2020-05-27T16:23:00Z

What needs improvement with CrowdStrike Falcon Complete?

Miriam Tover - PeerSpot reviewer
  • 0
  • 868
PeerSpot user
51

51 Answers

Darrin Barnes - PeerSpot reviewer
Real User
Top 10
2024-02-20T19:47:00Z
Feb 20, 2024

The biggest thing is to scan into your Office 365 environment, not from a cloud access security broker standpoint, but from the Secure Access Security Edge standpoint in protecting the Copilot ecosystem. Copilot has become more widely popular than I could have imagined. You need to back up and protect your Office 365 tools anyway, and Copilot is just a high sense of awareness.

Search for a product comparison
Roberto Castilla - PeerSpot reviewer
Real User
Top 10
2024-02-08T13:49:00Z
Feb 8, 2024

Some features can be enhanced or improved. For example, there can be more integration capabilities. There can be an application for the mobile device for the administrator of the platform to have an overview. In less than two minutes, they should be able to see what is going on and take action. Having an overview in a mobile phone would be super helpful for the administrators because everybody has a mobile phone nowadays.

SL
Real User
Top 20
2024-01-30T09:28:00Z
Jan 30, 2024

CrowdStrike Falcon Complete MDR offers an optional module that might not be cost-effective for all organizations.

Mahmoud Hanafi - PeerSpot reviewer
Real User
Top 5
2024-01-23T15:14:00Z
Jan 23, 2024

I think the overall user experience for the operations team could be improved. The dashboard could be more effective, like Microsoft Defender. Microsoft worked on refining the user experience. The security monitoring tools could be simpler and more user-friendly. Integration with the application layer might be another area for improvement.

DG
Real User
Top 20
2024-01-22T08:34:00Z
Jan 22, 2024

The technical support is satisfactory, but there is room for improvement to enhance it.

SB
Real User
Top 20
2024-01-10T10:34:00Z
Jan 10, 2024

I would like to see them introduce DLP.

Learn what your peers think about CrowdStrike Falcon Complete. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Chris  Bender - PeerSpot reviewer
Real User
Top 5
2023-05-10T20:40:59Z
May 10, 2023

The simplicity of CrowdStrike Falcon Complete's content control and firewall management should be improved. Ransomware protection of the solution needs to be improved.

TB
Real User
Top 20
2023-04-20T10:05:00Z
Apr 20, 2023

CrowdStrike Falcon Complete could improve the threat visibility and have remediated vulnerabilities that they find.

Ajit_Singh - PeerSpot reviewer
Reseller
Top 20
2023-04-20T08:15:00Z
Apr 20, 2023

The only challenge is the price, as of now. It could be the only area of improvement for me. It's a little challenging to convince new customers when it comes to the price.

PS
Real User
Top 5
2023-03-15T10:38:31Z
Mar 15, 2023

The CSPM UI of the solution could be improved. The cloud solution is where there needs improvement done. The on-premises version is mostly fine. The licensing is a bit complex. People need to take some time to understand it to ensure they are getting the most out of the offering.

JS
Real User
Top 5
2023-03-13T20:26:53Z
Mar 13, 2023

Crowdstrike could be cheaper. It's pricier than Carbon Black.

ThomasZeulner - PeerSpot reviewer
Real User
2023-02-13T20:29:47Z
Feb 13, 2023

I would improve the Operational Technology environment functionalities.

Suzan Demir - PeerSpot reviewer
Real User
Top 5
2023-02-13T20:28:00Z
Feb 13, 2023

Falcon Complete's user interface isn't very user-friendly, especially for writing rules.

Gerald Mbewa - PeerSpot reviewer
Real User
Top 5
2023-01-19T11:18:00Z
Jan 19, 2023

Falcon could use more SIEM capabilities, like a central place to monitor all our clients.

VO
Real User
Top 20
2022-11-22T16:02:03Z
Nov 22, 2022

I want better integration with other security solutions; integrating with third-party apps wasn't as seamless as I expected.

RN
Real User
Top 5
2022-10-18T15:44:40Z
Oct 18, 2022

The only thing is you have to pay for it, and it's on the expensive side. That's the one thing with any of these services. It also rates highly on the Gartner scale, so obviously, pricing is a bit high. Their agent is a bit finicky for Mac devices. It works great once you get it working, however, it is a bit finicky to get it deployed across the board. It's not CrowdStrike's fault for the Mac thing, it's just the way Mac is, even though it's not a big concern. Their UI is a bit noisy. They have too many sections and they have too many components. It's hard to get all that data into one dashboard, and Falcon Complete has multiple dashboards. It gets a bit cumbersome, that's the only area I would focus maybe a little bit. Other than that, we didn't really hit any roadblocks, to be honest.

