CrowdStrike Falcon Reviews

We rely on CrowdStrike Falcon for comprehensive threat detection, prevention, and valuable insights. This robust solution also offers identity protection features. Our dedicated team of six professionals effectively manages the platform, ensuring its effectiveness across multiple locations, including our data centers and core facility.

CrowdStrike's advanced detection and prevention capabilities offer a superior level of protection against potential threats. Its unique feature of automated rules is designed to effectively confine threats at the device level. This automatic confinement of high alerts ensures that the device is secured immediately, buying crucial time for the dedicated response team to identify and neutralize the threat. This proactive strategy not only minimizes the potential impact of threats but also guarantees a rapid and efficient response to any security incidents, thereby enhancing the overall security posture.

We appreciate Falcon's network visibility feature as it allows us to monitor the evolution of threats on PCs and within the company network. The solution's real-time incident response is notably swift. Initially, we encountered numerous false positives during the project initiation phase. However, we managed to resolve most of them independently or with assistance from CrowdStrike support. Consequently, our security levels were significantly improved, and we elevated all parameters to their maximum. Currently, we seldom encounter false positives. Most of these were low-level alerts, while the high-level alerts were automatically quarantined.

While Falcon's advanced capabilities offer robust security solutions, it's worth noting that some of these features may come at a higher cost. This could potentially make it a less economical option for small to medium-sized businesses operating on tighter budgets. It's important for such companies to weigh the benefits of Falcon's comprehensive protection against their financial constraints to make an informed decision.

We have been using CrowdStrike Falcon for nearly five years already.

Crowdstrike Falcon demonstrates exceptional stability once it has been properly configured with the appropriate settings. While there may be a period of adaptation and configuration required to ensure optimal performance, once the solution is in place, it operates with remarkable stability. Users can rely on Crowdstrike Falcon to consistently deliver reliable and secure protection without significant disruptions or instability.

I would rate Crowdstrike Falcon a nine out of 10 for scalability. It offers seamless scalability, allowing easy expansion of the sensor deployment to accommodate growing needs. However, it's worth noting that the primary limitation one may encounter is the cost associated with deploying additional sensors.

I rate CrowdStrike support nine out of 10. It's fantastic. 

Positive

We made the switch from Symantec to Falcon because we required a solution that offered greater speed, reliability, and the ability to effectively handle the wide range of advanced threats present in the wild.

The initial setup of Crowdstrike Falcon was straightforward and efficient. The cloud-based deployment process was seamless for most components, with the exception of the sensors. Deploying the sensors to PCs was automated and hassle-free, requiring just a few minutes per device. However, to ensure the highest level of protection and customization, we opted to manually install the sensors on our servers. This hands-on approach allowed us to have greater control and assurance over the server deployment, ensuring the best possible protection for our critical infrastructure.

We've seen an ROI in terms of time saved. It's probably around 5 percent. 

While Falcon's advanced capabilities offer robust security solutions, it's worth noting that some of these features may come at a higher cost. This could potentially make it a less economical option for small to medium-sized businesses operating on tighter budgets. It's important for such companies to weigh the benefits of Falcon's comprehensive protection against their financial constraints to make an informed decision.

Of course but I can't disclose this information.

I rate Crowdstrike Falcon nine out of 10. 

I mainly use CrowdStrike Falcon to prevent threats and detect indicators of attacks or compromises in the network.

In the past, we regularly got alerts about suspicious activities in the network but couldn't understand where they were coming from. Since we deployed CrowdStrike, the network has become much calmer, and we now understand the sources of infections, which helps us prevent them from spreading. We now get immediate information about infections and can react much faster.

An improvement would be to extend support to legacy and unsupported servers. In the next release, CrowdStrike should include patch and vulnerability management, which would allow us to rely on just one solution.

I've been using CrowdStrike Falcon for over a year.

Falcon is pretty stable - we haven't seen any kinds of performance issues like lagging, which we did experience with other endpoint protection solutions.

CrowdStrike's technical support is very fast and responsive.

Positive

Previously, I used Microsoft Bitdefender, but CrowdStrike was faster and better protection-wise.

