CrowdStrike Falcon Cloud Security Reviews

We are a small company using CrowdStrike Falcon Cloud Security for next-generation endpoint security and antivirus protection. We do not have dedicated threat hunters on the platform and primarily use it for endpoint protection.

CrowdStrike Falcon Cloud Security helps us ensure that our endpoints are protected, which was essential for achieving the Cyber Essentials Plus certification. It also allows us to demonstrate to partners that we are diligent about protecting both our data and theirs.

The most effective feature is the machine learning aspect, which detects unauthorized scripts and potential data exfiltration. It provides alerts on suspicious command executions, helping us safeguard our systems.

The user interface needs improvement as it's sometimes difficult to locate specific dashboards or reports. Simplifying the naming of elements in the UI could make it easier and more intuitive for users.

We have been using the solution for about six months.

I recommend CrowdStrike Falcon for companies of all sizes, from small businesses like ours to some of the largest companies in the world.

We do not expect to get a direct ROI. It is an expense we are willing to pay to conform to Cyber Essentials Plus and demonstrate responsibility in protecting our data and that of our partners. It also helps in mitigating third-party risks.

The pricing for CrowdStrike Falcon Cloud Security is reasonable, especially for small companies with limited budgets. It is essential for achieving Cyber Essentials Plus and is cheaper than solutions like Splunk for Next Gen SEAM.

CrowdStrike Falcon Cloud Security is not recommended for highly sensitive data environments, such as government intelligence services, where cloud products might not be suitable.

I'd rate the solution nine out of ten.

I have been using CrowdStrike Falcon Cloud Security extensively for maintaining endpoint security. It is mainly used to protect systems against malicious binaries. In our cloud environment, we use it by deploying agents on our cloud instances operating in AWS and GCP to protect these instances from malicious binaries.

The solution has significantly enhanced our incident response times when dealing with malware or possible malicious file activities. It allows me to log into machines and pull copies of suspected files, eliminating the need to physically obtain the machines for analysis.

The most valuable features are the real-time response, which allows me to log into a machine to pull files and check signatures for malicious activities, and the ability to restrict USB block storage usage on endpoints by policy.

There is room for improvement in the solution's ability to handle Linux systems. It does well for Windows, but it relies on binary scanning for Linux and lacks comprehensive rules for detecting suspicious behavior. I have had to develop my own custom rules in CrowdStrike for Linux.

I have been using this product extensively for about the past four years.

Apart from the recent media attention for causing some instability worldwide, the solution is quite stable and I haven't had any major concerns.

The solution scales very well, with the only limitation being the licensing purchased.

I have used Carbon Black extensively in the past.

The initial setup is mostly straightforward. They provide a simple way to deploy the endpoint, simplifying the installation process for users.

The solution is quite expensive. The pricing fluctuates based on various factors such as company size, and there is room for negotiation, but it is generally expensive enough that most midsize companies find it difficult to afford.

I would advise first-time users to monitor the number of endpoints regularly to ensure they are checking in. Additionally, they should add custom detections for Linux to identify unexpected behaviors, as the default detection for Linux is not very comprehensive.

I'd rate the solution nine out of ten.

CrowdStrike Falcon serves as our go-to tool for endpoint detection and response. We often leverage scripts to implement actions such as blocking and isolating specific machines. These scripts help us pinpoint and flag machines within the system that require investigation. Our focus involves delving into logs, scrutinizing identities, and ensuring a secure cloud posture through effective cloud posture management.

The primary focus lies in the swift and effective response to potential threats. CrowdStrike's Remote Threat Response feature allows remote access to machines under investigation, provided they are online. This capability significantly aids in expediting the investigative process. Additionally, the tool supports threat hunting within the Falcon framework. An aspect worth noting is the tool's proficiency in making correlations within internal data, including both machine and user logs.

