evolved quite a bit since I initially deployed it. Initially, you simply had the option of manually upgrading sensor versions or leaving them to automatically update as soon as a new update was released. Very infrequently, there have been issues with sensor builds. Early last year, they rolled out the ability to automate the sensor revision updates, but do it in a tiered fashion. So, there was an N-1 and an N-2. So, when they release a new version, I step back my releases and deployment of the updates by one version backwards. Then, I have a few early adopters who get the latest sensor build as soon as it is deployed. Provided there are no problems, when the next release happens, the N-1 version will automatically upstep my entire environment without having to put hands on it.

This product does not require any maintenance post-deployment.

We are protecting 5,500 endpoints with this solution. We do have plans to increase usage. Our environment is rather complex in that we have 6,000 core corporate associates and roughly 5,500 endpoints. Then, we have a distributor network globally comprised of about 220 wholly owned subsidiaries who are essentially their own companies, but they are only licensed to resell our products. They kind of have a mix of endpoint protection because it is largely up to them, within their entity, as what they choose to use. We are looking to further wrap our arms around them from a security perspective. We have looked at acquiring CrowdStrike's complete platform, which would be fully managed to deploy to that distributor network, which is about the same size as our corporate environment. So, it would be roughly another 6,000 users. It is a very large, globally-reaching endeavor, and working through the politics and legal aspects of how we will make that come to fruition may take some time. However, that is the plan.

I would give the technical support 10 out of 10 for the past year. They have improved a lot of things in response to customer feedback. A year and a half ago or more, if you put in a support request by email, then it wasn't timely addressed. It could be a day to three days before you received a response, which was a bit frustrating. There was a lot of customer feedback around this issue, which has been greatly refined. Now, if I put in a support ticket, I would expect it would probably be answered within a couple hours.

I have a lot of ideas in my head about where things could go with the solution. The company is very receptive to those thoughts as well as the opinions of all its customers

Our previous endpoint protection platform was very cumbersome to manage. It did not reliably apply protection and had many issues. My current organization is the fourth time that I have deployed CrowdStrike Falcon in an environment. The first time that we deployed it, we were using an inherently cloud-native protection platform, but it was unreliable. 

Swagelok was using McAfee ePO, which inherently is an on-premise solution. It is also very unreliable and cumbersome to manage. It was just missing detections, being inherently signature-based. So, it was only hitting on known signature-based malware. We lacked the EDR aspect of endpoint protection, e.g., behavioral-based analytics and preventing malicious behavior before it begins, which drastically stifles the remediation effort. McAfee's principle was always, "If you get said detection, then you need to run other tools to scan, remediate, and clean up the endpoint." Hands need to be on the endpoint taking it physically offline and off the network. Everything is drastically simplified with CrowdStrike Falcon. I can cloud sandbox the endpoint, remediate it, and interact with it at the command line level remotely, regardless of where it is, as long as it has an Internet connection. It is just amazing. 

As far as Swagelok goes, McAfee yielded a lot of false positives. The management was so cumbersome that there were only a handful of people able to resolve problems with endpoints or false detections. If you weren't connected to the inside core network, you couldn't reach the server in order to mitigate the problem. Because of the cloud-native aspect to CrowdStrike Falcon, I can pull up the console in my car on a mobile phone and mitigate an issue for someone whenever and wherever I need to do it, regardless of how I am connected, what device I am on, etc. So, the response time has drastically decreased (by five to 10 times) for remediating a critical vulnerability, a piece of malware, or undoing a false positive. This has been noticed across the company at large.

In all four instances where I deployed the single sensor in organizations of various sizes, it was very simple. Swagelok was probably the easiest deployment, since it is an organization large enough to have a deployment tool, like Microsoft SCCM. Once the package was built to deploy to endpoints, we push the "Go" button. Then, it was a matter of hours and our entire environment was protected. The deployment took less than a week.

