CrowdStrike Falcon Room for Improvement

Mark Krishnan
Associate Director - Infrastructure Engineering at AFT
If an operating system is stopped by support by the original vendor like Microsoft, or maybe Apple, within a few weeks, CrowdStrike will also decide they no longer support it, and they kind of move on. I understand their model. However, if we still have the OS, it's hard to keep it protected. So, for example, if Microsoft decides to stop supporting or patching a solution, Crowdstrike too will stop supporting it and making updates. It's still a useable product, it's just not getting updates or patches and therefore may be vulnerable. The result is that we can't guarantee we're going to be able to protect that hardware or operating system. We either have to upgrade to a newer platform, which sometimes is not possible because you have a legacy application. Whatever that constraint is, sometimes we're not able to move things. We still have to rely on other products to support that. That's the only quandary I have with them. Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about. When a file is infected or it detects a ransomware file network, when it does remediate, it should self-heal as Sophos does. That's a good feature to have, but I don't know enough pros and cons about that to kind of recommend that because if it is a false positive, that may be a problem. If it detected a valid file and if for some reason it decides, "Oh, this looks like an infection," and maybe it's not actually infected, and if it goes in and remediates it by replacing it with an older file, that may be a problem. However, I don't know, because I've never used that feature or heard anybody say that's a problem. View full review »
reviewer1392531
Dy General Manager at a real estate/law firm with 501-1,000 employees
The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ. I'd really like to have a complete solution. Right now most of the incidents happen on our endpoints. It is visible at the endpoint, the end server. If this can have a correlation tool that could actually give us a comprehensive dashboard, that would be useful. It could give us top-down visibility and could be from the firewall or any kind of security protection tool. It could be part of the DNS protection suite. However, that's why it's so important to have better integration capabilities. If this endpoint is trying to get at this particular website and it is identified as DNS level protection, that also comes to this dashboard. Around 80% to 90% view of whatever it is happening with this endpoint, whatever action it is doing, can be inspected on the dashboard. If the endpoint is protected by CrowdStrike. I am only to access this application through a CrowdStrike protected device. View full review »
reviewer1402662
Sr. IT Support Executive at a hospitality company with 1,001-5,000 employees
I'm new to the solution. Currently, I'm comparing it to other EDR solutions to see if anything is missing, however, I'm still learning the ins and outs of the product. It may be due to the fact that I am new, however, I'm having trouble understanding their licensing. It does take more time to scan than other solutions. The solution should continue to make the learning curve as short as possible by providing even more training and documentation. View full review »
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
464,655 professionals have used our research since 2012.
Tom Smolinsky
Executive Technology Advisor at Vitso
I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it. It's got a pretty good engine to do that on its own but it's one of the things that are important to us, so I'm just trying to increase the time-to-issue identification. By comparison to buying into the Microsoft suite, it was definitely less costly. CrowdStrike can be costly. View full review »
Brent Homan
Service at Four-U Office Inc
The solution doesn't have a whole lot of email security on offer. We did know that going into the purchase, however. We decided to get a different solution for that aspect of security. They have a sandbox feature, but it's all they do. They have different grades. There's the Socket Pro and then there's an ADR. Then there's another one where they pretty much watch your system for you. And it's all different. It's all based on the price you want to spend. I wasn't going to drop a large amount of money. They don't really have anything when it comes to scanning attachments. That would be something I would like. View full review »
reviewer1068594
Senior Cyber Security Analyst with 1,001-5,000 employees
Any kind of integration that you want to do, such as using the API to connect to a SIEM, is complex and it will be expensive to do. It is quite a pricey product. View full review »
reviewer1043067
Director Of Information Technology at a financial services firm with 11-50 employees
CrowdStrike Falcon by itself does not supply in-depth reporting. Falcon Protect does what it does. It's endpoint security — nothing more, nothing less. What it does, It does well. However, if you need more information on what it found and how it got there (including board reporting and compliance reporting), that's not there. Some of the other solutions that are available give you that, right out of the box. View full review »
