We compared CrowdStrike Falcon and Darktrace based on our users reviews in five parameters. After reading the collected data, you can find our conclusion below:
Comparison Results: In comparing CrowdStrike Falcon to Darktrace, their setup experiences differ as CrowdStrike Falcon is generally easier and more straightforward, while Darktrace's setup can be more challenging and time-consuming. CrowdStrike Falcon is praised for its ability to identify and update threats without signatures, while Darktrace is valued for its diverse range of threat detection models and autonomous network monitoring. However, CrowdStrike Falcon lacks certain capabilities like on-demand scanning and ransomware protection, while Darktrace could improve by reducing false positives and simplifying configuration. The pricing for CrowdStrike Falcon is considered a good value for its provided features, while Darktrace's pricing is generally seen as expensive but justifiable. Both products have generally positive feedback regarding their technical support, but there are some areas that could be improved.
"Ability to get forensics details and also memory exfiltration."
"The product's initial setup phase is very easy."
"The setup is pretty simple."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"Forensics is a valuable feature of Fortinet FortiEDR."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"There's almost no maintenance required. It's very low if there's any at all."
"The solution offers great stability."
"It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
"The UI is simple and self-explanatory. Everything is easy to understand."
"The most valuable features of CrowdStrike Falcon are the AI in detecting and real-time detections."
"The most valuable features of Crowdstrike Falcon XDR are Spotlight and Discovery, they are helpful. Additionally, the console is user-friendly, with fewer false positives than other solutions."
"It provides a comprehensive, detailed view of network activity and whatever is happening inside it."
"It has helped the organization to detect any malware affecting the machines...The network monitoring and the email monitoring features are very valuable for us."
"AI analytics are built directly into the product."
"The platform has many modules, and each module examines a different situation in the behavior."
"The most valuable feature of Darktrace and the most valuable feature is the artificial intelligence module because that is the tool that determines automatically if there is any risk or not in the network."
"I particularly like Antigena and the analytics around the real-time monitoring of our network. I also like its reporting because it has got a seven-day reporting period within the system. Every time you run the reports, it gives you the data about the previous seven days. I like that because it is in real-time. I enjoy reading those reports and getting a very clear and decisive idea of what's happening on my network on a real-time basis. I like the actual real-time monitoring of spoofing and things like that. I also like the user monitoring as well as the network logging capabilities."
"Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies."
"Darktrace is very flexible."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"Cannot be used on mobile devices with a secure connection."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"FortiEDR can be improved by providing more detailed reporting."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"The SIEM could be improved."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The dashboard area must be improved. We have integration with Splunk, and we are creating a dashboard there. Their dashboard area must be up to date. It should have more details and more options to create the reports and things like that."
"CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time."
"The detection time has room for improvement."
"Sometimes CrowdStrike changes the GUI, and they need to be better at informing us and providing guidance concerning that."
"They need to strengthen the forensic capabilities of this product, for e-discovery."
"For CrowdStrike to work, all the machines need to have an internet connection. This makes it challenging to assist customers without an internet connection. We would like to have a mechanism or relay to make this possible."
"There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it."
"I have worked with their technical support on several problems that were never fully resolved."
"It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper."
"The pricing model is a little too high and could be more flexible."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
"One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent."
"Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection."
"Upper management wasn't sold on the value proposition."
"The main portal needs improvement as it is difficult to use."
"Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside. It should also have a better pricing plan because it is an expensive product."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 105 reviews while Darktrace is ranked 11th in Email Security with 65 reviews. CrowdStrike Falcon is rated 8.8, while Darktrace is rated 8.2. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and VMware Carbon Black Endpoint, whereas Darktrace is most compared with Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks, Cisco Secure Network Analytics and ExtraHop Reveal(x).
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @reviewer1799568,
Most of these comparisons are opinions and some tests are done in specific conditions that might not suit or reflect your organization's needs and roadmap. Ultimately, the cost of a mistake is a data breach and not just an audit finding or operational discomfort.
I mention this because there are no viable shortcuts. I suggest you test the solutions thoroughly in your own environment to see what works for you.
The gaming floor is hopefully "air-gapped" and the solution should respect that segregation and still provide great security and visibility. One of the challenges is security updates.
For such an environment you would need comprehensive AI and machine learning. I suggest you look at the difference between IOC and IOA.
IOA vs IOC: Defining & Understanding The Differences | CrowdStrike. (Please also check other sources).
Good luck and stay safe!
The pros and cons of Darktrace vs Crowdstrike Falcon vs alternative EPP solutions are something worth looking at before making a decision on which one is the best fit for your particular needs.
Darktrace is an AI-based cyber security solution that uses machine learning to identify threats faster and with greater accuracy than traditional approaches. It works by continuously scanning the network, learning its normal behavior, and then detecting anomalies or malicious activities in real-time. This can provide your business with an early warning system to alert you to potential attacks before they have a chance to do major damage. One of the biggest advantages of Darktrace is that it’s able to work without relying on vulnerable signatures, meaning no matter how complex or sophisticated an attack may be, it will still be detected. The other benefit here is the scalability—Darktrace can quickly scale up as needed in order to protect larger networks rapidly changing over time.
CrowdStrike Falcon is another popular endpoint protection platform touted for its cloud-based architecture and advanced threat prevention capabilities. Similar to Darktrace, it has some powerful detection technologies but differs slightly in terms of how it works as well as what kind of threats it’s designed for. While Darktrace focuses mainly on malware protection, Falcon primarily focuses on preventing data exfiltration attempts or unauthorized accesses from outside sources such as remote hackers or phishing emails trying to steal information stored inside your system files or databases etcetera CrowdStrike also offers a cloud-native approach which means they can update their signature database nearly instantaneously against any new forms of attack so you don’t need to worry about attackers finding ways around their protections even if they manage one vulnerability first time round. The downside here though could be a lack of control in terms of what type/level updates you choose – this varies depending upon the subscription level chosen by users.
Alternative EPP solutions include those offered by vendors such as Symantec Endpoint Protection (SEP) and McAfee, these often have greater coverage when compared with software like CrowdStrike, however, you should bear in mind that these providers tend not only to charge more expensively but they also come bundled with additional features like anti-virus software, etc., which depending upon your desired goal may prove superfluous thus leading ultimately into cost waste rather than efficiency gain. SEP notably boosts robust customization abilities whereby customers are given generous freedom within setup policies - allowing them fine grain authority over endpoints rules set up e.g. whether particular application file types can run, allowing internet connection, etc. (elements not quite present within CrowdStrike) – although again there comes significant added expense via extra licenses required plus paywall obscurity associated with product tiers being unclear until we eventually reach checkout point.
In conclusion, all three services outlined here offer good suite options for businesses seeking out endpoint protection platforms. Each has respective strengths and weaknesses so careful analysis should help weigh out the pros and cons faced overall - consider particularly well whether the price tag is commensurate with potential user experience value gained meanwhile considering deeply what levels customizability offered suits own demands perfectly prior to forging ahead towards whichever choice deemed most suitable!
Hi.
I am told that Darktrace is a complimentary product that doesn't do any endpoint protection.