CrowdStrike Falcon Primary Use Case
JS
Jeremy S.
Director of IT at a tech services company with 51-200 employees
We use this product for endpoint security and threat remediation.
View full review »The following is a list of use cases that were tested and evaluated against Crowd Strike along with different competitors.
1 - Execution of Fileless Ransomware - The test was conducted using PowerShell script execution, the script was executed using privileges rights and it was successful. Although all the preventive controls were enabled in the CS falcon dashboard, CS falcon had raised a red flag regarding fileless execution, however, the moment it let us know our system got encrypted.
2 - Uploading large volume of Data over the cloud - Using customized script in the USB, a test was conducted to copy (.docx, .xlsx, .pptx, .png, .jpg, .pdf, .txt, .rtf) files from the system. It performs a copy operation from the whole disk and creates a password-protected .zip file in APPDATA of the complete files, once the protected file is created it then checks the internet connectivity. As soon as the script finds connectivity with 8.8.8.8, 8.8.4.4. it starts sending the protected .ZIP file over its CnC cloud.
3 - Disabling of CS Falcon Agent - I have conducted a test to disable the Falcon agent from the Windows-based OS. The agent was successfully disabled by booting up another OS and renaming of agent files from the system.
4 - Perform Privilege Task in Crowd strike - CS roles have some additional privileges. While performing host containment, it has the ability to perform the following operations without informing the user:
* Host Containment
* Isolating the host from the network;
* Copying data from the host machine into the CS cloud;
Considering the above situation it may cause a breach of user privacy due to which user can file a complaint against InfoSec team.
View full review »JA
Jeffrey-Anderson
Security Analyst II at a healthcare company with 10,001+ employees
It is currently our antivirus and EDR platform that we use to export incidents to our SIEM and automation platform, SOAR. We use Demisto for our SOAR.
The solution is fully deployed in our organization. We are primarily Windows. There are four major hospital sites with a couple thousand endpoints each. We probably have 600 remote workers due to COVID-19. I would probably say there are 7,000 VDIs inside of Citrix. Then, the rest are probably small clinical sites with no more than 50 to 80 people at each one. They make up the bulk of the rest, and probably 99 percent of that is Windows or server-based. We only have maybe 30 Macintoshes in the whole system and about as many Linuxen.
We are using Windows agent 618.
View full review »Buyer's Guide
CrowdStrike Falcon
March 2024
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
AK
Adeeb Khan
Senior Data Hosting and Security Special at Two aquate
We're installing the solution on some of our external servers. It has a cloud portal, and we can control everything through the cloud. It's good for remote sites.
View full review »I'm a tax lawyer, so the IRS requires me to have a security program.
EH
Erik Hart
Chief Information Security Officer at a real estate/law firm with 10,001+ employees
Our main use case was looking for an endpoint solution that was able to follow our users anywhere. We have over 52,000 employees, and a majority of our people work in various places. Many employees are not in an office every day: They are at a client's sites, some work at home, some are traveling, etc. We really needed something that would give us visibility no matter where and when an employee was working.
View full review »JT
reviewer1524120
Director - IT Security Operations at a manufacturing company with 10,001+ employees
It blocks all the stuff bad actors are trying to do to our users.
All our end user systems and servers are on-prem and cloud workstations desktops everywhere.
We are using the latest version minus one release (N-1).
View full review »I'm a security analyst. We get alerts on the cloud side that appear in the CrowdStrike console and also in our email. We can consolidate them on the console and check the process tree. You can see the hostname, user details, and all the information on the right side. On the file part, we can see whether the malicious file has been executed and decode it to see where the hash appears.
Falcon helps my client improve productivity. About 5,000 users at the client company are using the product.
View full review »CK
Carol Kettlety
IT Network Infrastructure Manager at HENSOLDT
We use CrowdStrike Falcon as a managed SOC for intrusion detection on our endpoints.
View full review »We integrate the data from this solution with ExtraHop, which is an NDR. Being able to move between both platforms and have network-level data and transactions over the network feed into XDR CrowdStrike is really powerful. It helps us make better decisions, it makes better decisions without human intervention, and it hones the analytics a little bit. The EDR aspect of it works almost exactly the same as the regular Falcon product. I will say that it's probably a lot better at scale than what we're using it for. I work at a school district, so for the individual schools, it's nice to see and isolate issues and have reports built by individual school locations rather than just everything looking like a whole hodgepodge of computers.
View full review »We use CrowdStrike Falcon for both our server and endpoint security, including our users' laptops and PCs.