Three people were involved in deploying the solution:

1. Being the experienced administrator, I pretty much did all the configuration: creating the correct groups, prevention policies, etc. 
2. We have an administrator of the deployment tool. I worked very closely with the package of the sensors and he executed the deployment.
3. We have another gentleman who oversees our lab environment and was very invested initially in trialing the product against all our existing applications to ensure there weren't any incompatibilities in the early deployment.

We have absolutely seen ROI, e.g., the reduction in man-hours for resolving incidents. The speed of the platform has drastically reduced time consumed, affording more time for an operator to act when resolving problems.

It is an expensive product, but I think it is well worth the investment.

The CrowdStrike Falcon Pro solution alleviates the need to quote out the product. You initiate the use of the free trial, then opting the purchase. You can manage it all on your own without engaging a sales representative. I definitely have done this in a small business environment. 

In all other instances, it was more of a formal business relationship. There was a sales representative involved who queued up the trial environment. If you initiate a trial yourself, you are basically given 14 days to trial it. Whereas, engaging a sales representative allows them to moderate the length of time that you can do the trial. Because we are a larger enterprise with a lot of politics around completing purchases and legal reviews, we have a sourcing department who vets out vendors. The process is very long and cumbersome. We had initiated a trial, in this instance, which ran for several months before we acquired it.

The fact that I have access to the products free for several weeks or months was not really a factor. What was more impressive in the trial was the way CrowdStrike approached it. When you initiate a trial, they give you a CloudFlare instance of a victim machine and an adversary machine. They then allow you the capability to deploy the sensor or pull it back from the victim machine. You can unload whatever you care to against the victim machine for testing to see how well the product works on your own. Unlike many other products in a similar space, when you evaluate the product, it gives you the feeling that you are completely in control. Also, there is a sales engineer who moderates the demonstration of the product.

The first time that I deployed CrowdStrike Falcon, I evaluated probably a dozen other products. I was very close to signing a deal with Carbon Black, simply because I hadn't yet heard of CrowdStrike Falcon. Since deploying it the first time, I would never really consider anything else. I do look at other platforms from time to time to see how they have evolved and changed, but it would be very difficult to convince me to use something else. The winning factor for CrowdStrike Falcon is just the inherent capability of the platform. In my observation, there really isn't another company who can do as much as they can.

Take advantage of the opportunity by CrowdStrike to network with other customers in a similar company size and industry to see how well the product could benefit you as a potential customer before committing.

We have a very minimalistic cloud infrastructure footprint or container footprint at this point in time. That is likely to take off in full swing in the next year or so. We have many legacy applications running on legacy operating systems, which I am working very aggressively to get out of our environment. When that starts to take flight, we will definitely have more of a need for a cloud container as well as cloud infrastructure visibility and protection, which we do not have a lot of at this point in time.

I would rate this solution as 10 out of 10.

We are using it as an EDR solution for endpoint protection. 

Everything is changing rapidly nowadays, and new threats can come into the organization from any source. I have found this product to be very useful. 

If I want to drill down into an unusual activity or something else, I can do that. I can go deep into what processes were involved, what network operations were involved, and what unauthorized users wanted to do. I can see how CrowdStrike processed and blocked the operation. The investigation is very easy for me. I can go to the tree level and see what is going on. It is very useful.

The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that. In my previous experience, when anything was getting scanned, our PCs would become slow. Users would complain about PCs getting slow. This is a positive point of CrowdStrike Falcon.

The dashboard area must be improved. We have integration with Splunk, and we are creating a dashboard there. Their dashboard area must be up to date. It should have more details and more options to create the reports and things like that.

I have some concerns about their support. I am not happy or satisfied with their support. Something happened, and we opened a ticket. Their support engineer just vanished, and after a month, he came back and told us that he was off work and could not pursue the ticket. He said that he now has the time, but logs are gone because there is a time limit. We were asked to repeat the test. This is very unusual for me. 

In my organization, we have been using it for the last one and a half years. I have been using it for the last two to three months because I recently joined the organization.

From my understanding and observation, it is a stable product, but I have been using this product only for the last two to three months. I am just in the learning phase.

We have almost 3,000 users using this solution. 