The initial setup was straightforward - it was very quick (about two and a half hours) without any downtime or issues. We also extended the installation to the remote side, which took another hour. I would rate the setup process four out of five.

We used an in-house team.

In the past, we have around four to five engineers managing our endpoint - we have now reduced this to two engineers, which has cut costs. We've also been able to cut the time needed to find the threats and their root causes from up to six hours a day to just half an hour. I would rate our ROI as five out of five.

We pay between $30-50 per user for a yearly license, which is more expensive than SentinelOne or Bitdefender. However, CrowdStrike gives better value for money, so I would rate their pricing four out of five. If you want to add modules or features, these are an additional cost per user.

We evaluated SentinelOne, but it was too heavy on the machine and slowed it down. We also did a threat simulation analysis with both SentinelOne and CrowdStrike, and SentinelOne wasn't able to detect or block the threats.

CrowdStrike Falcon is the best endpoint protection solution I've used so far. I would advise anybody thinking of implementing it to go for it, as CrowdStrike will provide more visibility, depth, and context to threats and allow you to understand what's going on. I would give Falcon a rating of ten out of ten.

The initial use case was for CrowdStrike to be a replacement for McAfee. We wanted to come up with something that was a lot more adaptive to emerging world threats and not just strictly signature-based. We wanted something focused a lot more on heuristic analysis and pattern analysis first, e.g., isn't just sheer signature. Additional use cases are workstation servers and as much as we can do in our OT environment.

It has allowed our security team to have more time and resources built into things that are used to run the business versus needing to babysit our antivirus platform, or any malware platform. With what we have been paying for, it allows us to be a lot more involved with how the business is being run from a security, risk, and compliance standpoint.

We have signed up for Falcon Complete, which is their completely managed service. This has done nothing but paid dividends since we have rolled it out. Slightly before I started, there was a ransomware issue. CrowdStrike did exactly what it was supposed to when we joined networks with the company that we were acquiring. So, that was helpful to us.

To the best of our knowledge, it has stopped everything that we have seen. It has allowed us to focus our efforts on other things relevant to how the overall business functions.

It helps us in the M&A environment because it is a very simple, easy tool to deploy, being pretty much all cloud-based. While we're not building our security practice around it, it is a tool that we want to make sure does integrate well, if at all possible, with any new tool that we purchase moving forward.

It is especially important to us that CrowdStrike Falcon is a cloud-native solution. We have a directive for cloud-first architecture at this point. Anything that is cloud-native, or has a cloud offering, will always get first billing over something that is on-prem. We are a small security team. Having the ability to have a service or application that is not wholly managed by us, but rather governed and used by us, is the ideal solution.

The flexibility comes from allowing us to do a mass push, if we need to. We would find always-on protection with pretty much any solution. However, the fact that it is in the cloud, that just makes it that much better.

I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool. 

U.S. Venture has been using it since the first quarter of 2019. I, however, did not start with the organization until the Summer of 2020.

It has been very stable. There have been no real issues that we have had in the deployment or use of the CrowdStrike system in general. There has been zero downtime.

For our workstations, we don't worry about the updates. However, we have a tighter grip on updates for our server environment only because there was an issue at a point with one update. Since then, we would like to keep our deployments at an N-1. So, there is more of a check built-in just to make sure that the latest and greatest doesn't actually break anything unintentionally.

The CrowdStrike sensor is always kept at N-1 for our production servers. Our test servers are always up to date.

From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool.

We have all our desktop engineering group and server team as admins in the system, but they only use it for specific troubleshooting in their job roles. So, if the server team needs to do something, then they can just log in and do it as well as the desktop engineering group. They can just go in and do stuff, if it is something related to computers or servers. As far as for the overall management of the system, that is left to the security team.

It is currently being used to the extent that we need it. After CrowdStrike had their user conference last Fall, they introduced a lot of new tools, specifically one around forensic that we would like to get our hands on. However, there are no real plans for doing any major increases of its toolset. I do know that there is a project that will be going on for using its mobile application on some Android tablets, but it is still very much in its infancy. So, we are not quite sure how that will roll out yet.