View full review »AT
reviewer1540044
Chief Security Officer at a financial services firm with 201-500 employees
We have several use cases including threat management, EDR, AV, and a SOC with 24x7 monitoring.
View full review »SH
Stephen Hand
Director, IT & Systems Security at Tilson
We implemented CrowdStrike because we needed to identify a new solution to address a 100% remote workforce, both because of COVID, but in general, our workforce is very distributed around the country.
View full review »JM
Jim McCartney
Information Security Analyst at a insurance company with 1,001-5,000 employees
We use it for our endpoint detection and response on our devices for both endpoints and servers. It has replaced our traditional antivirus. We are strictly using it now to do all our antivirus duties.
We are primarily a Windows environment, 95 percent Windows. Then, we have a little bit of Linux and Macs in there as well.
View full review »GK
Garnett Kirk
Information Security, Sr. Analyst at a wholesaler/distributor with 10,001+ employees
We use CrowdStrike Falcon as our EDR solution, including antivirus.
View full review »KR
reviewer2152761
Cyber Security Manager at a university with 10,001+ employees
We use the EDR feature.
Our company's line of business includes financial transactions with an insurance policy that requires EDR protection. Compliance is part of our policy and agreement with customers.
We currently have 1,100 users of the solution.
View full review »AS
Adam Shusterman
Cyber Security Engineer at a legal firm with 501-1,000 employees
We are using it primarily for NGAV, but we also use their EDR product and Falcon OverWatch.
Most of our internal stuff is still on-prem. We do use SaaS for vendor products, but our internal environment is still mostly on-prem.
View full review »We use it for threat detection and threat hunting.
View full review »DL
David Leonard
Head Deputy Head of IT, Information Technology's Projects & Developments Center at a energy/utilities company with 201-500 employees
We rely on CrowdStrike Falcon for comprehensive threat detection, prevention, and valuable insights. This robust solution also offers identity protection features. Our dedicated team of six professionals effectively manages the platform, ensuring its effectiveness across multiple locations, including our data centers and core facility.
View full review »HB
reviewer1869621
Security Officer
I mainly use CrowdStrike Falcon to prevent threats and detect indicators of attacks or compromises in the network.
View full review »NC
NormanCyman
IT Security Analyst at U.S. Venture, Inc.
The initial use case was for CrowdStrike to be a replacement for McAfee. We wanted to come up with something that was a lot more adaptive to emerging world threats and not just strictly signature-based. We wanted something focused a lot more on heuristic analysis and pattern analysis first, e.g., isn't just sheer signature. Additional use cases are workstation servers and as much as we can do in our OT environment.
View full review »MK
Mark Krishnan
Associate Director - Infrastructure Engineering at AFT
We primarily use the solution as advanced threat protection. It is used to protect all endpoints, servers, etc.
View full review »Our primary use case is IPS and IDS.
View full review »EW
Edward-Walton
Security Principal at Trifecta Cloud Security Solutions
The solution is primarily utilized for EDR and XDR capabilities, with some identity management features integrated through Falcon. In essence, it is employed like other endpoint protection platforms.
View full review »There are two things which customers really like about CrowdStrike. If they buy managed services from CrowdStrike, it offers them detection of security issues in one minute. If you buy their professional services, they offer insurance where you can claim up to $5 million if there's a breach. This is a huge upsell for customers.
View full review »AK
Anil Kishore
Lead Engg. Information Assurance at ACPL Systems Pvt Ltd
I am using CrowdStrike Falcon to protect my endpoints from new zero-day threats.
View full review »MG
Michael Getz
Enterprise Cybersecurity Architect at Swagelok Company
The product is inherently cloud-based.
View full review »CrowdStrike Falcon is our platform for IT security, encompassing endpoint security, cloud security, and EDR capabilities.
View full review »We are using it as an EDR solution for endpoint protection.
View full review »We primarily use the product for the security of the endpoints to protect against viruses and malware. It protects our devices from infection.
View full review »We use this solution for next generation anti-virus protection and detection. We are a premium partner of Crowdstrike.
View full review »MA
Ayieko Margaret
Pre-Sales Engineer at EliteVAD
We primarily use the solution for antivirus and endpoint security.
View full review »RB
reviewer2333907
IT Consultant at a comms service provider with 5,001-10,000 employees
We use CrowdStrike Falcon mostly for EDR.
View full review »GC
reviewer2322486
Security Analyst at a insurance company with 1,001-5,000 employees
We use CrowdStrike Falcon for endpoint security and response, and Horizon to manage and protect our data.