I would rate CrowdStrike's support team a three out of ten. Their support is unacceptable for us. We are doing some testing ourselves. When we found an issue where CrowdStrike should have blocked something but did not, we opened a ticket with CrowdStrike. They tried to communicate with us and looked at the files that we shared. We had updated signatures, and we shared with them the SHA values, but after that, they suddenly vanished. Just two days ago, I got an email from them that the engineer was on leave and he is back now. They asked us to perform the activity again, which is unacceptable.

When any issue happened with Symantec, we opened a ticket, and they would accept their mistake if something was not caught by Symantec. They would then update the definitions and send us the latest updates. This is the way to work on the latest technology trends.

Negative

I have experience with Symantec endpoint protection. As compared to Symantec, CrowdStrike is a very good product. I have also worked with Microsoft Defender.

Every product has some advantages and disadvantages. I have worked with Microsoft Defender and Symantec, and now, I am working with CrowdStrike. Every organization's needs are very different. It depends on what the organization wants. For example, the security requirements of the banking sector are very high. The banking sector has different requirements, the retail sector has different requirements, and a software development organization has different requirements. An organization should weigh the pros and cons and decide based on the requirements.

Overall, I would rate CrowdStrike Falcon an eight out of ten.

We primarily use the product for the security of the endpoints to protect against viruses and malware. It protects our devices from infection. 

The solution offers a very low footprint and provides very good protection. 

The resources that it uses are much lower than any other EDR or antivirus solution. The amount of RAM that it uses and the CPU that it uses are much lower than the other antivirus solutions.

It is an easy product to deploy. 

We've found the product to be scalable. 

It is stable and reliable. 

We can't do scanning audits or device blocking or application control. There are traditional antivirus features missing in XDR, and that is an issue. 

I've been using the solution for 15 months. 

It is a very stable solution. There are no bugs or glitches, and it doesn't crash or freeze. 

We have 55 people currently using the solution. 

This is a scalable product.

We have yet to contact technical support. I can't speak to how their services are. 

We were using another antivirus previously. However, it was heavier. We liked how this solution used much fewer resources and the fact that we didn't need to update our machines. 

The solution is simple to set up and deploy. It's cloud-based, which makes everything easy. It is already configured; you just need to prepare it on the endpoint. 

You can deploy the solution within a day. 

We are a partner and therefore get the solution for free. 

We are Crowdstrike partners. 

I'm not sure which version of the solution I'm using; however, it is likely the latest. 

From the theoretical perspective, it's a good product. They just need more features. You can't just replace an antivirus with it; you first need to ensure it's covering all of your requirements.

I'd rate the product nine out of ten. 

We primarily use the solution for antivirus and endpoint security.

I like its detection capabilities, number one. It's also very light. It doesn't slow down my machine.

The solution is stable.

It's quite scalable. 

The pricing is a bit too high. They need to adjust their target market.

I'd like to see a risk assessment or vulnerability management feature to show the company risk factors for the endpoints that have Crowdstrike deployed. 

I'm not sure if they offer patch management. If they don't, they really should. For larger enterprises, managing all those endpoints and trying to figure out which needs a patch can get tedious.

I've used the solution for a few months. We're still in the initial engagement.

The stability is very good. I can't complain about it. The only concern would be pricing. For this market, it's mostly SMEs and mid-market that we would target, and many would be those looking for antivirus or endpoint security.

The product is scalable. We have about 15 people working on it right now. 

We just went through training and were able to do most things ourselves. We haven't needed technical support.

I'm also working with Bitdefender. 

I switched companies. My previous company was using Crowdstrike and my new one is on Bitdefender. It uses multiple Bitdefender products.

They do have relatively high pricing. 

The target market is large enterprises. Maybe they could work on something that can be offered to even small and medium markets.

I was working for a vendor, and we were sharing pricing with a large enterprise, and it was around $800,000 USD or thereabout.

I was a Crowdstrike partner and was working with the vendor. I've since changed jobs. 

