We performed a comparison between CrowdStrike Falcon and CylancePROTECT based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Protection Platform (EPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The most valuable feature is the analysis, because of the beta structure."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"The product detects and blocks threats and is more proactive than firewalls."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The UI is simple and self-explanatory. Everything is easy to understand."
"The EDR and XDR features have been most valuable."
"The detection is very effective."
"The stability is very good."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
"Scalability hasn't been an issue for us."
"I like Falcon's threat detection and endpoint investigation features. It's a user-friendly solution."
"CylancePROTECT is very stable - we've had no issues with performance and no errors or bugs."
"I like the AI and mathematical components that they use."
"Very easy to deploy. It can be done one by one or deployed by customizing an MSI file for GPO push."
"What I like best about CylancePROTECT is its accuracy, as it doesn't give many false positives."
"The solution’s AI is its most valuable feature."
"The most functional item that we use is the process to turn off the false flags that it causes."
"The solution is very quick at easily changing the levels of protection for each computer and the server."
"In most cases, the solution's ability to detect in the MITRE framework, and its ability to be able to detect attacks in any one of seven or eight different areas of the life cycle of an attack is very useful."
"The solution is not stable."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"It takes about two business days for initial support, which is too slow in urgent situations."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The solution should address emerging threats like SQL injection."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products."
"An improvement would be to extend support to legacy and unsupported servers."
"This solution is relatively expensive."
"The management reporting functionality needs to be improved."
"CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time."
"The management of the solution could improve."
"The biggest issue with Falcon as a standalone product is it doesn't have very much reporting."
"It is hard to manage."
"The OPTICS component could be made more user-friendly with respect to giving people more information."
"CylancePROTECT could be improved in its technical support and communication."
"The company that sells us the licenses sometimes doesn't know how to do certain things."
"Having worked with SentinelOne, Cylance is good, however, it probably needs to add a feature similar to SentinelOne's rollback functionality. With this feature, if you get infected, with a click, you can go back to the pre-infection state. If Cylance could add this functionality to their offering as well, that would be ideal."
"It could have integration with industrial base HMIS or Human Machine Interfaces Solutions. This is the industrial environment where you have a control center for all the automation that's happening, whether it is oil, gas, or chemical manufacturing. They often have to set up a computer at the back and watch the other stuff to get alerts. In these autonomous or on-premises environments, they often don't have access to email readily. Integration with other industrial solutions, such as HMIS, will allow them to communicate and get an alert that something has been found. This way, they can react to it sooner than having somebody watch the screen and keep checking the screen. Rockwell has its own suite. Similarly, Honeywell has its own suite. There's also an independent HMI/historian solution provider out there called VTSCADA. We actually get asked if we can get it to show up on a screen, which is difficult. Getting those alerts to work within an industrial environment would be a huge plus."
"I would like to see them fix the alerting system so that the endpoint reporting is a bit more streamlined."
"The solution needs better dashboards that are easier to use."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews while CylancePROTECT is ranked 23rd in Endpoint Protection Platform (EPP) with 40 reviews. CrowdStrike Falcon is rated 8.8, while CylancePROTECT is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of CylancePROTECT writes "Ensures advanced AI-driven threat detection to provide robust endpoint security, effectively preventing both known and unknown threats with minimal impact on system performance". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas CylancePROTECT is most compared with Microsoft Defender for Endpoint, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and VMware Carbon Black Endpoint. See our CrowdStrike Falcon vs. CylancePROTECT report.
See our list of best Endpoint Protection Platform (EPP) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I had a great experience having deployed CrowdStrike to tens of thousands of endpoints. It's easy to deploy and operationalize. It has provided protection against threats that other engines did not catch based on its powerful heuristics and AI.
CrowdStrike does invest heavily in R&D and provides advisory services on endpoint protection.
I never used Cylance. We installed CrowdStrike on 6/6/19 and aside from a test file have had zero hits. CrowdStrike has some additional features available (at a cost). One that I am looking at is device control for USB storage devices for policy enforcement. Syslogs are being absorbed by my SIEM as well.