AA
Real User
2022-09-22T21:36:05Z
Sep 22, 2022

Their endpoint solution is excellent. But I would like to see them improve their HDR, as well as their DLP (Data Loss Prevention). If they improve in these two areas, they will have a really good product that we will enjoy. Otherwise, we will have to include another product for people who want data loss prevention. There will be a cost, which will be expensive, and it will consume significantly more resources on the client's machine. It would make it easier if everything was together in one center. That is why I looked into Trellix as well as Trend Micro. In the next release, I would like to see Data Loss Prevention and Email Security. safety included. The majority of these businesses are also beginning to use Chrome OS. I would also like to see support for Chrome OS.

WM
Reseller
2022-08-23T17:43:00Z
Aug 23, 2022

This solution is lacking in a recovery feature. If there is a full compromise, this product can't recover the machine, which results in us having to rebuild the entire system. We would also like some data analysis features to be developed for this product.

Ric Cabrera - PeerSpot reviewer
Consultant
Top 10
2022-07-19T20:22:05Z
Jul 19, 2022

The downside is that if you are using a device offline, not connected to the internet, you will potentially have exposure. Intrusion detection and endpoint protection is all driven using the internet. You have to be connected. If you're not connected, basically, unlike some antivirus software packages, if you introduce something, let's say through a USB port, and you are not online, you have potential exposure. I'd like to see a capability where the solution can do offline intrusion detection if needed. For example, if you have offline workstations or devices, then there's new data introduced into the device using, I guess, portable data devices. If there was a way to detect that while the device was not connected, that would be great. It's not a major concern for us since 100% of the time, our devices are connected to the internet because most of our business applications are using cloud-based applications. The pricing can look expensive.

Aaron Bock - PeerSpot reviewer
Real User
Top 5Leaderboard
2022-07-05T22:05:00Z
Jul 5, 2022

I think the pricing is a little high. As of recent, their MITRE scores were not as good as in years past. I would like to see them integrate Humio, which is their SOC or their SIM platform. I would like to see them integrate that into a single solution.

MV
Real User
Top 20
2022-06-23T13:11:30Z
Jun 23, 2022

CrowdStrike has multiple parameters of components in the same console, which includes your vulnerability scanning. It has access to, or rather, we can integrate with, our existing SIM technology or SIM tool. The information that gets passed on the SIM control, the soft tool data site or any other tool is very limited. I had to actually provide the control access to my soft team so that they could drill down if needed. The information was get passed on from Falcon control to CrowdStrike and it was very limited. It was acting as more of an alert only. For any further deep-dive analysis, we had to log in on the console itself. CrowdStrike has multiple parameters. For example, my vulnerability scanning team is a separate team who works on different tools altogether. If I need to give them access to my console I just need to provide them read-only access or kind of an admin access for VA scanning. I had to make some customized access that can be provided to different teams on the same console. As a VA team member, if I login to the console with my credential I should be able to see the things which I am working upon. I don't need to see all other tile stack tabs. I should be able to provide some kind of customized access or other kind of access control for the console. Microsoft Defender has one good option which is called the ASR rule. It basically allows the machines to be onboarded to different consoles, which analyzes the process of it and summarizes it in a single console. Obviously, the number of incidents of the event are very huge. It takes about a month or so to evaluate. However, after the evaluation completes, you can actually fine-tune what should not be present in your automation. Which you can set up and get rid of it. It would be nice if this product had something similar.

JP
Real User
Top 20
2022-06-22T06:52:38Z
Jun 22, 2022

There have been some issues with Falcon Complete's performance. They could also improve their reporting. In the next release, I'd like Falcon Complete to include a logging component for user authentication.

Debjoy Biswas - PeerSpot reviewer
Real User
Top 20
2022-06-21T06:03:41Z
Jun 21, 2022

What could be improved in CrowdStrike Falcon Complete is the threat hunting feature and the insights it provides, in particular, the variable analysis feature. Protection against zero-day threats and sandboxing could also be improved in CrowdStrike Falcon Complete. If you compare it with other solutions, it can go head-to-head, but the features I mentioned still need improvement.

BL
Real User
Top 20
2022-06-01T22:49:00Z
Jun 1, 2022

The solution could use an on-demand scan feature.

ABDUL-SHEIKH - PeerSpot reviewer
Real User
Top 10
2022-05-19T13:53:00Z
May 19, 2022

I would love for the threat intelligence part to be more globalized to provide a tailored response to types of malware and ransomware that are trending in other regions. For example, they can add a feature to tell us that there are separate attacks in South Asia or East Asia occurring at these times, so we can supply those things to our environment and protect ourselves.

GH
Real User
2022-02-28T11:58:02Z
Feb 28, 2022

The improvements needed for CrowdStrike Falcon Complete are in the way the agent updates. The overall management of endpoints needs to be better. In the next release of CrowdStrike Falcon Complete, they should include more security towards endpoints, add device management, and PAM solutions along with their endpoint solutions.