I have never used their standard technical support. I do everything through their unofficial Reddit support forum. Also, if there are any other major technical issues, then I work directly with our TAM. So, I have never just reached out and created a general support case. Therefore, I cannot speak to how well they respond. However, their unofficial Reddit support has been fantastic with helping me work through troubleshooting issues and a couple of queries, where I was having issues trying to get the syntax correct. They have been nothing but helpful.

I believe they have their actual support engineers on Reddit, but there is no SLA nor anything guaranteed on that Reddit page. They claim that right there in the subreddit rule. However, I have had nothing but good luck working through them. It could take a few hours to one or two days to get a response, but it has always been for things that aren't pressing. For things that are pressing, then it is a direct call or email to our technical account manager who is very responsive.

They have a great online forum for customer use cases. That has been a great crowd sourcing thing. It is unofficial. I just stumbled across it, but the subreddit for their support has been spectacular for many reasons.

Previous to CrowdStrike, our organization was using McAfee VSE with McAfee ePolicy Orchestrator (ePO). Switching from McAfee to CrowdStrike, we saw a reduction in resources being used on both the workstations and servers. We saw an increase in detections, be that good or bad. We would like to think it was a good thing, because now it is finding a lot more stuff that wasn't strictly signature-based. So, it provided almost a very lightweight SIEM-type of response. It was providing information about installed applications, account lockouts, and top console users. It was a very nice bonus to have that information in addition to just the general overall anti-malware that CrowdStrike is known for.

CrowdStrike is so much easier to use. The UI is far more intuitive. The breakout of how the policies as well as the organizational structure within the UI for how the computers are laid out is far more intuitive. It feels a lot more based around how AD kind of functions. Because I am already familiar with Active Directory, the move to using that in CrowdStrike is very seamless, at least in my mind.

The agent is far more lightweight than our previous antivirus solution. It is a lot less resource intensive. We don't have any more on-prem servers to manage for running the application, which is another benefit to being in the cloud. There are just a couple of holes punched in the firewall for communication in and out.

A lot of the switch was focused around the fact that CrowdStrike was solely a cloud-native solution as well as heuristics versus signature.

It is very simple to deploy the solution’s sensor to our endpoints. Right now, it is part of our standard build process through a SCCM. So, it gets a version, then it is obviously outdated because our desktop engineering group can only update the image so quickly. Once it is checked into the cloud, it updates, decides to download, and gets the new seamless version. It has been wonderful to have and very helpful to us.

The initial setup was done in less than two months.

The implementation strategy was done how any other mass deployment is done. You take a small set of computers, put it on one, remove the old solution, and then run that group by itself, figuring out if there are any new or existing exemptions that needed to be in play. Once it is stable, it is rolled out to a larger group, the process is repeated, and then it is moved onto the servers.

Overall, four people worked on the deployment: It would have been my predecessor, my other coworker, and two server guys to do the server environments.

Our ROI has been high compared to what we had with McAfee. We spend about two hours a month for its care and feeding, which is really low maintenance. We previously spent two to three times that amount of time managing our McAfee environment.

Pricing and licensing seem to be in line with what they offer. We are a smaller organization, so pricing is important. Obviously, we would make a business case if it is something we really needed or felt that we needed. So, the pricing is in line with what we are getting from a product standpoint.

Since moving to CrowdStrike, we have not looked at other endpoint management solutions. In fact, when we look at a new tool, we want to make sure it will play well with CrowdStrike, be it a new SIEM or anything cloud-based. 

Make sure you know what the policies do. There are a lot of good and bad things that you can do with too strict or too loose of a policy governing workstations or servers.

We have evaluated the CrowdStrike Horizon module. We are not there yet. Our environment has not changed drastically since our last review of it. So, we have not felt the need to revisit it since then.

It is important to not solely rely on one product, especially one that has a good or bad name, such as McAfee. Because there was a lot of, "Oh no, we got an antivirus. We're fine." It helps to make sure you always have an in-depth defense strategy.

I would rate it a solid nine out of 10. 

We primarily use the solution as advanced threat protection. It is used to protect all endpoints, servers, etc. 

