What is our primary use case?
We are using this solution for advanced threat protection, over and above any antivirus for approximately 1200 end-users, or endpoints. It is able to identify any anomalies and alert on that using the AI engine. That way, there's a small security team to make them more effective, to be able to get an alert, go in and look at what's going on.
Since I have been here, I have been keying into when people fall for phishing attacks and they either get blocked going to a website or their credentials get compromised, and somebody logs in to their Office 365 account. We were able to forensically identify that in two of the cases. Most recently, since I've been here looking at the more active response, to be able to identify and act a little bit more quickly.
How has it helped my organization?
I was able to look through some rapid analysis when bad things happen. More so than having to get, especially in the distributed world of post-COVID, being able to have a central place to be able to see what's going on, on the landscape of endpoints at any given time.
What is most valuable?
The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system. What does it usually do, and is it doing anything differently?
The UI is great, and the performance was great. The way it gathers and presents the information was very good and it integrates well with things with a central log aggregator, such as Splunk. You can do more big data analytics that includes security. It seems to be fully featured in all of those areas.
What needs improvement?
I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it. It's got a pretty good engine to do that on its own but it's one of the things that are important to us, so I'm just trying to increase the time-to-issue identification.
By comparison to buying into the Microsoft suite, it was definitely less costly. CrowdStrike can be costly.
For how long have I used the solution?
I have had this solution for approximately three years.
What do I think about the stability of the solution?
It seems stable. The performance is good.
What do I think about the scalability of the solution?
It's a scalable solution. They are running 1400 endpoints on it right now, and it seems to be fine.
There is only one person working at it right now and they are the security engineer/operator.
If you look at how they spend their day, a tool like that does a lot with a little and can make a one man band pretty effective or much more effective. It makes the response to an issue right when it happens way more possible with such small security.
How are customer service and technical support?
We haven't used technical support.
How was the initial setup?
The initial setup was already completed before I started with this company.
What's my experience with pricing, setup cost, and licensing?
When comparing to Microsoft, CrowdStrike Falcon is more expensive.
I'm going by the client and some of the things that are driving their decisions.
It's typical when Microsoft throws things in and it seems really cheap, even though you're spending a million and a half dollars with them. You may as well increase the value of that million and a half.
My guess is that CrowdStrike is going to maintain parity or stay ahead of Microsoft.
What other advice do I have?
As I came into this organization, they were moving away from CrowdStrike.
They upgraded their license to E5 with the security bundle from Microsoft. The goal is to start to move things.
They are paying twice for things right now, but that will be expiring. CrowdStrike comes up for renewal next year, and they want to be off of it by then.
I haven't gone into critiquing it. Since they've already made the decision and made the investment to go to defender ATP. I'm more concerned with, are we losing anything? Do we have parity when we go from one platform to another? And if any gaps emerge, what needs to be filled?
When we did go into it and walked through it with one of the security engineers, it was snappy, and it had a nice UI.
I had never been inside the product. I think I got a demo years ago in my CSO role, but I had never delved into a practical use case. The practical use case looked pretty cool.
For anyone who is interested in implementing this solution, I would say don't look for the cost compared to smaller applications. Look at what you're trying to do, and what you're trying to accomplish. The typical first cardinal sin of IT is buying a product and then figuring out how to use it as opposed to having a set of requirements, placing a value on that set of requirements, and then pursuing a solution that covers them the best.
I think they probably said we've got a gap here because something bad happened to my CrowdStrike. It's an industry leader. Three years after the issue that they were treating was over, and the pain was gone, suddenly, it seems really expensive. That is an IT 101 mistake that I've found in organizations, where it's a means to an end and then it turns this to just an eyesore on the balance sheet.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Get Fast and Easy Protection Against All Threats
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.