The RTR feature stands out as particularly valuable to me due to its capability to log into machines. Whether it's a Linux machine, allowing me to execute native Linux commands, or a Windows machine, where I can use PowerShell commands, it empowers me to seamlessly proceed with my investigations. This flexibility is a key factor that enhances the overall effectiveness of my work.

I tend to focus more on the forensic aspects, believing there's potential for additional improvements in that area. I've noted that CrowdStrike recently introduced a new feature in their latest update, aimed at enhancing forensic capabilities. Incorporating threat intelligence into the system would be a valuable addition.

I have been working with it for two months.

The stability of the platform has been consistently reliable, with no instances of downtime or issues encountered during installations. The process has been remarkably smooth, and I have not encountered any problems so far.

The scalability is quite impressive. With thousands of endpoints in our environment, we can effortlessly deploy additional agents on any new endpoint integrated into our system.

Regarding technical support, the response time typically takes a few hours. The speed of response may be influenced by the specific licensing arrangements in place. I would rate it seven out of ten.

Neutral

In my previous role, we predominantly relied on Azure solutions. Microsoft Advanced Threat Protection, encompassing Defender for Endpoint, Sentinel for Identity, and Security for Cloud Apps, constituted the core components of our security arsenal.

The deployment spans various locations and departments, encompassing all our endpoints. This includes multiple nationwide locations and extends to different continents. Maintenance is not a significant requirement. While we do make occasional updates to rules, our Security Management service takes care of this aspect. Updates, including new rules, are automatically implemented during the update process. Duplicative rules are removed in the course of these updates. Although we have some custom rules, the entire process is managed as part of a service, ensuring seamless and well-controlled cycles.

I have a stronger inclination towards Microsoft ATP. However, since joining this company just three months ago, CrowdStrike Falcon has become a part of my toolkit.

The user interface designs are highly user-friendly with some interesting settings. I would wholeheartedly recommend it to anyone not specifically seeking a source solution but rather a comprehensive Security Orchestration, Automation, and Response platform. The flexibility it offers to analysts is noteworthy, especially when utilizing the RTR feature. This allows seamless remote access to computers, where analysts can execute commands natively without disrupting user activities. It provides a valuable capability for conducting investigations discreetly and efficiently. Overall, I would rate it eight out of ten.

I use the solution for protection on the go for end-user computers, identity management, proactive awareness of devices on the network, and statistical collection on the devices.

The solution's most valuable feature is that the solution for IT security is not based on the on-premises solution; it is available on demand. It is lightweight and can be held on a mobile device. The solution has login features like multi factor authentication. The tool facilitates data collection of the equipment on the network, including solutions on whether to remove or keep some computers.

The solution interacts with the domain controller and gives an update on what specifics may be harmful to the environment so that we can tag it to the users before they actually contact the IT team for support.

While it may be able to show the user in the drill zone, it could have a listed column at a higher level. That way, it would help the IT team do targeted interventions rather than having to drill into the details. The tool could give us more templates so that people who are not updated with the platform can easily get acquainted with how to secure and utilize the product more.

The only thing I don't like about the application is when a computer name changes, the CrowdStrike app maintains the two devices. The name or the MAC address was different. I'm unsure if the solution can flush the database based on the similarities in the MAC address.

The solution lists the equipment but maintains the tool name on to something else. If we have renamed the equipment that joined the platform before, we just delete it manually. So, we know which one is now the new name.

I have been using CrowdStrike Falcon Cloud Security for more than two years.

We are confident that the solution should be able to scale well based on the current features and the modular programming that it appears to be doing. The idea of scalability is that it can handle volumes of data requests outside of what our environment is doing. We not only deploy the solution in one domain controller, but what we can see on the domain controller is based on our environment setup. Based on the hybrid point of view, I think the solution is very scalable.

We have around 500 users working with the solution in our environment. In my environment, we're testing to see if we need to increase usage. If not, the other solution would be mobile device management to handle the other exceptions we currently see.

I rate the solution’s scalability an eight out of ten.

