CrowdStrike Falcon Complete MDR Reviews

Falcon is a threat intelligence platform. In cybersecurity, there's always a chance you'll get breached and gaps that need to be addressed, but you'll never know unless there is a threat seeking to exploit that particular weakness. Most use cases for Falcon will be directly ingested into our Siemens server. The total number of users on the solution is around 1,500.

Falcon's threat intel is strong, and the solution allows our customers to automate their site intelligence. We can integrate Falcon X with the other platforms we use, like FireEye, Insight, Cybertech, and Kaspersky. 

The threat intelligence comes from Falcon X and goes directly into the SIEM and SOAR. That provides us valuable feedback for the use cases being used. If my analyst wants to check suspicious or malicious activities, they get the maximum information from Falcon X about URLs, IPs, domains, hashes, etc.

I would love for the threat intelligence part to be more globalized to provide a tailored response to types of malware and ransomware that are trending in other regions. 

For example, they can add a feature to tell us that there are separate attacks in South Asia or East Asia occurring at these times, so we can supply those things to our environment and protect ourselves.

We've been using Crowdstrike Falcon Complete for almost a year.

Falcon is easy to scale.

I rate CrowdStrike support eight out of 10. Overall, the customer service is excellent, and the backend teams are highly responsive. We have a good relationship with CrowdStrike.  The sales, technical, backend, and R&D teams work closely with the customers.

Positive

Falcon X is a cloud-based subscription model, so you just need an account from CrowdStrike. You can log in and set it up in 5 to 10 minutes. It ultimately on how well you understand the technology. If you're familiar with the technology, it's straightforward, but you might find it complicated if this is your first time using it.

There's a lot of information and options in front of you. If you don't know where you have to go for specific information, you'll think it's complicated. The amount of maintenance depends on whether there's a particular update or batch on the back end. 

The licenses for both Carbon Black and Crowdstrike are expensive, but it depends on how the vendors scale the price and negotiate with the customer. So if you have a customer with 7,000 users, the vendor will offer them a low price per user to get them on board. If you have a few hundred users, the price will be a little bit more.

There's a huge price difference at various scales. I was surprised that the license for a hundred users went as high as $120 per user, whereas the same product might cost $30 for 6,000 users.

I haven't worked on the backend part of Carbon Black, so it's hard for me to compare both products. We're using the EDR for Carbon Black with CrowdStrike's threat intelligence. 

Carbon Black is an impressive tool for analysis because it provides in-depth information and a complete triage file for the analysts. In the CrowdStrike, you have some sort of limited information and for the in-depth information you need to take it, Carbon Black provides that particular thing on the first view.

I rate CrowdStrike Falcon Complete nine out of 10. Before you deploy the product, you need to do research, understand the capabilities, and assess your requirements. You should know what you need before you purchase something. It's not like buying jeans, where you can get another pair if you're not satisfied. You should be certain that it fits your requirement.

Budgets are always a challenge in the security field because every CEO or company owner thinks IT security is a burden. It doesn't generate profit, and the company needs to spend money on products and services. You might not go for the best product if you have budgetary constraints.

Our company uses the solution for our exchange servers, key directory servers, and radio servers.

We currently have three users but may expend in the future depending on strategy and budget.

The endpoint detection and response is very valuable.

The solution should be lighter because it currently uses a lot of computing sources.

I have been using the solution for six months.

The solution is definitely stable so stability is rated a nine out of ten.

The solution is definitely scalable so scalability is rated a ten out of ten.

We contacted technical support once and there was a delay from that SOC center. We haven't contacted support again.

We previously used McAfee but were facing a RAV somewhere in a couple of servers.

The pricing is a little bit expensive for our region.

It is not expensive to get implementation assistance from partners.

Our company is a dealer for Trend Micro so we are more focused on their products.

I can't compare the solution's features to Trend Micro because I can't get them to work in the same environment.

I recommend using the solution. Nowadays, there is a cyber warfare so a bit of protection is important. I rate the solution an eight out of ten.

When work-from-home scenarios started in March 2020, during the pandemic, in the month of April, we were actually going through some POCs and had one ransomware attack on one of the client sites. We had to deploy the solution immediately, which actually helped us find out or not how it worked. Proactively, we could identify some threats in the environment and act on them. We were virtually identifying items and getting notifications, as well as seeing the availability of the intra. That was very helpful for the entire team.

The solution is very nice. It's got multiple products for multiple features and enabled multiple settings, which helped my team and the organization is also in a way better way. Since it was lockdown the last two years, when the entire organization went to working from a remote location, the earlier solutions, what we had, were of no use. We were most concerned about security over the cloud. Carbon Black has helped us handle that.

