Like any other solution, a lower price would make CrowdStrike Falcon Complete more appealing.

The downside is that if you are using a device offline, not connected to the internet, you will potentially have exposure. Intrusion detection and endpoint protection is all driven using the internet. You have to be connected. If you're not connected, basically, unlike some antivirus software packages, if you introduce something, let's say through a USB port, and you are not online, you have potential exposure.

I'd like to see a capability where the solution can do offline intrusion detection if needed. For example, if you have offline workstations or devices, then there's new data introduced into the device using, I guess, portable data devices. If there was a way to detect that while the device was not connected, that would be great.

It's not a major concern for us since 100% of the time, our devices are connected to the internet because most of our business applications are using cloud-based applications.

The pricing can look expensive.

I would love for the threat intelligence part to be more globalized to provide a tailored response to types of malware and ransomware that are trending in other regions. 

For example, they can add a feature to tell us that there are separate attacks in South Asia or East Asia occurring at these times, so we can supply those things to our environment and protect ourselves.

The biggest thing is to scan into your Office 365 environment, not from a cloud access security broker standpoint, but from the Secure Access Security Edge standpoint in protecting the Copilot ecosystem. Copilot has become more widely popular than I could have imagined. You need to back up and protect your Office 365 tools anyway, and Copilot is just a high sense of awareness.

CrowdStrike Falcon Complete does not include patch management functionality.

The simplicity of CrowdStrike Falcon Complete's content control and firewall management should be improved. Ransomware protection of the solution needs to be improved.

CrowdStrike has multiple parameters of components in the same console, which includes your vulnerability scanning. It has access to, or rather, we can integrate with, our existing SIM technology or SIM tool. The information that gets passed on the SIM control, the soft tool data site or any other tool is very limited. I had to actually provide the control access to my soft team so that they could drill down if needed.

The information was get passed on from Falcon control to CrowdStrike and it was very limited. It was acting as more of an alert only. For any further deep-dive analysis, we had to log in on the console itself. 

CrowdStrike has multiple parameters. For example, my vulnerability scanning team is a separate team who works on different tools altogether. If I need to give them access to my console I just need to provide them read-only access or kind of an admin access for VA scanning.

I had to make some customized access that can be provided to different teams on the same console. As a VA team member, if I login to the console with my credential I should be able to see the things which I am working upon. I don't need to see all other tile stack tabs. I should be able to provide some kind of customized access or other kind of access control for the console.

Microsoft Defender has one good option which is called the ASR rule. It basically allows the machines to be onboarded to different consoles, which analyzes the process of it and summarizes it in a single console. Obviously, the number of incidents of the event are very huge. It takes about a month or so to evaluate. However, after the evaluation completes, you can actually fine-tune what should not be present in your automation. Which you can set up and get rid of it. It would be nice if this product had something similar. 

The solution should be lighter because it currently uses a lot of computing sources.

I think the overall user experience for the operations team could be improved. The dashboard could be more effective, like Microsoft Defender. Microsoft worked on refining the user experience. The security monitoring tools could be simpler and more user-friendly. Integration with the application layer might be another area for improvement. 

The reporting for this solution could be improved. This would make it more proactive in showing what happens during enrolment.

I would like to see CrowdStrike Falcon Complete XDR integrate more effectively with other technologies. 

Crowdstrike could be cheaper. It's pricier than Carbon Black.

The only thing is you have to pay for it, and it's on the expensive side. That's the one thing with any of these services. It also rates highly on the Gartner scale, so obviously, pricing is a bit high.

Their agent is a bit finicky for Mac devices. It works great once you get it working, however, it is a bit finicky to get it deployed across the board. It's not CrowdStrike's fault for the Mac thing, it's just the way Mac is, even though it's not a big concern. 

Their UI is a bit noisy. They have too many sections and they have too many components. It's hard to get all that data into one dashboard, and Falcon Complete has multiple dashboards. It gets a bit cumbersome, that's the only area I would focus maybe a little bit.

Other than that, we didn't really hit any roadblocks, to be honest.

Some features can be enhanced or improved. For example, there can be more integration capabilities.

There can be an application for the mobile device for the administrator of the platform to have an overview. In less than two minutes, they should be able to see what is going on and take action. Having an overview in a mobile phone would be super helpful for the administrators because everybody has a mobile phone nowadays.

The analysis of the investigation of the incident could be easier. Offline scanning can be included in the next release. 

Moreover, Crowdstrike should think about making the price cheaper.

The solution could use an on-demand scan feature.

The solution is geared more towards larger organizations, so it can be difficult for organizations with smaller budgets to utilize the solution. The cost has room for improvement.