Following a 2021 security incident, the general response team recommended implementing CrowdStrike. We adopted their suggestion and found its network threat detection and prevention capabilities invaluable.
View full review »SW
reviewer2131563
AVP of Tech at a insurance company with 201-500 employees
We use this product as an antivirus. We use it as an add-on for Arctic Wolf, which it integrates with.
View full review »RC
reviewer1078392
Security Systems Analyst at a retailer with 5,001-10,000 employees
CrowdStrike is a malware protection solution that is deployed on a private cloud across all areas of our organization. We have deployed the solution to 10,000 users. Roles-based it's the security team.
We recently upgraded to a new feature that is set to roll out. CrowdStrike is a requirement, it's our standard. If you have a new OS deployed or a new server deployed, this is a required component. It has been automated as we grow and as we add more systems.
View full review »MW
reviewer1078449
Chief Information Security Officer at a hospitality company with 5,001-10,000 employees
We have various use cases. We are protecting servers and endpoints that are utilizing this product to focus on advanced, persistent threats, with the goal of reducing the overhead on the endpoint for early detection.
Right now, we have not put enforcement, and we're moving to the next level of detection.
JS
John Seaver
Director Of Information Technology at DLZ Construction Svs.
We use CrowdStrike for our endpoint security and we're about to tie it into vScaler. It's on every endpoint in the company and is used by everyone in the organization. It's anti-virus security software, so we'll continue to put it on every machine whether our company grows or shrinks.I'm the director of information technology in our company and we're a customer of CrowdStrike.
View full review »We use CrowdStrike Falcon to detect and alert us to any malware in our system. In our organization, we integrated CrowdStrike with a SIEM tool, which does the alerting. If the solution detects malware and issues an EDR alert, it notifies us and begins gathering data about the detection, including the hostname, user name, the hash value of the downloaded file, and the file's reputation. Then, we can ask the user the delete the file from the PC and drives, such as USB drives, if necessary. Following removing any malicious files, we can use CrowdStrike to run an AV scan on the affected device or devices.
View full review »We use this solution for next generation antivirus and EDR.
View full review »RG
Rohith Kumar-Gurram
Cybersecurity Analyst at a computer software company with 51-200 employees
We use CrowdStrike Falcon for endpoint protection against malicious activity.
View full review »CrowdStrike Falcon is an Endpoint Detection and Response system that uses agents deployed on each endpoint. It works on mobile or wired devices. The operator provides you real-time and online protection against the latest malware and wireless attacks.
I use CrowdStrike Falcon for endpoint security and compliance auditing.
View full review »BH
Brent Homan
Service at Four-U Office Inc
We primarily use the solution for real-time ransomware protection.
View full review »UG
reviewer2279184
Vice President at a financial services firm with 10,001+ employees
Our organization relies on CrowdStrike, a standalone endpoint security solution, to safeguard our bare-metal machines. CrowdStrike continuously monitors for threats on all endpoints. If it detects any suspicious activity, such as malware or malicious processes, it immediately alerts us for investigation.
I'm currently working as a cybersecurity specialist at the Arab Open University. We are trying to create centralized station input. We have nine branches in the Middle East, so we need a cloud-based solution. Our control center is in Kuwait but all nine of our branches use CrowdStrike Falcon. Our team is located in Kuwait, which is where we handle and mitigate threats from.
View full review »BS
reviewer1019481
Specialist, Lead Desktop Support at a energy/utilities company with 5,001-10,000 employees
We use CrowdStrike Falcon for endpoint protection.
View full review »JM
reviewer1055580
President and CEO at a tech services company with 51-200 employees
We primarily use the solution for our Windows and Macs.
View full review »The solution is for alerts. It will trigger if there is malicious traffic or some scripting attack. Any attack that is there, then it'll alert automatically.
View full review »MJ
Marty Joplin
Server Administrator at TIR Canada
We use this solution on all of our endpoints and servers.
View full review »AC
reviewer928773
Head of IT Department at a pharma/biotech company with 10,001+ employees
CrowdStrike Falcon is leading the market in EDR. They are the first that to have this kind of solution against malware. They have an advantage in respect to the rest of the competitors. They offer a certain amount to protect in case of malware or cyber-attacks. They have a policy or insurance connected to the service. That's the reason why we choose CrowdStrike over other solutions.
View full review »We use this solution for threat protection and endpoint security.