They're very good at what they do. As far as the product is, in its current state, I don't have any complaints at all right now. They do a quarterly review with us, just so they can let us know how many viruses or how much malware they've stopped, etc. Those features are quite good. They also go through the portal step-by-step to describe whatever they improved or tightened up. They will explain everything clearly and in a way that a customer can understand.

They do also ask for feedback, which is nice. They'll ask things like "The last time we changed this, how was your experience?" or "Did you get a lot of false positives?" or "Did you get any complaints?" etc. That's pretty good. Not many companies do that.

The UI is simple and self-explanatory. Everything is easy to understand.

So far, in the past three years, they've been absolutely great. They've been more proactive than the solution we had previously was. They even introduced new products in their line and they came back and told us that they could add that product to our current solution. At first, we added them, then we decided we had sufficient resources in house to manage it ourselves and removed it. They were great about the change. 

They've caught quite a lot of viruses and malware that have been sent through improper links, which is very reassuring. 

They report any network isolation that has been done on certain endpoints if they detect a malicious file or malware on the device that couldn't be cleaned by automation. They isolate it or us. The end-user can contact the service desk and say, "Hey, I'm not able to surf the internet. I can't do anything, so can you help me?" or we're able to look at the endpoint and see "oh, your PC is infected, that's why you aren't allowed on." It's protecting us well.

Even though the users are somewhere else, even when they're not at headquarters, we are able to remediate everything before we put them on the network again. Those network isolations are great when we detect high threat malicious items. Those are valuable tools that we appreciate.

If an operating system is stopped by support by the original vendor like Microsoft, or maybe Apple, within a few weeks, CrowdStrike will also decide they no longer support it, and they kind of move on. I understand their model. However, if we still have the OS, it's hard to keep it protected. So, for example, if Microsoft decides to stop supporting or patching a solution, Crowdstrike too will stop supporting it and making updates. It's still a useable product, it's just not getting updates or patches and therefore may be vulnerable. 

The result is that we can't guarantee we're going to be able to protect that hardware or operating system. We either have to upgrade to a newer platform, which sometimes is not possible because you have a legacy application. Whatever that constraint is, sometimes we're not able to move things. We still have to rely on other products to support that. That's the only quandary I have with them. 

Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about.

When a file is infected or it detects a ransomware file network, when it does remediate, it should self-heal as Sophos does. That's a good feature to have, but I don't know enough pros and cons about that to kind of recommend that because if it is a false positive, that may be a problem. If it detected a valid file and if for some reason it decides, "Oh, this looks like an infection," and maybe it's not actually infected, and if it goes in and remediates it by replacing it with an older file, that may be a problem. However, I don't know, because I've never used that feature or heard anybody say that's a problem.

I've been using the solution for about three years now.

I have two engineers that regularly watch everything. We all get alerts. We'll see if something gets isolated, or a user will tell us. We isolate the issues and work on them so nothing gets through the endpoints into the system. Within 30 minutes to an hour, an issue can be cleared.

It's therefore very stable. We're able to catch everything before it can get it. It's reliable for sure.

They're so pro-active there's very little intervention that we have to do on our end.

The solution is easily scalable. A company shouldn't have any issues with that aspect of the solution.

Technical support is great. We've never had to contact them at all. Instead, they've always been proactive and reached out to us.

Their quarterly review manager will contact us every three months. They schedule it months ahead and we actually jump on a Zoom or WebEx meeting. They actually go through the improvements, how much detections they go through, all of our features, anything new that has been added, anything they're seeing out in the world in terms of threats, and where we need to tighten up the roles.

They would improve the sensitivity level or they will decrease the sensitivity level for some false positives. For example, they might say "Hey, we detect these, but they're not really a threat because this is just a Word document that's produced in an older format. It's not something that's malicious." Then they would decrease the sensitivity in certain areas, to eliminate the issue going forward. They always ask permission before tweaking anything. They will come to us and say, "this is what we're considering doing it and why we want to do it. Is that okay?" We usually agree to that and then they go ahead and do it.

It's just a phenomenal company. If they ever stopped the way they handle their customer service, then I would probably move on to a different company. So far they've been pretty good. For the last three years, they contacted us always and told us about every aspect of the solution. I don't think I missed a quarterly meeting so far with them due to the fact that it's all been so valuable.