What could be improved in CrowdStrike Falcon Complete is the threat hunting feature and the insights it provides, in particular, the variable analysis feature. Protection against zero-day threats and sandboxing could also be improved in CrowdStrike Falcon Complete. If you compare it with other solutions, it can go head-to-head, but the features I mentioned still need improvement.

CrowdStrike Falcon Complete could improve by having advanced features, such as SOC, and HDR. There would have been a lot of processes involved.

I would improve the Operational Technology environment functionalities.

I think the pricing is a little high. As of recent, their MITRE scores were not as good as in years past. I would like to see them integrate Humio, which is their SOC or their SIM platform. I would like to see them integrate that into a single solution.

The machines require several resets during the solution's deployment process. They should improve this particular area. Also, the reporting feature could be user-friendly. The reports need to be explained in simpler words instead of technical terms.

CrowdStrike Falcon Complete MDR offers an optional module that might not be cost-effective for all organizations.

Instead of a single dashboard with an overload of information, I favor a more user-friendly approach with an interactive dashboard. This would reduce visual clutter and improve information accessibility, minimizing the time users spend searching for relevant data.

The price for CrowdStrike Falcon Complete has room for improvement and should be reduced.

The only challenge is the price, as of now. It could be the only area of improvement for me. It's a little challenging to convince new customers when it comes to the price.

The CSPM UI of the solution could be improved. The cloud solution is where there needs improvement done. The on-premises version is mostly fine. 

The licensing is a bit complex. People need to take some time to understand it to ensure they are getting the most out of the offering.

This solution is lacking in a recovery feature. If there is a full compromise, this product can't recover the machine, which results in us having to rebuild the entire system.

We would also like some data analysis features to be developed for this product.

I prefer to put a pound into the prevention and an ounce into the cure, but CrowdStrike put more focus into the EDR. This works as a business model for them, as they get a lot of customers purchasing their MDR services, usually SMBs lacking the staff to leverage the EDR tool themselves adequately. We have many such customers. I would much rather see more refinement and investment into the prevention side of the equation, though CrowdStrike has a good engine. The solution is as effective as SentinelOne and Windows Defender for Endpoint; it's an excellent endpoint protection solution.

I would like to see more integration capabilities and expansion into vulnerability management. I'd like to see it go beyond that into unified endpoint management, a unified security solution that doesn't just tell me what's wrong; it helps me fix it operationally.

There have been some issues with Falcon Complete's performance. They could also improve their reporting. In the next release, I'd like Falcon Complete to include a logging component for user authentication.

Considering the recent SolarWinds attacks in November or December last year, we were looking for something that could secure the EDR first tokens. It would be helpful if that was on offer.

They need to continuously integrate with other security tools such as CyberArk or Mimecast, to cover the entire IT infrastructure. They should keep in mind that there is a risk in the ADFS web environment. From an Endpoint perspective, it's all good, however, they need to explore the origins via something like Crowdstrike.

The customization could be improved upon. As of now with the area first and web security tokens, we don't see the EDR. We are looking for some solution that can provide EDR solution on the EDR first web environment.

When you enable a particular feature, it takes a long time, from 15 to 30 minutes, to implement in enterprise environments. This can be improved.

It would be nice if additional features were included in the product at no extra cost.

At the moment, nothing is missing in CrowdStrike Falcon Complete. I'm amazed by it. It's perfect and I'm not aware of any other vendors that provide its features, but it would also depend on the configuration and policy management of the solution, for example, I can bring you an EDR solution and configure it badly, so it won't do anything. It also depends on the people, not just the technology you're obtaining, so this is the most important thing to do for all solutions, even for firewalls. You can obtain a firewall and if you permit everyone to go through it, then it's useless.

What could be improved in CrowdStrike Falcon Complete is its management console. Currently, that console is on the cloud, so if the cloud is compromised, then the management console would also be compromised, and that's quite risky.

It's my understanding that the reporting aspect of the solution could be improved. It should be more flexible and robust.

The solution should include some sort of DLP capabilities.

We'd like the pricing to be a bit lower in the future. 

The only aspect where we've offered feedback for potential enhancement is essentially the user experience.

It is already wonderful. The dashboards they have are great, but they can always improve it in terms of general interfaces and searching and presenting the information. Occasionally, navigating it to try to find what you want can be challenging because there is so much information there. It is so rich, and it has everything you could ever want. The challenge with anything like that, and any website, is how to build the user journey so that it is user-friendly, but at the same time, it is incredibly dense with information. It is difficult to achieve that balance between these things. They've done a wonderful job, but everything can be improved. So, it could be even better. If I was to focus on one thing, that's what I'd tell them to focus on. The same is with Azure. There is just so much functionality there. How can you make it easy when it is just so vast? It is a tough one.