Recently, we added on CrowdStrike OverWatch and Insightsoftware for better reporting. OverWatch monitors East-West issues that CrowdStrike Protect doesn't see. New next-generation endpoint security doesn't scan your PC. It doesn't scan files nightly. People have to get past that, it's so old school.
I have 50 end-users, one hundred endpoints, and workers of all types, both in-house and remote workers.
View full review »GH
reviewer1068594
Senior Cyber Security Analyst with 1,001-5,000 employees
The primary use case is digital security investigations using the dashboard.
View full review »DA
reviewer1402662
Sr. IT Support Executive at a hospitality company with 1,001-5,000 employees
We primarily use the product as a security solution.
View full review »We are using CrowdStrike Falcon for the EDR mainly.
View full review »CA
reviewer1871766
Product Manager at a comms service provider with 51-200 employees
We use the solution for security and in demonstrations to our partners.
View full review »MK
reviewer1392531
Dy General Manager at a real estate/law firm with 501-1,000 employees
The solution is primarily being used at our endpoint, which includes roaming users with laptops. It is being used in all of our servers at our data center. Our security team can monitor everything centrally using the Falcon dashboard. If there is an incident, our team can actually go to the root cause of the incident to try to solve it there.
View full review »We are using Crowdstrike Falcon XDR for security.
View full review »MH
Mahesh Haba
DGM IT at Union Bank of Colombo
We use CrowdStrike for endpoint protection.
View full review »LM
reviewer1132086
Information Security Officer at a financial services firm with 51-200 employees
CrowdStrike Falcon is working on our production servers.
View full review »DC
Director916d
Director of Cloud Architecture at a energy/utilities company with 10,001+ employees
We use it for threat management.
View full review »GM
GeofreyMwaseba
SOC Analyst at a financial services firm with 1,001-5,000 employees
We use CrowdStrike Falcon XDR for endpoint protection.
It is more sophisticated than a legacy antivirus.
When compared to the legacy antivirus, it offers more features, including the ability to do analyses, halt execution, and more. It also gives you real-time notifications.
In comparison to the earlier legacy era, it is better.
MK
MTHULISI-KUMALO
Junior Security Engineer at Altron
I mainly use Falcon for endpoint protection.
View full review »TZ
Thomas Zeulner
Chief Information Security Officer at a manufacturing company with 10,001+ employees
Our primary use for CrowdStrike is as an EDR system. We are protecting more then 9.000 devices.
View full review »SE
Saifuddin Ebrahim
Senior System Engineer at a computer software company with 1,001-5,000 employees
We primarily use the solution for threat intelligence.
View full review »Our primary use case is EDR and ransomware.
AE
Ahmed_Emara
Infrastructure Manager at Quaracrm
We use it to monitor everything related to the activity and to block any malicious activity. We are new in the security field in our company.
View full review »JP
Jorge Pizarro
Senior Engineer at Neosecure
We use CrowdStrike Falcon for malware mitigation and hunting.
View full review »PG
Parikshit Goutam
IT Manager at a consultancy with 5,001-10,000 employees
It's security-related product. A security environment based on AIML. It is not like the older stuff, which used to have signature-based updates.
View full review »CA
reviewer1871766
Product Manager at a comms service provider with 51-200 employees
I use CrowdStrike Falcon for EDR and security purposes. Also, I am using file integrity monitoring, asset management, and patch management modules. Additionally, I'm also utilizing an identity protection module.
View full review »MH
MuhammadHabib
Cloud Solution architect at VaporVM
We primarily use CrowdStrike Falcon for malware detection, endpoints, and application behavior detection. The company has different teams, but our team handles the Windows and Mac hosts.
View full review »JC
John Castaño
Solutions Architect at dsmedellin
We use Falcon to protect around 500 endpoints.
View full review »This is an EDR solution used for antivirus purposes. It is used for vulnerability assessments, security posture management and to safeguard a business from all kind of attacks.
View full review »RV
Raghunath Venkatesh
Business Development Manager - Security at a computer software company with 201-500 employees
CrowdStrike Falcon is used for endpoint protection for businesses. It's used for identifying threats.
View full review »MH
reviewer1276317
Sr Network Administrator at a construction company with 501-1,000 employees
Our primary use case is for endpoint protection.
View full review »TS
Tom Smolinsky
Executive Technology Advisor at Vitso
We are using this solution for advanced threat protection, over and above any antivirus for approximately 1200 end-users, or endpoints. It is able to identify any anomalies and alert on that using the AI engine. That way, there's a small security team to make them more effective, to be able to get an alert, go in and look at what's going on.