Before we used to support multiple clients. We had to have some connectivity to the client's environment via Citrix or something. To access any of our solutions was a challenge when most of them were on-prem. Those were challenges for all of us. Now, most of the world has gone to the cloud. That actually helped us. Obviously, CrowdStrike was a different experience altogether.

I personally work on advanced threat hunting and identifying possible malicious activity or the possible threat in our environment which is getting easier earlier. Symantec Engine Protection, for example, gives you known reactive reports where you get stuff from either SIM or some soft team to help us on finding out probably the path for the attack. However, CrowdStrike is better at hunting threats and catching them early.

There's less workload on the Endpoint. After moving to CrowdStrike we never have this issue of systems getting overutilized by any of the security tools. That was one of the biggest advantages for it.

CrowdStrike has multiple parameters of components in the same console, which includes your vulnerability scanning. It has access to, or rather, we can integrate with, our existing SIM technology or SIM tool. The information that gets passed on the SIM control, the soft tool data site or any other tool is very limited. I had to actually provide the control access to my soft team so that they could drill down if needed.

The information was get passed on from Falcon control to CrowdStrike and it was very limited. It was acting as more of an alert only. For any further deep-dive analysis, we had to log in on the console itself. 

CrowdStrike has multiple parameters. For example, my vulnerability scanning team is a separate team who works on different tools altogether. If I need to give them access to my console I just need to provide them read-only access or kind of an admin access for VA scanning.

I had to make some customized access that can be provided to different teams on the same console. As a VA team member, if I login to the console with my credential I should be able to see the things which I am working upon. I don't need to see all other tile stack tabs. I should be able to provide some kind of customized access or other kind of access control for the console.

Microsoft Defender has one good option which is called the ASR rule. It basically allows the machines to be onboarded to different consoles, which analyzes the process of it and summarizes it in a single console. Obviously, the number of incidents of the event are very huge. It takes about a month or so to evaluate. However, after the evaluation completes, you can actually fine-tune what should not be present in your automation. Which you can set up and get rid of it. It would be nice if this product had something similar. 

I've used the solution for two years.

The stability is very good. It does not have any kind of payload on the endpoint, and we don't need to compromise with system performance. The legacy tools used to have this agent needed to be deployed and consumed a lot of system resources. In terms of performance, this tool was an improvement on the legacy.  The capabilities of CrowdStrike as a tool are fantastic.

We are working with about 18,000 endpoints and about 2,000 servers.

The scalability was really good. It covers most of the recent operating systems I would say in India, although most of our customers are using Microsoft operating systems only. In terms of my international clients who have different operating systems, including Mac, Linux, or Unix, this works. CrowdStrike has the maximum availability for all possible and the latest operating systems. With other tools. we didn't have that level of flexibility.

Technical support was fantastic, however, frankly speaking, we barely had a chance to get in touch with the technical support as CrowdStrike has a fantastic health portal within that console. There were a couple of scenarios where we went to them as some kind of alert that CrowdStrike was publishing it to the customer only. They had some specific name for those alerts. Those used to get sent to the customer's end only. Being automation as security, CrowdStrike has a policy to provide the information only to the registered customers only. Obviously, the licenses are issued to the customer. However, the licensing policy was limited in that we were kind of a vendor, or rather, a mediator between the customer and the OEM and we fell through the cracks. 

I would say in my earlier solution, we used to just provide the license number. If the license number were verified, we would get all types of support. 

Overall, the support team was really good. They are more capable of understanding the other challenges and would then provide the solution.

Mostly, we were providing all the technical support to the customer. The licenses were installed with the customer's name. We were slightly lacking as the details that OEM was providing were direct to the customer and we were being skipped. At the same time, we used to struggle to get the details and updates or more input from the OEM from CrowdStrike. 

Positive

We moved from Symantec Endpoint to CrowdStrike.

The initial setup was slightly complex although it's an easier solution. It took us about a month to understand the entire process of the console.

Within a month we were able to train our members to a certain level and within a six-month span, all members actually became familiar for the technology.

We had some challenges from the client environment as well. That was expected as we were ruling out Symantec as well at the time. Concurrently, we were moving out of Symantec and deploying through the CrowdStrike agent. We were also doing the policy fine-tuning, which took a slightly longer time as the customer had their own developed applications and tools for finding their hashes. We added features like device control, app control. Those parts took slightly longer, however, it was still quicker than the legacy solution.