Originally, we had Webroot. We used to get, every so often, a slew of viruses that would get through the cracks. I don't know if Webroot's definition didn't get updated in a timely manner or if they were just delayed in something, however, whatever it was, we used to get that intrusion quite a bit. Then we would patch it and we would have to remediate everything. It wasn't ideal. 

We were looking for a product that would be more proactive than a reactive solution, and after doing a bunch of research, we decided on CrowdStrike. 

The solution's initial setup was very simple. The only thing we had an issue with is our network operation. Is a separate organization that manages it. We have a network operation that we used for 24 hour monitoring. They don't support CrowdStrike and they were not experts in it. They stood us we would have to manage it ourselves. In the beginning, we were kind of worried about it. However, after that initial stage, the simplicity of how to install it, configure it was like a breeze.

We manage the entire solution in house. For maintenance, we have me and two engineers, plus a second level of support. There are around five people altogether.

I'm not sure of the exact cost of the solution. That's a detail our finance department handles.

We did research on Cylance. We looked at Norton as well. We went through a bunch of products and we decided CrowdStrike was probably the most advanced threat protection at that time, which was three years ago. 

One of the products we were looking at is Sophos. The reason we were looking at Sophos is we were purchasing a backup and disaster recovery tool. In that tool, they had a built-in Sophos pack; they integrated Sophos in to protect the backup and replication and recovery. That way, if a backup had infections, for some reason, and they weren't picked up, and it got into our backup product, then Sophos could kick in and pick it up. It has automated remediation, meaning it reverses back the infection before infection if that makes sense.

Sophos has a self-healing technology built into it, which is an AI technology that they invented. We were looking at that because we thought that may be a better product. We were doing some homework on that and trying to figure out more about it. We're still in the process of purchasing a backup and recovery tool, so we're still doing our homework.

We're just customers. We don't have a business relationship with the company.

I'm not sure which version of the solution we're using. The last time I checked, it was version 5.6. It is up-to-date, however. I get a report every so often saying, we've updated the sensors, or current version, etc. It's an auto-update and it does that. Whenever it's missing something or it couldn't reach an endpoint, the company will send me a report of that, saying these endpoints are not updated because we couldn't detect it on the network any longer.

The only advice I would say to others considering the solution is, if they have an unsupported operating system or legacy application, to look closely at CrowdStrike to see if the solution actually makes sense for them. This is due to the fact that they're not going to be able to support it. If they have thousands of servers and 20% of them are legacy applications, they may not want to think about CrowdStrike because the solution doesn't support legacy products. Other than that, I fully recommend CrowdStrike. The advanced threat protection they have has always been great.

I'd rate the solution a solid nine out of ten.

Our primary use case is IPS and IDS.

CrowdStrike Falcon is extensively used by all 2,000 employees.

The most valuable features are the complete IPS and IDS. Both the feature provide good measures for threat detection and prevent network intrusions. 

Forensic controls have room for improvement, and CrowdStrike Falcon can add more features here.

Another improvement could be the support for this product could be cheaper.

I have been using CrowdStrike Falcon for two years. We are using version 6.5.1.

It is a stable solution. I would rate it a nine out of ten.

The scalability of CrowdStrike Falcon is quite good. There are around 2,000 users in our organization. I would rate it an eight out of ten. There are a few things, such as the forensic part and the investigation, that can be improved.

I have worked on many other IDS solutions, but I found CrowdStrike Falcon to be the best.

The setup is pretty straightforward. The deployment took some time because we didn't have an NBM solution. We installed it two years ago. But now it's clear, and we don't need much time to deploy it.

The tech support is good but can be expensive when it goes out of the subscription.

I have seen a good return on investment.

There is a license-based model. We use the yearly license. I would rate pricing a seven out of ten, where one is cheap, and ten is very expensive.

I highly recommend people use CrowdStrike Falcon. Overall, I rate it a nine out of ten.

The solution is primarily utilized for EDR and XDR capabilities, with some identity management features integrated through Falcon. In essence, it is employed like other endpoint protection platforms.