Since I have been here, I have been keying into when people fall for phishing attacks and they either get blocked going to a website or their credentials get compromised, and somebody logs in to their Office 365 account. We were able to forensically identify that in two of the cases. Most recently, since I've been here looking at the more active response, to be able to identify and act a little bit more quickly.
ES
Erik Sobel
Director of Security at a insurance company with 51-200 employees
The primary use case is detection and forensics.
The product is cloud-based, so we use the latest build which is available.
View full review »Our organization uses CrowdStrike Falcon for a variety of security tasks, including incident response, investigations, malware analysis, and threat hunting. This comprehensive platform excels at detecting malware across various technologies and endpoints within our environment.
CrowdStrike Falcon functions as a threat detection platform. It identifies malware based on pre-defined signatures and rules. Upon detection, it triggers a response and provides a dashboard for further analysis. This allows us to assess if the malware poses a risk to our organization or if it's a false positive. For confirmed threats, we can then delve deeper for a thorough investigation to uncover any underlying malicious intent.
Our primary goal is to prevent malware-related risks proactively. By leveraging CrowdStrike Falcon, a premium endpoint detection and response tool, we can safeguard our organization from malware exploitation attempts employed by hackers.
View full review »AV
reviewer1450047
IT Workplace Coordinator at a consumer goods company with 1-10 employees
We use CrowdStrike Falcon as an XDR to replace our old antivirus solution.
We implemented CrowdStrike Falcon for better visibility into our environment and easy online access to the policies.
View full review »We are a CrowdStrike partner, selling their products to our customers. We have small and medium-sized enterprise clients and clients in the government sector. Depending on customer requirements, we provide different CrowdStrike Falcon products, ranging from Spotlight to XDR.
View full review »OA
reviewer1714518
Especialista em Segurança da Informação - DFIR at a financial services firm with 501-1,000 employees
I am using CrowdStrike Falcon for system security.
View full review »HA
SeniorAsd84b
Senior Associate - IT at a financial services firm with 51-200 employees
CrowdStrike is an anti-virus solution, and we use it to protect our users from malware.
View full review »HF
reviewer1405356
Consultant at a computer software company with 51-200 employees
It is used for stopping data breaches.
It is totally on the cloud. It cannot be deployed on-prem. They don't have any on-prem options.
View full review »DN
reviewer1174008
Security Analyst at a computer software company with 10,001+ employees
We use CrowdStrike Falcon on all our devices, server, and workstations for security.
View full review »SS
Secu8765
Security Engineer at a tech services company with 11-50 employees
Our primary use case is as an endpoint protection service.
View full review »FI
Fadhullah Iskandar Roy
Solution Architect at a comms service provider with 1,001-5,000 employees
The primary use case is threat protection.
View full review »Primary use is for endpoint investigations.
View full review »SI
reviewer1149999
Engineering manager at a consultancy with 1,001-5,000 employees
CrowdStrike Falcon is an EDR and we use it to protect our developers. They have a lot of risks that come from cloud services, such as AWS.
View full review »LM
reviewer1440201
Head Of Infrastructure at a insurance company with 201-500 employees
We use CrowdStrike Falcon to secure the endpoints and servers that we have on-premise.
View full review »NS
Nachiket Sathaye
Information Security Consultant at a tech vendor with 501-1,000 employees
We are currently using this solution as a replacement for our antivirus solution. It also helps us in terms of forensic investigation, malware analysis, endpoint detection and response.
View full review »AM
reviewer1686732
Analista de segurança de TI at a tech services company with 1-10 employees
I am using CrowdStrike Falcon for network protection. We have government customers.
View full review »FB
reviewer1458627
Director & CEO at a tech services company with 1-10 employees
We primarily use this solution for AV, next-gen AV, EDR or XDR.
View full review »KG
Kunal Gupta
Security Engineer at a tech services company with 10,001+ employees
We are currently using this solution as an ERD tool to control and remediate threat from the endpoint remotely, it serves as a next-gen antivirus solution. It can also be used in a forensic investigation, threat hunting, trend analysis, malware analysis, etc.
View full review »NS
reviewer1015710
Technical Architect at a consultancy with 10,001+ employees
The primary use case of this solution is as endpoint detection and response.
View full review »AM
Akash Mondal
Works
It logs automatically and generates alerts. It is all automatically integrated with the cloud.
View full review »Buyer's Guide
CrowdStrike Falcon
March 2024
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.