What is our primary use case?
We have various use cases. We are protecting servers and endpoints that are utilizing this product to focus on advanced, persistent threats, with the goal of reducing the overhead on the endpoint for early detection.
Right now, we have not put enforcement, and we're moving to the next level of detection.
How has it helped my organization?
Using this solution has reduced my need for imaging. We can mitigate the issue and address it immediately, for people both on and off of the network.
What is most valuable?
The most valuable feature is that we don't need to re-image machines as much as we had to.
What needs improvement?
They need to strengthen the forensic capabilities of this product, for e-discovery.
For how long have I used the solution?
We started testing and deploying CrowdStrike Falcon about a year and a half ago, in the early part of 2019.
What do I think about the stability of the solution?
In terms of stability, it's a great tool.
What do I think about the scalability of the solution?
At this time, we have between 5,000 and 6,000 endpoints.
How are customer service and technical support?
We have been in touch with CrowdStrike technical support and they have been very supportive.
Which solution did I use previously and why did I switch?
Prior to CrowdSrike, we used a signature-based solution from Symantec.
How was the initial setup?
The initial setup was very straightforward and very easy. We've been bringing stuff into the SWOT platform and getting that data. It has been pretty good.
What about the implementation team?
The implementation was done in-house. We had, in part, help from a strategic partner, EY.
Which other solutions did I evaluate?
CrowdStrike is what we did for the time and for the moment. It is number two when you look at the magic quadrant, and we have implemented that for the time being. When we selected it, that was right for us to get away from a Symantec signature-based environment for endpoint detection response.
We have moved over to CrowdStrike for now. When you look at the quadrant, the number one is Microsoft. With Defender built into the operating system, there is less overhead on the endpoint. We will eventually, most likely, migrate to that.
I have experience with Cylance, as well. They gave that the advanced persistent threat leader title, at one point in the market. I implemented that for one client and now, being in this CISO role, I went with CrowdStrike over Cyberreason and Cylance/Blackberry. The main reason for CrowdStrike is the Falcon technologies and what they do with their strategy.
We're moving to Office 365, and it will make sense for me to adopt Microsoft Defender because it's integrated into the platform. One of the differences between Defender versus CrowdStrike or any other of them is that they have to sit outside. Microsoft Defender can go deep down into the kernel, and that's a good thing for the endpoint. You can do a lot and detect a lot, which makes it far safer against advanced persistent threats.
What other advice do I have?
Overall, this product has been pretty good and I recommend it.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Get Fast and Easy Protection Against All Threats
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.