When we recently got the licenses, we were told to do something. When we observed that we didn't want to transfer where we were, they did something else to help with the solution. The technical team is not just technical; they're also human in that they're adaptable to customer needs and provide guidance.

Positive

The team was awesome at implementing the tool. When we transferred to the paid version, the technician or engineer from CrowdStrike transferred to the new tenant without redeploying the endpoint, which was awesome for me.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a nine out of ten.

I can't give you a percentage of the return on investment. The solution protects me from the cybersecurity threats, which is very good for me and my team. So, I'm giving you a qualitative response as opposed to a quantitative response.

It's an expensive package but does what it says it will do. Specialists are usually not cheap, so you expect to have a great package. They help you customize it, so I think it is worth it. The solution's pricing is in the same range as FortiEDR's. We paid over five million dollars for our package based on the number of subscriptions and the other add-ons to the package bundle.

The licensing fee we pay for the solution doesn't include managed services because my technical team and I were able to handle the product. It's very easy to maneuver. There's no additional cost for us to use the product outside the bundle we've requested. We ask for the basics, and then we include add-ons for the identity and server management. That will be the only add-ons cost that is manageable.

I rate the solution’s pricing an eight out of ten.

The dashboard gives an overview of the last login for somebody besides you. You know what is going on at a high level since you don't always have to have one operating system or environment. The suggestion and the data dictionary or the look of the threat environment are also helpful because they help us prepare against the threat landscape once it is known.

Based on how the organization is listed, you could classify the equipment according to an organizational unit to identify the component. That is helpful because if you're being attacked, you can see where the entry point comes from based on the response coming from the panel. This response can be emailed to the team.

The solution is deployed on the cloud. Before buying the solution, understand the technology gap so that you can look for the features you need. Any lightweight product that can be accessed on a mobile device on the go or outside the office is a great product for security specialists. The solution offers good availability and multi factor authentication. Some security concerns are built into the tool's security package.

It helps you understand the ecosystem of lurking threats waiting to come to your network or already on it. It is a great product for those who want inventory insight into their network. It gives you a lot of details that you probably wouldn't have captured if you didn't have great inventory management from an IT perspective.

The tool can also help you plan your next product or procurement of equipment to get better feedback on what's going on from your user experience. For me, the solution's statistics insight is great. The dashboard is awesome because you don't have to look for something. It can tell you exactly which computers are online and which haven't come online for a long time.

From a technological point of view, you can call and find out why equipment is not online to make a proactive decision.

I believe AI has always been a part of the package we've been using for a time. The proactive threat hunt based on statistics in the environment is a part of the AI search feature in the portal. From a cybersecurity point of view, if the product can detect a threat lurking in your network, it helps you sleep better at night because you don't have to look for it all the time.

The statistics provided via email or in the CrowdStrike environment point you in a direction so you can do something. If you don't want to do it yourself, the tool can be trained to do it automatically for you if you allow the settings.

Overall, I rate the solution a nine out of ten.

We use CrowdStrike Falcon Cloud Security for our client's endpoint security in the manufacturing, banking, and IT industries.   

CrowdStrike Falcon Cloud Security has helped improve our security operations. When facing signatureless attacks, CrowdStrike's EDR solution, which also incorporates SOAR capabilities, can prevent attacks in real-time. The SOAR engine detects malicious activity and suspicious file or transaction behavior on the network. Based on this detection, CrowdStrike proactively prevents these attacks. Additionally, features like Spotlight, a valuable tool for vulnerability management, provide remediation actions. Spotlight identifies the specific patches or knowledge base (KB) articles needed to mitigate these types of attacks.

To experience the full value of CrowdStrike Falcon Cloud Security, we recommend deploying the Falcon Agent on at least 500 systems and monitoring their activity for 15 days to a month. This deployment will provide comprehensive visibility into whether CrowdStrike can detect suspicious activity that might be missed by other third-party antivirus solutions and firewalls.