Whether or not it makes sense to use the solution depends on your budget and your pocket. The features are pretty similar to other options. Whether or not it makes sense to use depends on what you're looking for in endpoint security.

I'd rate the solution eight out of ten.

CrowdStrike Falcon's most valuable features are the lightweight agent which has absolutely zero performance issues. There is no performance deterioration on the laptop on the network. It is a signature-less antivirus and anti-malware solution, it doesn't depend on signatures which better protects the systems.

The solution comes with many competitive modules, such as the Discover Module. It is helpful to us with regard to the application search. For example, which users are using which application, what is the application involved in, how many administrators and local users are there, and do the users have administrator privileges. It can give us a lot of information. Additionally, it can inform us if the user's password has changed. The solution is very useful for administrators and is overall easy to use and manage.

I have been using CrowdStrike Falcon for seven months.

CrowdStrike Falcon is a highly stable solution. We have not had any performance or compatibility problems.

The solution is scalable.

We have approximately 1,000 users using this solution in my organization. We plan to increase usage in the future.

The technical support could improve because I am in India and the support I receive is from the UK or Australia. It is difficult to manage the time difference. The service could be faster. However, when we do have the support they are knowledgeable.

We were previously using Symantec and we switched to CrowdStrike Falcon.

The initial setup is straightforward. It took us approximately two weeks to implement.

We have one person that does the implementation and support of CrowdStrike Falcon.

The licensing model is straightforward. We choose the features we want and we then can download the package we want.

I would highly recommend this solution to others.

I rate CrowdStrike Falcon a nine out of ten.

We use CrowdStrike Falcon mostly for EDR.

We implemented CrowdStrike Falcon to gain better control over our endpoints, servers, and work sessions. Unlike traditional antivirus programs, Falcon's sophisticated features allow us to comprehensively manage and enhance security, providing a more robust solution for our specific needs.

In the past year, Falcon has significantly improved our organization's security by consolidating endpoint management. With a single call to Falcon, we can oversee all endpoints, eliminating the need for multiple platforms and streamlining our security operations for better efficiency and awareness.

The most valuable feature of CrowdStrike Falcon for me is its unified sensor, applicable across all models. This consistency simplifies operations, and while the analytics and server capabilities are significant, having a single sensor for all models stands out as the key advantage in managing security effectively.

There is room for improvement in managing multiple customer IDs. Enhancements in the console web for better control and customization of sensor features would be valuable to ensure a smoother experience in handling various customer IDs and installations.

I have been using CrowdStrike Falcon for about a year.

I have not had any stability issues with CrowdStrike Falcon.

I would rate the scalability of CrowdStrike Falcon as a ten out of ten.

The technical support is not very good. I would rate it as an eight out of ten. One improvement could be reducing the response time for cases, as waiting two or three days, even for less critical issues, can be a bit long. Additionally, a better feedback loop on submitted ideas would enhance the efficiency of communication with the product group, providing more clarity on whether proposed features or versions will be considered.

Positive

Before Falcon, we used Trellix. We switched to Falcon for enhanced security, moving beyond just antivirus protection. Falcon provides more advanced features and a comprehensive security solution.

The deployment of Falcon was relatively easy, with no major issues except occasional misconfigurations on the filter. The process for individual work sessions is fast, taking around a few minutes, but for servers, it requires more time due to the need for antivirus removal and sensor replacement, involving server restarts. Overall, the deployment time depends on the scope, ranging from minutes for work sessions to more extended periods for servers.

At the moment, we have around twenty thousand users in our environment. Our setup spans multiple locations, mainly in Portugal, and we operate on various operating systems, including Mac, Linux, and Windows.

Falcon, being a SaaS product, doesn't require maintenance on our end. Updates are needed for servers, but they can be easily managed through the web interface without causing any inconvenience for us.

I would recommend conducting a proof of concept with CrowdStrike Falcon before making a decision. While the product has strengths, I would advise new users to address questions and doubts directly with the product team, especially when seeking new features or improvements. Ensure there is a clear communication channel for feedback and inquiries. Overall, I would rate CrowdStrike Falcon as a nine out of ten.