We just raised a $30M Series A: Read our story

CrowdStrike Falcon Complete Competitors and Alternatives

Get our free report covering Dell EMC, Arctic Wolf Networks, Sophos, and other competitors of CrowdStrike Falcon Complete. Updated: October 2021.
542,608 professionals have used our research since 2012.

Read reviews of CrowdStrike Falcon Complete competitors and alternatives

Justin Hadley
Sr. Manager, Security Engineering at a financial services firm with 501-1,000 employees
Real User
Top 5Leaderboard
The transparency of data in the platform is perfect: You see everything as they are seeing it

Pros and Cons

  • "The way that the user interface presents data enables our team to be able to make decisions significantly quicker, rather than have to dig into the details or go back to the original tools."
  • "Their Zero Trust Analytics Platform (ZTAP) engine, which is kind of their correlation engine, is by far and away one of the best in the business. We can filter and utilize different lists to build out different alerts, such as, what to alert on and when not to alert. This engine helps reduce our number of alerts and false positives."
  • "The biggest room for improvement is not necessarily in their service or offering, but in the products that they support. I would like them to further their knowledge and ability to integrate with those tools. They have base integrations with everything, and we haven't come across anything. They should just continue to build on that API interface between their applications and other third-party consoles."

What is our primary use case?

We were looking for a third-party managed detection response provider for our integrations with Cylance and Carbon Black. We had to deploy the Cylance and Carbon Black agents after we received them from CRITICALSTART.

Types of challenges that we were looking to address:

  • 24/7 monitoring
  • Reducing alerts.
  • Getting Level 0 and 1 taken care of, along with that first triage of alerts. Those are taken care of before our team has to look at it.

How has it helped my organization?

The way that the user interface presents data enables our team to be able to make decisions significantly quicker, rather than have to dig into the details or go back to the original tools.

The transparency of data in the platform is perfect. The way they built it out, you are seeing everything as they are seeing it. There is not a black box; it's not the magic sauce happening behind the curtain. You have the ability to see everything that they do right there in the console.

The service has significantly increased our analysts’ efficiency to the point that they can focus on other areas of the business. We went from triaging an email inbox and a few other tools to being able to manage the queue appropriately at regular intervals. We also have begun looking for other tasks or items to further advance some of the analysts' careers.

Services have been fully delivered on time, on budget, and on spec. Whether it be for implementations, go-lives, or enhancements for anything that we want to add to the platform, they have always been consistent, ready, and willing to help out, build out, and troubleshoot should there be any issues.

What is most valuable?

Their Zero Trust Analytics Platform (ZTAP) engine, which is kind of their correlation engine, is by far and away one of the best in the business. We can filter and utilize different lists to build out different alerts, such as, what to alert on and when not to alert. This engine helps reduce our number of alerts and false positives.

The service's Trusted Behavior Registry helps the provider solve every alert. The way that they have it built out is very intelligent. The way every alert comes in, it gets triaged one direction or another. If it is already a false positive, then it is still getting addressed and reviewed on a regular cadence. Also, true positive alerts get escalated to the appropriate personnel.

Its mobile app is great. The ability just to be able to quick reference and see what's coming in when you're on the move or go. You don't always need to have your computer or laptop handy, because you can operate it just from the mobile app. It can communicate with analysts, which is great.

The mobile app is great at affecting the efficiency of our security operations. Those guys are using it throughout the day, whether that be at the office, home, or off hours. Typically, they triage from the mobile app. Then, if an escalation needs to be done on a computer, they will pull out a computer.

We were on the original UI for a few years, so the updated UI has been a refreshing change. It has significantly more ability to filter and translate data, then load that data. It is rather intuitive to click through for some of our junior analysts or interns, especially as we are starting to onboard and teach them different aspects of the security operations team.

What needs improvement?

The biggest room for improvement is not necessarily in their service or offering, but in the products that they support. I would like them to further their knowledge and ability to integrate with those tools. They have base integrations with everything, and we haven't come across anything. They should just continue to build on that API interface between their applications and other third-party consoles.

For how long have I used the solution?

We started using it in 2017.

What do I think about the scalability of the solution?

We have about 15 to 20 users. That is a mix of the security team, sysadmin server administrators, and the network operations group.

How are customer service and technical support?

Our team members talk regularly with CRITICALSTART's analysts. They go back and forth with them regularly on individual incidents or investigations as well as support calls or conversations around monthly trends.

The number one value their service, as a whole, provides is the people. They hire the right guys and train them. We can then leverage their knowledge of looking at the greater picture. They are able to see all of their different clients, then translate what they are seeing there to our individual instance.

Whether it be alerts that they have already given us, or if we want to do some different threat hunting, have different ideas that we're trying to dig into, or we need assistance with an investigation, they are always a phone call away. They have analysts ready and willing to dive into a specific issue, even if it's not related to something their service has provided or alerted us to.