We have two people available to handle maintenance. 

The deployment was handled by my technical team only. Internally, we had eight team members deploying it. They were using a big fix as a deployment tool to deploy this agent on all the clients. I was leading the admin part of CrowdStrike. We had to involve the patch management team who could push a particular script on all the endpoints to onboard them. Most of the endpoints were working remotely and luckily we fixed everything there in the cloud which was making our life easier for onboarding scripts on the client.

I'd rate the solution nine out of ten. 

We are partners with CrowdStrike and implement CrowdStrike Falcon Complete for all our customers to help protect their environments against breaches and cyber incidents.

Our customers are switching to CrowdStrike Falcon Complete for several reasons. First, their current antivirus solutions are up for renewal. Second, they lack EDR capabilities, which limits their visibility into their security posture. This lack of visibility is a major challenge for them. Finally, they are seeking proactive threat hunting, a service their current Security Operations Center provider doesn't offer. Instead, they receive an unmanaged threat-hunting service, which they find inadequate.

CrowdStrike's Falcon Complete service simplifies endpoint security by using a single sensor we install on our devices. Once installed, CrowdStrike's managed services take care of everything, including monitoring, threat detection, remediation, and alert management. Our customers only need to handle adding new users or groups.

CrowdStrike Falcon Complete improves our ability to respond to and remediate cyber threats.

CrowdStrike Falcon Complete boasts AI-powered analytics that hold significant promise. While I haven't used it personally, we'll be implementing it with a few clients. Once their quarterly reviews are completed, we should gain valuable feedback. The generative AI capabilities seem comprehensive, which is positive for our needs.

The real-time threat-hunting capabilities stand out for us.

Falcon Complete incident response feature works in the background where a team at the threat center reviews the detections and automatically remediates the threats.

We're continually evolving our cybersecurity posture, and Falcon Complete has significantly improved our response time to cyber threats.

We don't have an in-house SOC team so Falcon Complete has been crucial in helping with threat detection and resolution.

Overwatch is the most valuable feature of CrowdStrike Falcon Complete.

Threat hunting is the most valuable feature for strengthening our cybersecurity posture.

I would like to see CrowdStrike Falcon Complete XDR integrate more effectively with other technologies. 

I have been using CrowdStrike Falcon Complete for a few months.

CrowdStrike Falcon Complete is extremely stable.

I would rate the scalability of CrowdStrike Falcon Complete ten out of ten.

The technical support is excellent.

Positive

Before our partnership with CrowdStrike, we offered Trend Micro, McAfee, and Symantec products. We transitioned to CrowdStrike Falcon Complete due to its ideal alignment with our customer needs and its inclusion of threat hunting and cyber insurance within the service package.

The initial deployment is straightforward. We integrated with ADR in SCCM and pushed all the software agents on all the machines. The deployment required two people.

We have seen a return on investment with CrowdStrike Falcon Complete.

I would rate CrowdStrike Falcon Complete ten out of ten.

CrowdStrike Falcon Complete is a managed service so it does not require maintenance from our end.

I recommend CrowdStrike Falcon Complete to others.

I use the solution for a lot of things. It has more visibility than core tech. For example, it's better the TSC scores and that any integration visibility with Zscalar.

The solution helps to provide a better security posture. 

The solution provides more visibility than Zscaler.

There's more security. It provides enhanced security with integration capabilities with third-party tools. 

The threat detection and response are easy. If you have a subscription for the Falcon Consultant Complete sublicense, then they will take care of your MDL service. They will assign their team to it, and they will manage your incident detection and monitoring. CrowdStrike will take care of it via its own expertise so you don't have to overload your existing resources. 

It helps improve our security posture by integrating with web security, email security, and other forms of security. There are also a lot of third-party tools. You have the opportunity for more alerts and security. CrowdStrike shares information with third-party tools that really help with visibility.

The solution is constantly being updated. 

I've been satisfied with the interface. 

We'd like to see the option for an uninstall feature directly on the cloud. It's a tokenless install; however, you should have a token while installing and uninstalling. 

The installation could always be a bit easier. You need to install it manually at the endpoint. 

I've used the solution for a year. 

The stability is very good. I have not witnessed any downtime. 

This is a cloud-based solution, You can easily scale it. 

Technical support has been very good. They are very helpful. It's a strong point for the product.

Positive

I have also used different solutions. For example, I have used Cortex.

The initial setup is very straightforward. It was a simple process.

I'm a technical engineer and don't have visibility on the pricing. However, it can be a bit lower than other options. 