It would be good if they fleshed it out a bit more, possibly with additional areas such as security awareness training. They could build that in. They're leveraging the same endpoint base that they have the security software on, but then they could offer a centralized portal or hub whereby someone like me could leverage it to track and put out security awareness training for people on all the common topics. I could have a centralized hub for everyone's results from that training and for the evidence that training occurred. It would be relatively straightforward, but it would add a lot for people in the compliance area. It would be a great expansion. It won't improve the actual technical protection, but it would improve the user protection. Educating the users to be more aware increases security. So, if they branched out into that, it would be a great bonus. If I was speaking to them, that's what I'd tell them to do.

The solution doesn't actually scan desktops. They prevent execution and they do a very, very, very good job at that. However, if there is malware, et cetera, on an endpoint, there's not a scan feature to simply remove it. You have to go in and clean the registry and do the other stuff yourself. It would be ideal if there was some sort of scanning functionality built-in.

The logging features aren't robust and the information isn't kept long enough. The active logs are only retained for seven days. It would be better if it was available for, let's say, 30 days. If we were going to do any forensics, we would have the time to execute them.

There are some parts of this solution that are too slow. The performance slows down by between 10% and 40%, depending on what type of work the machine is doing. For example, we had to shut down our backup because it was too slow and it started to overlap with other tasks. We did not try to use our SQL database because there was too much of an impact. This is not on the network but on the machine and even a few percentage points difference is significant for us because of the volume of transactions.

 Integration slows down the system a bit.

I would like to have an alternate dashboard view, which is somewhat simpler. The one it presents now is like Splunk, and it is very good, but it would be helpful to have a simpler one that only shows the basics like what you have and what it has found. As it is now, it takes time to get used to it. After a while, it won't be a problem for me or other users in the company. When you're working with a regular antivirus, it is much easier to set up and start using.

Falcon could use more SIEM capabilities, like a central place to monitor all our clients.

I want better integration with other security solutions; integrating with third-party apps wasn't as seamless as I expected.

They are doing very well in continuously improving their product. The only thing is that it is completely cloud-based, and some customers don't really like that type of approach, but you can only provide such a solution when you have cloud-based intelligence. On the other end, we know that it is sometimes a breaking point for some of the customers. They could potentially have an on-prem or hybrid solution. Any antivirus needs to have its features updated. If there could be a relay between them, it would be helpful, but that's very hard to do. So, you either accept that approach and have the benefit with this little disadvantage. 

I would like to see them introduce DLP.

CrowdStrike Falcon Complete could improve the threat visibility and have remediated vulnerabilities that they find.

Their endpoint solution is excellent. But I would like to see them improve their HDR, as well as their DLP (Data Loss Prevention).

If they improve in these two areas, they will have a really good product that we will enjoy. Otherwise, we will have to include another product for people who want data loss prevention. There will be a cost, which will be expensive, and it will consume significantly more resources on the client's machine.

It would make it easier if everything was together in one center. That is why I looked into Trellix as well as Trend Micro.

In the next release, I would like to see Data Loss Prevention and  Email Security. safety included. 

The majority of these businesses are also beginning to use Chrome OS. I would also like to see support for Chrome OS.

CrowdStrike Falcon Complete is not providing application control. This is a very useful feature in any endpoint security because if you want to block any malicious activity of any particular application, you can not block it in this solution. However, you are able to block hashes, but not executable files or processes. Additionally, this solution does not provide a user risk score. These are two areas that CrowdStrike Falcon Complete can improve on in the future.

While the pricing does not bother us, it is a bit on the high side. It could be lower.

An MDM, Mobile Device Manager, should be added in the next release. 

Falcon Complete's user interface isn't very user-friendly, especially for writing rules.

I would like to have the option to deploy on-premise.

The solution isn't missing any features at this point. It's ticking all the boxes for our organization. There really isn't anything that I can see that would make me want to change providers.

The customization could be tweaked. We can do a bunch of custom dashboards. However, the one thing that I'm not a fan of is when you go to do an investigation, the way that the processes are laid out on the screen is very bland looking. While the information is there, it could be laid out better. I've seen other products like Cisco Secure that gives you a better view of the issues. Cisco just presents the data differently, and it's easier to look at.

The training provided could be better. There is a need to have more training to allow us to fine-tune our settings. Not that training is not comprehensive; they do provide training in hotels where we can go and see videos and other helpful information. However, they should be providing hands-on experience to the system administrators because this would be more useful. The training is normally for corporations and should be available for personal users as well.