reviewer1043067
Director Of Information Technology at a financial services firm with 11-50 employees
I miss a feature for the USB control that they have as an add-on. I haven't gotten to the point where I want to pay for it, but the features that I miss are available. The biggest issue with Falcon as a standalone product is it doesn't have very much reporting. Out of the box, the only weakness is the level of reporting. All the analytics and the telemetry are there, it's just a matter of getting to it. Other vendors offer some of that stuff right out of the box. CrowdStrike Falcon has been very low maintenance. There are features on it that I haven't touched yet. I've got a SIEM that I haven't really had time to explore fully. I have a patch management system that does what it does. I have a firewall and IDS that do what they do, and I have an endpoint security system that does what it does. MSPs keep asking how one person can keep up to the different solutions and alerting, if you don't have any problems, then it's pretty easy to keep up. Everything does what it does. I don't experience any of the issues that apparently a lot of people have on their network. How can I tell you what to improve if it's doing what it's supposed to do? View full review »
reviewer1078449
Chief Information Security Officer at a hospitality company with 5,001-10,000 employees
They need to strengthen the forensic capabilities of this product, for e-discovery. View full review »
Kunal Gupta
Security Engineer at a tech services company with 10,001+ employees
The current version of Falcon does not support DLP which is a may be a good to have in a EDR Solution. It must be included in the future version if possible. There must be a on-premise versions. MDM is also coming soon must also have ability to be controled from same dashboard. View full review »
Saifuddin Ebrahim
Senior System Engineer at a computer software company with 1,001-5,000 employees
The solution overall is a good product, and we don't see too much room for improvement. Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply. The solution could use better device control. View full review »
John Seaver
Director Of Information Technology at DLZ Construction Svs.
Improvement could be made in the number of false positives we get, there are more than there needs to be. Typical Windows functions sometimes get stopped by CrowdStrike. In general, I'd rather err on the side of safety but some of these are really straightforward functions that should get through. For the future, I think they need to keep building on their extensibility, the capability to be extended, so that it's not lost and we can utilize the knowledge that we're gaining from the endpoints. View full review »
reviewer1015710
Technical Architect at a consultancy with 10,001+ employees
In the six months that I have been using CrowdStrike, it has not been able to detect anything. We have been using Trend Micro and it has detected some malicious activities. We have CrowdStrike conduct some inner forensic investigations in hopes that it will be more advanced and detect things that may have been missed by Trend Micro. It would be helpful to have some prebuilt search queries based on the top ten queries in the industry for detection. View full review »
SeniorAsd84b
Senior Associate - IT at a financial services firm with 51-200 employees
I would like to see the machine learning feature enhanced. View full review »
Erik Sobel
Director of Security at a insurance company with 51-200 employees
It probably needs more integration with firewall vendors. It needs integration with other technologies. It doesn't play well with anything else. It is more of a standalone solution. Therefore, integration with other technologies would be great. View full review »
Secu8765
Security Engineer at a tech services company with 11-50 employees
The GUI can use improvement, it's cloud-based so sometimes the interface can be a bit slow. The interface could use a little bit more speed. When I change the policies for some users, I would like to have an option to apply that policy immediately. Right now, I have to wait for the users to connect to the cloud to take the new policy. I would like for them to develop the ability to have an option to apply the post the policy immediately. View full review »
reviewer1440201
Head Of Infrastructure at a insurance company with 201-500 employees
The reporting part is basic. It's not that intuitive and you cannot go further backward in terms of historical information. The Integration with tools, SOC tools, could be better. View full review »
Thomas Zeulner
Chief Information Security Officer at a manufacturing company with 10,001+ employees
The management reporting functionality needs to be improved. We would like to see more features for vulnerability management included. View full review »
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
464,655 professionals have used our research since 2012.