Which solution did I use previously and why did I switch?

We didn't have a third-party provider previously.

The primary reason that we went for a service like CRITICALSTART was just the need to lift the burden off of a small team. When we started with CRITICALSTART, there were four of us. Now, we are a team of 15 or 16, so our team has grown. However, being able to have that first layer with a first set of eyes on alerts, incidents, and investigations as they came in, it was a big point for us, rather than getting stuck in our backlog and trying to keep up.

How was the initial setup?

We entered into an agreement to use CRITICALSTART's service, then it took us two months before we went live.

There was nothing significant that we had to do in addition to the initial setup. When we do firewall changes, we just do it through our agents and communicate back to CRITICALSTART appropriately. This took four to six weeks of our setup time.

What about the implementation team?

Four people from our organization were involved in the setup: 

  • Our security operations manager
  • Our internal IT manager
  • Our network operations team
  • Myself, as I manage the security engineering team.

What was our ROI?

Monthly, we are looking at 10 to 12 million alerts that the Trusted Behavior Registry sees. Of that, about 250 to 300 get escalated to our team.

CRITICALSTART takes care of the Tier 1 and Tier 2 triage for us. We only escalate up when there is a true positive that needs to be investigated. On a weekly basis, this saves us close to 50 to 60 hours.

What's my experience with pricing, setup cost, and licensing?

The pricing has always been competitive. They have always been good to us. They will make it a fight. They don't try to hide anything; it's always been fully transparent and well-worth what we pay for it.

There are SLAs within our contract regarding the different alert tiers. This was a big factor in our decision to go with this service. They are willing to stand behind their product and team, then put that in a contract. It is evident that they are doing the right thing for their clients. They have not missed any SLAs so far.

Which other solutions did I evaluate?

We also looked at CrowdStrike. Their service just wasn't quite as mature. They only integrated with their only product. 

We looked at Arctic Wolf, who is not local. Critical Start is just down the street from us. Being able to build that relationship locally was a big selling point as well.

What other advice do I have?

Trust the CRITICALSTART team. For the products that they resell and support, they know them very well. As you go down that path, you have a good heap of knowledge to rely on. Do not try to build it out or figure it out yourself.

We have since transitioned Cylance and Carbon Black over to CrowdStrike. We still use them for that service and also use them for our SIEM, because they host and manage Splunk for us. That all integrates into ZTAP. Using that and any new products that we bring in-house, we work with CRITICALSTART to see if they have already gotten an integration connector built. Typically, we'll use theirs. If there's already something built, or they have the appetite to build it, we'll use that service as we onboard it internally as well as into CRITICALSTART.

The biggest lesson is transitioning from alert overload to being at a point where we do have eyes on alerts, where every alert is truly possible. It's something that a lot of people sell and not a lot of people do very well. Being able to come into this relationship, then where we're at today, it kind of opened my eyes to: There is the opportunity and the possibility to do this. Stuff is not going to get dropped or missed by our operations group.

I would give them a nine (out of 10). They are right there at the edge, probably a leader in the market. That's kind of why we chose them. Of course, there is always room to improve, but they're doing a lot of things right. We appreciate their team.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
MP
Head Of Information Technology at a marketing services firm with 51-200 employees
Real User
Top 10
Reliable with great technical support and excellent alerts

Pros and Cons

  • "The stability is very reliable."
  • "If they could provide a solution for smartphones and for tablets that would be very helpful as we have some people accessing information from these types of devices."

What is our primary use case?

We primarily use the solution alongside Carbon Black. The solution monitors all of our computers in case there are any security problems related to our assets or computers. They contact us by email or by phone depending on if it's something very urgent. We have worked with them in developing a matrix so they know which person to contact in case there is a problem.

We use it basically to have visibility of any security threats in our end-user's computers.

It's a service. They are helping us become a more secure organization.

What is most valuable?

The alert system is very, very good. They will email us or even call us depending on the severity of the threat.

The product offers excellent visibility into threats.

The initial setup is quite straightforward.

The stability is very reliable.

Technical support has always been quite helpful.

What needs improvement?

The solution would be better if there was some kind of integration with network equipment so that we can also have visibility of everything related to the firewall or the routers or switches - not only the computers but also on other network equipment.

If they could provide a solution for smartphones and for tablets that would be very helpful as we have some people accessing information from these types of devices. It could improve the security in terms of coverage as we both computers and mobile phones or tablets in use.

For how long have I used the solution?

We've been working with the solution for about a year or so.

What do I think about the stability of the solution?

The stability is excellent so far. There are no bugs or glitches. It doesn't crash or freeze. It's very good. The performance has always been good.

What do I think about the scalability of the solution?