In the next release, there should be an IT help desk remote controller so that we do not need to go to a separate IT help desk. If there are any issues from the end-users, they should not need to use another tool to connect to the system, desktop, or anything else. If they would be able to facilitate this it would be easier for our engineers to raise a ticket and have the SLAs to support them.

We have also been using Cisco AMP for Endpoints for three years. We have received multiple detections in Cisco AMP for Endpoints, and we had to take some actions, whereas CrowdStrike has not detected anything critical since it has been implemented. Most of the incidents that it has detected are false positives. They should work on the false-positive issue. When it is implemented throughout the organization, it gets very difficult to check each false positive and investigate what is correct and what is not correct. It requires technical and manual intervention.

The solution needs to have human involvement, they could improve by having more automation where the solution can take the necessary action on time and more accurately.

Pricing is definitely a problem. It could be cheaper for licensing.

It would be nice to have full-scale ESR reporting.

In the future, I would like to see better reporting and better SIEM integration.

The improvements needed for CrowdStrike Falcon Complete are in the way the agent updates. The overall management of endpoints needs to be better.

In the next release of CrowdStrike Falcon Complete, they should include more security towards endpoints, add device management, and PAM solutions along with their endpoint solutions.

Its price and integration into a pre-existing process could be better.

In terms of features, I'm quite happy with where they're at the moment in their roadmap as a company.

People should be able to obtain training at any point of the engagement so that if somebody who doesn't have the basic knowledge is getting thrown into it, they are able to get trained, and CrowdStrike is able to help them out.

CrowdStrike is really doing what they're supposed to be doing, but it is like anything else where they have to keep up on their research and development, or they'll fall behind. This is a fast-paced environment, and I've seen that vendors that were really good three years ago are terrible now. CrowdStrike is trying to stay ahead of the bad guys. They have AI. I have not had a problem with them missing anything. If they missed something, they should just make sure that they don't miss it again and understand why they missed it. I don't know if they did.

The reporting could be better. It's not as good as it could be. If they could improve that a bit, and make it more robust, that would be ideal.

The technical support is satisfactory, but there is room for improvement to enhance it.

Its support should be improved. The product is amazing, but the problem is that their support team is overconfident about the product. If something happens, they don't listen. They keep arguing with the customer.

It should have more reporting. Reports are not that customizable. We need customizable reports for our customers, but they not there in CrowdStrike as well as SentinelOne.

I don't think the solution is really missing any features.

We're a small organization. I'm not sure how it would fare if you were larger and had more and more users and added complexity.

The documentation that they had for the use of their API's was not very helpful. It took us a lot of time to work through their API on how to do it programmatically. Aside from that, we really have not had very much trouble with Crowdstrike.

For an upcoming feature, adding more Linux support for real time response analytics would be helpful. This might be on their roadmap, or maybe even in a very pending release. 

Some dashboards can be very complex, but once you get to know them, it is very logical.

The solution could offer integration with some additional solutions - for example, vulnerability scanners.

In a future release, it would be ideal if they could add reporting and action histories to their suite of features.

The one issue with Falcon Complete is that it can't be run manually if you find any viruses or malicious files in a post.

It has a lot of false positives, which can be an issue, but you can verify these false positives. 

It would be better if they offered other language options. It's only in English, and in Latin America, we mostly speak Spanish.

We have a problem with the CrowdStrike Falcon Complete agent. It was closing the communication with the network or other computers.

At this stage, I don't really see room for improvement. I do think because the IP security market and the threat landscape is moving along so quickly, there's always room for improvement and there are always new elements one has to look at and look at in-depth, but at this stage, OverWatch is much better than the competitors. And I've seen a lot of their competitors.

All of our customers complain about the reporting and say that it is very poor.

Technical support in Latin America could be improved.

It is not difficult to use and it is fast to implement.

I would like to have a feature to collect logs and explore the information.

In the next release, I would like to have a simplified remote installation.

The downside that we see with CrowdStrike is that it is not part of a broader ecosystem. It is an endpoint product. They don't sell firewalls or a broader cybersecurity ecosystem.

Some of the behavioral detections could be more robust. It does a good job of stopping common tools and techniques, but when it comes to using Windows utilities, such as PowerShell, etc, it doesn't stop them. These are some of the things where we have been able to get past it. An argument there can be that these are administrative tools, not malware, so maybe it is not its job to stop it, but we see some of the competitive products doing a very good job of detecting behaviors as opposed to malware.