CrowdStrike Falcon no longer stands out compared to other endpoint protection platforms like Carbon Black or Microsoft Defender. Therefore, neither is superior to the other when used in our organization.

Regarding features, I appreciate its integration capabilities with identity providers, but it would have been better if they had their own identity product. The documentation is well-done in the solution.

CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition.

I would like to see CrowdStrike become closer to an agentless solution where I wouldn't have to deploy software and maintain the version of the solution.

I have been using CrowdStrike Falcon for a year. Also, I am using the solution's latest version.

There is no doubt about the stability of the solution. Stability-wise, I rate the solution a ten out of ten.

The solution has been successfully deployed in thousands of enterprises, so it is proven to be scalable. Major customers are using it, indicating that scalability is not a concern.

There are two numbers to reach out to the technical support team. Considering the time taken to reach out to them with a request and get a response, I rate them a ten. Based on the technical skills of the customer support team to solve a problem, I rate them between a six and seven.

Positive

The initial setup process of the solution was straightforward. However, it is important to note that I was only setting up the solution in a POC (Proof of Concept) environment and not in a production one.

That's a difficult question to answer because CrowdStrike Falcon was implemented to replace a previous solution. While it was cheaper than the previous solution, the only initial return on investment was cost savings, as we have not yet developed key performance indicators to measure the security benefits of using CrowdStrike Falcon.

The effectiveness of a solution is not always easily measurable by simply avoiding a hack on a given day. Instead, it often requires analyzing reporting data to determine its environmental impact. This data must then be used to calculate the return on investment and compare it to the cost of ownership. In my experience, the only clear return on investment has been in the initial deployment of the solution. The solution's price has typically been lower than that of previous solutions.

In my opinion, the pricing of CrowdStrike Falcon seems aggressive.

I recommend anyone planning to use CrowdStrike Falcon to ensure that they have an integration team. This is because the solution does not have many built-in features, and it relies on partnership integration with other significant players, such as identity and network vulnerability solutions. Consequently, when deploying CrowdStrike, hiring additional personnel is necessary to comprehend the integration process. If CrowdStrike is ranked number one, then Microsoft is above CrowdStrike due to its fully integrated features. If Microsoft ever got details of incorrect licenses, it would run CrowdStrike out of business. Overall, I rate the product eight point nine out of ten.

The most valuable feature of CrowdStrike Falcon is its accuracy.

CrowdStrike Falcon could improve the logs by making them free to the API.

I have used CrowdStrike Falcon for two years.

The solution is stable.

CrowdStrike Falcon is a scalable solution.

We have approximately 800 people using this solution in my organization.

CrowdStrike Falcon technical support has been fine in my experience.

I have used other solutions before CrowdStrike Falcon, such as Symantec.

Symantec does not have any advantage over CrowdStrike.

The initial setup of CrowdStrike Falcon is easy.

The price of CrowdStrike Falcon is reasonable.

I rate CrowdStrike Falcon a nine out of ten.

There are two things which customers really like about CrowdStrike. If they buy managed services from CrowdStrike, it offers them detection of security issues in one minute. If you buy their professional services, they offer insurance where you can claim up to $5 million if there's a breach. This is a huge upsell for customers. 

I started using EDR, but now they have different offerings relating to theft, security, ID theft security and XPR. Their channel management team is very good and we like working with them.

In a future release, I would like to see more integrations for data breaches and security features.

I have been using this solution for two years. 

It's very stable and the whole management console is fast. 

Once you are onboarded, they can activate different features on the same platform for you. You don't need to do the redeployment every time you click on a feature for the customer. This makes upselling really easy.

The customer support for this solution is good. We have not had any bad feedback from customers. They are very quick to the call and have been very supportive and helpful.

Positive

The initial setup is straightforward. There are a number of ways you can deploy the agent through the Play Store. The deployment is not very complex unless the customer's environment is very complex.

 CrowdStrike is well priced. On a yearly basis, it costs between $60 and $100 per user.

We compared CrowdStrike Falcon with Trend Micro, Trellix or SentinelOne.

When we talk about security to customers, we include consideration of Cisco to give them unified security plus XDR.