The CrowdStrike platform boasts a wide range of features while remaining exceptionally lightweight. Compared to traditional antivirus software, its impact on system resources is minimal. In terms of specific figures, CPU utilization typically ranges from one to two percent, while memory usage falls between 12 and 15 MB. This translates to a very small footprint on our system.

CrowdStrike utilizes signatureless technology, eliminating the need for regular signature updates on endpoint systems. It provides protection based on processes and activity behavior observed on the endpoint. The platform collects raw telemetry data from the endpoint and leverages it to proactively offer prevention and EDR capabilities. This approach offers multiple benefits, including eliminating the need for manual scans and providing broader protection against both known and unknown threats.

Due to the time zone difference, we in India experience delays in accessing immediate support for L2 and production-related issues until engineers become available in their respective time zones.

The CrowdStrike dashboard currently lacks a username field. This creates a gap for customers who manage multiple systems under a single username, making it difficult to identify individual systems based on username alone. Adding a dedicated username column to the dashboard would greatly improve its functionality in this regard.

I have been using CrowdStrike Falcon Cloud Security for five years.

I would rate the stability of CrowdStrike Falcon Cloud Security ten out of ten. We have not received any complaints from our multiple customers related to stability.

I would rate the scalability of CrowdStrike Falcon Cloud Security ten out of ten.

While there may be delays due to time zones, the technical support itself is good.

Positive

In collaboration with a security partner, we work with several other OEMs, including Symantec, McAfee, and Trend Micro.

The initial deployment is straightforward.

We utilize several third-party deployment tools for our installations, including Microsoft GPO, SCCM, and solutions offered by other market OEMs. These tools allow us to deploy the CrowdStrike Falcon Agent across all endpoints. Before deployment, we confirm the absence of any existing antivirus software. If the customer is already employing legacy antivirus solutions, we typically configure Falcon prevention policies to operate in "monitor mode." This means Falcon will monitor for threats without actively interfering with the existing antivirus. We refrain from uninstalling the legacy software until it becomes necessary. Once uninstalled, the Falcon prevention mode is switched to "aggressive mode," enabling it to function as the primary antivirus on the endpoint. This approach ensures a smooth transition while safeguarding endpoint security.

I would rate CrowdStrike Falcon Cloud Security ten out of ten.

CrowdStrike Falcon Cloud Security is deployed in multiple locations and departments.

No maintenance is required.

CrowdStrike Falcon Cloud Security offers flexible integration with various third-party security products, including SIEM and proxy solutions. This capability significantly enhances our organization's overall security posture by facilitating seamless integration with existing tools via its robust API functionality.

We took this solution just for security purposes. We do not want someone to attack us, get into our environment, and get sensitive customer data.

It is good for security. We have a Palo Alto firewall, and we implemented CrowdStrike as an add-on feature. 

Cloud security is one valuable feature. Spotlight is the other one. There is also vulnerability management and a couple of more features.

The console and the customer service are quite bad. We paid a big amount of dollars to them to implement it. We paid them for premium support. 

It gets the work done, but the main problem with the solution is that if you remediate anything, it takes 45 days for you to get any of the features displayed on the dashboard. This is the real weakness of CrowdStrike. Their customer support is also not ready to help with it. If you remediate any cloud vulnerability that they are giving you, such as removing a host from your organization, it takes around 45 days for them to remove it from their console.

It has been around a year since I onboarded it in my company and have been using it.

It is stable.

It is scalable, but it depends on the organization's structure and how vast the environment is. Our environment is not that big, so scalability is okay. It is just that you need to deploy the sensors on the hosts.

I would rate their support a five out of ten because they do not respond. We have taken premium support with them. If we raise a case with them, it takes around two to three days to get a call scheduled with them. Even the TAM that we have got from them cannot help. If you go for any service from Google, Microsoft, or Amazon AWS, their TAM is always ready to help you with your queries, but in the case of CrowdStrike, the TAM says that you need to raise a support case, and they will help you out.