While I understand they can monitor different types of equipment, computers, servers, and support to different operating systems, for us, we only work with Windows systems, and therefore that's what we are using it for now.

We do have a lot of users on the solution currently.

How are customer service and technical support?

We've been in contact with technical support many times and they have always provided us with excellent service. They are knowledgeable and responsive. We're quite happy with the level of support provided.

How was the initial setup?

The initial setup was not complex. It was straightforward. We only had to install it and start the agent on the computers. After that, we have to work with the product in developing this escalation matrix. They have visibility of all the people in the organization to know who they could contact in case there is a problem.

The deployment takes a couple of weeks.

We have about four people who can handle any type of maintenance required.

What about the implementation team?

We did not use an integrator, reseller, or consultant for the deployment. We handled everything ourselves in-house.

Which other solutions did I evaluate?

We need to find a similar solution and we were thinking about CrowdStrike. We are still investigating it, however, we needed to find a similar solution to Redscan. CrowdStrike may provide the same solution. It's like an EDR solution so they can monitor the tools and do the same tasks that Redscan can.

We are in a transition process and we basically will need to adopt new standards and this standard is CrowdStrike. That is why we are evaluating it now and considering moving off of Redscan.

In the short term, our plan is to stop using Carbon Black and Redscan. We need to align to these new standards we are working under, however, we also want to make sure that this solution, CrowdStrike, provides a similar service to what Redscan is providing.

What other advice do I have?

I must say that I am very happy with the service they provide. Unfortunately for us, we need to leave them. Not because it is a bad product or they provide a bad service, however. It's because we are in a transition process and we need to align to other standards. 

That said, I would really recommend this product, Carbon Black and Redscan together are very good. For us, they provide an excellent service.

In general, I would rate the solution at a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Shahnawaz Kahn
Division head Information Security and Governance at a financial services firm with 10,001+ employees
Real User
Top 10
Helps business innovation, plenty of features, and priced well

Pros and Cons

  • "The valuable features are threat hunting, threat intelligence feeds, and it culls all the activities of the endpoint. Additionally, the ML and AI engines are really good."
  • "In the future, it would be great if they could provide endpoint management and the ADR solution together in this package."

What is our primary use case?

We are using this solution to enhance our standard endpoint protection to the next-level detection and response. We want to ensure maximum security protection for our information assets by using some of the advanced features, such as malware detection and IOCs.

How has it helped my organization?

Carbon Black has helped us innovate. When we were using Symantec Endpoint Protection for the last three years in our organization and it was not doing a very good job in the security threat landscape in terms of a complete risk assessment. We wanted to go deeper into the threat management for our information assets. This is where Carbon Black has been phenomenal for us, it has detected many security concerns. It has given us a complete overview of what has been happening on our information assets.

What is most valuable?

The valuable features are threat hunting, threat intelligence feeds, and it culls all the activities of the endpoint. Additionally, the ML and AI engines are really good.

What needs improvement?

In the future, it would be great if they could provide endpoint management and the ADR solution together in this package.

For how long have I used the solution?

I have been using this solution for two months.

What do I think about the stability of the solution?

I have been running Carbon Black on my laptop for the last three months and I have not had any problems with the stability. The performance has been good and the threat detection false positive rate is low.

What do I think about the scalability of the solution?

The solution is very flexible. You can customize the intelligence feeds to your organization's policies, the detection and response analysis gives informative dashboard reports. Since it is a cloud-based model, there is no need to have any hardware in the office or on the premises. It is very simple and intuitive.

How are customer service and technical support?

The technical support is very good.

Which solution did I use previously and why did I switch?

In my personal experience, I have used Microsoft ATP Defender and CrowdStrike.

How was the initial setup?

The initial setup was very easy.

What about the implementation team?

When we were doing the initial proof of concept we did the implementation by ourselves. However, during the project rollout, we will have a partner do the implementation.

What's my experience with pricing, setup cost, and licensing?

The price of this solution is inexpensive compare with others. The company went out of its way to provide us with a favorable discount. However, there is room for improving the current licensing model and the price of some of the fees. The model is complex and could be streamlined.

Which other solutions did I evaluate?

We have evaluated other solutions, such as FireEye, Symantec, and Microsoft, and we have found that this solution is better.

What other advice do I have?

I would advise those wanting to implement this solution to thoroughly evaluate the organizational needs, current security best practices, and determine their threat landscape. They should evaluate different product functionalities between solutions, such as Carbon Black, CrowdStrike, and Microsoft Defender ATP. Then make a justifiable business technical comparison on the pricing and choose which solution has the best fit overall.

I rate Carbon Black Cloud Managed Detection Deliver an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Get our free report covering Dell EMC, Arctic Wolf Networks, Sophos, and other competitors of CrowdStrike Falcon Complete. Updated: October 2021.
542,608 professionals have used our research since 2012.