ST
Real User
2022-02-03T16:02:00Z
Feb 3, 2022

I would like to have the option to deploy on-premise.

WV
Real User
2022-01-04T20:57:00Z
Jan 4, 2022

They are doing very well in continuously improving their product. The only thing is that it is completely cloud-based, and some customers don't really like that type of approach, but you can only provide such a solution when you have cloud-based intelligence. On the other end, we know that it is sometimes a breaking point for some of the customers. They could potentially have an on-prem or hybrid solution. Any antivirus needs to have its features updated. If there could be a relay between them, it would be helpful, but that's very hard to do. So, you either accept that approach and have the benefit with this little disadvantage.

TG
Real User
2021-10-25T15:25:22Z
Oct 25, 2021

CrowdStrike Falcon Complete is not providing application control. This is a very useful feature in any endpoint security because if you want to block any malicious activity of any particular application, you can not block it in this solution. However, you are able to block hashes, but not executable files or processes. Additionally, this solution does not provide a user risk score. These are two areas that CrowdStrike Falcon Complete can improve on in the future.

DK
Real User
2021-07-30T11:32:42Z
Jul 30, 2021

The solution needs to have human involvement, they could improve by having more automation where the solution can take the necessary action on time and more accurately.

SD
Real User
2021-05-29T16:41:57Z
May 29, 2021

Considering the recent SolarWinds attacks in November or December last year, we were looking for something that could secure the EDR first tokens. It would be helpful if that was on offer. They need to continuously integrate with other security tools such as CyberArk or Mimecast, to cover the entire IT infrastructure. They should keep in mind that there is a risk in the ADFS web environment. From an Endpoint perspective, it's all good, however, they need to explore the origins via something like Crowdstrike. The customization could be improved upon. As of now with the area first and web security tokens, we don't see the EDR. We are looking for some solution that can provide EDR solution on the EDR first web environment.

AK
Real User
2021-05-26T07:03:22Z
May 26, 2021

The training provided could be better. There is a need to have more training to allow us to fine-tune our settings. Not that training is not comprehensive; they do provide training in hotels where we can go and see videos and other helpful information. However, they should be providing hands-on experience to the system administrators because this would be more useful. The training is normally for corporations and should be available for personal users as well. In the next release, there should be an IT help desk remote controller so that we do not need to go to a separate IT help desk. If there are any issues from the end-users, they should not need to use another tool to connect to the system, desktop, or anything else. If they would be able to facilitate this it would be easier for our engineers to raise a ticket and have the SLAs to support them.

SB
Real User
2021-05-25T13:10:15Z
May 25, 2021

Pricing is definitely a problem. It could be cheaper for licensing.

LM
Real User
2021-05-11T12:41:01Z
May 11, 2021

We have also been using Cisco AMP for Endpoints for three years. We have received multiple detections in Cisco AMP for Endpoints, and we had to take some actions, whereas CrowdStrike has not detected anything critical since it has been implemented. Most of the incidents that it has detected are false positives. They should work on the false-positive issue. When it is implemented throughout the organization, it gets very difficult to check each false positive and investigate what is correct and what is not correct. It requires technical and manual intervention.

VS
Real User
2021-04-16T11:51:50Z
Apr 16, 2021

It's my understanding that the reporting aspect of the solution could be improved. It should be more flexible and robust. The solution should include some sort of DLP capabilities.

AS
Real User
2021-04-05T21:36:43Z
Apr 5, 2021

People should be able to obtain training at any point of the engagement so that if somebody who doesn't have the basic knowledge is getting thrown into it, they are able to get trained, and CrowdStrike is able to help them out. CrowdStrike is really doing what they're supposed to be doing, but it is like anything else where they have to keep up on their research and development, or they'll fall behind. This is a fast-paced environment, and I've seen that vendors that were really good three years ago are terrible now. CrowdStrike is trying to stay ahead of the bad guys. They have AI. I have not had a problem with them missing anything. If they missed something, they should just make sure that they don't miss it again and understand why they missed it. I don't know if they did.

ER
Real User
2021-03-16T23:24:05Z
Mar 16, 2021

It has a lot of false positives, which can be an issue, but you can verify these false positives.

JG
Real User
2021-03-16T15:00:33Z
Mar 16, 2021

It would be better if they offered other language options. It's only in English, and in Latin America, we mostly speak Spanish.

KN
MSP
Top 20
2021-03-08T09:56:25Z
Mar 8, 2021

Its support should be improved. The product is amazing, but the problem is that their support team is overconfident about the product. If something happens, they don't listen. They keep arguing with the customer. It should have more reporting. Reports are not that customizable. We need customizable reports for our customers, but they not there in CrowdStrike as well as SentinelOne.