Neutral

I was not there in the organization at the time, so I do not know about it.

I lead a team of 18 people. I get it deployed on all of the EC2 instances through them.

Its initial setup was straightforward. It is very easy to use. 

For the whole organization, it took two weeks because we needed the downtime as well to deploy it in the production environment. 

In terms of maintenance, it does not require any maintenance from our side. 

There was some consulting from the CrowdStrike team. They did help us to implement it.

Overall, five or six people were assigned to deploy the solution. They were infra-support engineers. It was deployed across multiple locations.

I am not the one who handled the pricing. A different team worked on it, but it is pretty expensive.

We did our research and after that, we implemented CrowdStrike. Secureworks was there. There were some different players that gave us the quotation, but in terms of the features and the price, CrowdStrike was good. 

CrowdStrike offered us Spotlight, vulnerability management, and cloud solution management. There are different blades to it. We implemented it, and now it supports our environment. It is good.

To those evaluating this solution, I would say that it depends on their needs. If they need this product, they can go ahead and take it. It is straightforward, and it gets the job done.

I would rate it a seven out of ten.

I sell and resell CrowdStrike Falcon Cloud Security as part of my company's cybersecurity portfolio for endpoint detection platforms.

CrowdStrike Falcon Cloud Security assists in detecting malware and provides effective security solutions without the need for hardware servers, saving resources on infrastructure.

I find the easy installation process, quick detection capabilities, and the cloud-based console very useful for this solution.

CrowdStrike had a significant issue with Windows integration two months back. The pricing is very high and should be improved.

I have been working with and reselling CrowdStrike Falcon Cloud Security for five years.

CrowdStrike Falcon Cloud Security is very stable, and I would rate it at ten out of ten for stability.

CrowdStrike Falcon Cloud Security is scalable. I would rate its scalability as seven out of ten.

The technical support is very easy to reach and helpful; I would rate it as ten out of ten.

Positive

My company is an integrator, and I handle the deployment and implementation process personally.

The pricing of CrowdStrike Falcon Cloud Security is very high, and I would rate the current pricing as four out of ten.

I also work with Microsoft and ESET as part of my company's cybersecurity portfolio for endpoint detection platforms.

I recommend CrowdStrike Falcon Cloud Security because it provides excellent services for endpoint security and is very effective as a security solution.

I'd rate the solution nine out of ten.

I am a cybersecurity analyst, responsible for conducting log and user activity analysis, managing and escalating support tickets, and overseeing performance monitoring, phishing analysis, and incident response for the company's systems. We use CrowdStrike Falcon Cloud Security as our primary security tool.

We implemented CrowdStrike Falcon Cloud Security as our EDR, to instantly mitigate any potential threats to our IT infrastructure.

Every month, CrowdStrike provides us with training on new features and how to use them effectively. This helps my team and me improve our security skills.

The immediate mitigation of potential threats and instant alerts are valuable. 

CrowdStrike Falcon Cloud Security is expensive.

I have been using CrowdStrike Falcon Cloud Security for over three years.

I have not experienced stability issues in the time I have been using CrowdStrike Falcon Cloud Security.

I would rate the scalability of CrowdStrike Falcon Cloud Security a nine out of ten.

I have contacted technical support many times and they are always quick to respond and resolve my issues.

Positive

Previously, we relied on IBM QRadar for our security needs. However, we transitioned to CrowdStrike Falcon Cloud Security to achieve greater security capabilities and cost efficiency.

We used an integrator for the implementation.

As EDR solutions represent organizations' last line of defense against intrusions, CrowdStrike Falcon Cloud Security has been a worthwhile investment.

CrowdStrike Falcon Cloud Security is pricy.

I would rate CrowdStrike Falcon Cloud Security a nine out of ten.

I recommend CrowdStrike Falcon Cloud Security as a robust and effective EDR solution.