FM
Real User
2021-03-05T10:34:25Z
Mar 5, 2021

All of our customers complain about the reporting and say that it is very poor. Technical support in Latin America could be improved. It is not difficult to use and it is fast to implement. I would like to have a feature to collect logs and explore the information. In the next release, I would like to have a simplified remote installation.

RO
Real User
2021-02-25T11:22:33Z
Feb 25, 2021

The solution doesn't actually scan desktops. They prevent execution and they do a very, very, very good job at that. However, if there is malware, et cetera, on an endpoint, there's not a scan feature to simply remove it. You have to go in and clean the registry and do the other stuff yourself. It would be ideal if there was some sort of scanning functionality built-in. The logging features aren't robust and the information isn't kept long enough. The active logs are only retained for seven days. It would be better if it was available for, let's say, 30 days. If we were going to do any forensics, we would have the time to execute them.

SG
Real User
2021-02-15T11:31:08Z
Feb 15, 2021

Some dashboards can be very complex, but once you get to know them, it is very logical.

CM
Real User
2021-02-03T21:29:43Z
Feb 3, 2021

The downside that we see with CrowdStrike is that it is not part of a broader ecosystem. It is an endpoint product. They don't sell firewalls or a broader cybersecurity ecosystem. Some of the behavioral detections could be more robust. It does a good job of stopping common tools and techniques, but when it comes to using Windows utilities, such as PowerShell, etc, it doesn't stop them. These are some of the things where we have been able to get past it. An argument there can be that these are administrative tools, not malware, so maybe it is not its job to stop it, but we see some of the competitive products doing a very good job of detecting behaviors as opposed to malware.

DH
Real User
2021-01-15T20:13:08Z
Jan 15, 2021

The documentation that they had for the use of their API's was not very helpful. It took us a lot of time to work through their API on how to do it programmatically. Aside from that, we really have not had very much trouble with Crowdstrike. For an upcoming feature, adding more Linux support for real time response analytics would be helpful. This might be on their roadmap, or maybe even in a very pending release.

TC
Real User
2021-01-12T18:47:30Z
Jan 12, 2021

There are some parts of this solution that are too slow. The performance slows down by between 10% and 40%, depending on what type of work the machine is doing. For example, we had to shut down our backup because it was too slow and it started to overlap with other tasks. We did not try to use our SQL database because there was too much of an impact. This is not on the network but on the machine and even a few percentage points difference is significant for us because of the volume of transactions. Integration slows down the system a bit. I would like to have an alternate dashboard view, which is somewhat simpler. The one it presents now is like Splunk, and it is very good, but it would be helpful to have a simpler one that only shows the basics like what you have and what it has found. As it is now, it takes time to get used to it. After a while, it won't be a problem for me or other users in the company. When you're working with a regular antivirus, it is much easier to set up and start using.

NP
Real User
2021-01-06T11:12:46Z
Jan 6, 2021

The reporting could be better. It's not as good as it could be. If they could improve that a bit, and make it more robust, that would be ideal.

DP
Reseller
2020-12-21T21:50:42Z
Dec 21, 2020

The solution could offer integration with some additional solutions - for example, vulnerability scanners. In a future release, it would be ideal if they could add reporting and action histories to their suite of features.

NM
Real User
2020-11-19T00:18:40Z
Nov 19, 2020

I don't think the solution is really missing any features. We're a small organization. I'm not sure how it would fare if you were larger and had more and more users and added complexity.

JM
Real User
2020-10-23T17:01:54Z
Oct 23, 2020

The solution isn't missing any features at this point. It's ticking all the boxes for our organization. There really isn't anything that I can see that would make me want to change providers. The customization could be tweaked. We can do a bunch of custom dashboards. However, the one thing that I'm not a fan of is when you go to do an investigation, the way that the processes are laid out on the screen is very bland looking. While the information is there, it could be laid out better. I've seen other products like Cisco Secure that gives you a better view of the issues. Cisco just presents the data differently, and it's easier to look at.

JG
Real User
2020-10-21T04:34:07Z
Oct 21, 2020

It would be nice to have full-scale ESR reporting. In the future, I would like to see better reporting and better SIEM integration.

HF
Reseller
2020-05-27T16:23:00Z
May 27, 2020

At this stage, I don't really see room for improvement. I do think because the IP security market and the threat landscape is moving along so quickly, there's always room for improvement and there are always new elements one has to look at and look at in-depth, but at this stage, OverWatch is much better than the competitors. And I've seen a lot of their competitors.

Falcon Complete: Endpoint protection delivered as a service. The highest level of endpoint security maturity delivered immediately, without the burden of building and managing it yourself. Try Falcon for free at https://go.crowdstrike.com/
Download CrowdStrike Falcon Complete ReportRead more