I'd rate the solution 8 out of 10. I can completely rely on CrowdStrike. 

Our customers use it, but we deliver the services. We use it for advanced endpoint protection capabilities and threat-hunting capabilities. We use it for data lakes and repositories to reduce the cost and computational efforts for submitting or uploading in the cloud.

By implementing CrowdStrike Falcon Complete, we wanted to improve the visibility of our operators, analysts, and engineers. We wanted to be more efficient in our operations. Instead of finding information themselves, they can use the platform to find the information automatically.

Its benefits can be seen from the beginning. It is super easy in terms of deployment, and it works perfectly with the human resources and the stack of technologies that our clients have.

Partner support is beneficial. They are a trusted partner. They plan to continue in the market by themselves. They are not expecting somebody to purchase them. It helps to build confidence with the clients, and we can trust that nothing will change in that aspect.

They continue to improve their threat-hunting capabilities, which is important for me because there are more and more advanced threats, such as zero-day attacks. If we combine these threat-hunting capabilities with endpoint detection, we have an extra layer of response. It is super strong for us. We have different agents: one for detection and monitoring and the other one for the preventing aspect, which means threat hunting and response. I can combine the telemetry for threat hunting and monitoring and respond properly.

They are working hard to continue and enhance their labs for identifying new threats and malware. They are continuously labeling them with fancy names for marketing, but they are super helpful and useful because malware and attacks are labeled as per what is happening in specific industries or at specific locations. They give you an overall idea about what is going on not only in your country but also all over the world, and more specifically, in the industry you are working with.

The team of Falcon Complete works around the clock and does monitoring around the clock. It is quite good because it is a solution that combines monitoring and response, and at the same time, it labels all the threats in the world. They are super helpful in managing the threat exposure that companies face on a daily basis. 

The continuous improvement in detections and response times is valuable. They are more focused on threats that come from the cloud, not only that we see. Five or six years ago, we were just focusing on the infrastructure. They, for sure, have better coverage for the supply chain devices or assets that are in the environment of the clients. We have better coverage of third-party vendors, and we have more visibility and more interactions with those third-party vendor solutions.

Some features can be enhanced or improved. For example, there can be more integration capabilities.

There can be an application for the mobile device for the administrator of the platform to have an overview. In less than two minutes, they should be able to see what is going on and take action. Having an overview in a mobile phone would be super helpful for the administrators because everybody has a mobile phone nowadays.

I have been working with CrowdStrike Falcon Complete for four years.

It is stable. It is 90% compliant with what they promised.

It is scalable.

Their support is quite good. I would rate them a seven out of ten. They can add better resources or more resources locally.

Neutral

I am not involved in its deployment, but it can be deployed on-premises and on the cloud. The cloud provider depends on the client's preference. We do not have any issues.

It is expensive, but looking at the capabilities that it brings, it is reasonable.

There are no additional costs to the licensing costs. If you increase the number of licenses, support is included.

I would rate CrowdStrike Falcon Complete an eight out of ten.

CrowdStrike Falcon Complete is our EDR solution. It has many modules including vulnerability management, discovery, account application, and assets

Compared to our previous security products, CrowdStrike offers greater efficiency with its various modules that provide full functionality. We've found it to be a helpful tool overall. However, there are some challenges depending on the specific use case and industry, such as finance or retail. This is likely because we're accustomed to our legacy products and CrowdStrike is still new, requiring a learning and testing phase for our team.

We implemented CrowdStrike Falcon Complete to replace the legacy solutions in our environment.

We are impressed with CrowdStrike Falcon Complete SLAs.

The most effective features for detecting and mitigating cyber threats are machine learning and behavior analytics which are well-versed.

CrowdStrike Falcon Complete significantly enhanced our overall security by minimizing false positives, eliminating the need for system restarts during or after deployment.

CrowdStrike Falcon Complete helps us detect and mitigate threats quickly through positive alerts and fast response times.

The management console is user-friendly.

All of the modules are good. The exposure management covers vulnerability management in discovery.  

We find CrowdStrike Falcon Complete to have a steeper learning curve when it is deployed in certain industries such as finance and retail.

I have been using CrowdStrike Falcon Complete for three years.

The technical support is good.

Positive

We were previously using legacy solutions and replaced them with CrowdStrike Falcon Complete because of the next-gen EDR capabilities it offered.

CrowdStrike Falcon offers superior support and technology, making it a better choice than our outdated legacy solutions.

I would rate CrowdStrike Falcon Complete eight out of ten.

CrowdStrike Falcon Complete provides clear and detailed documentation.

The most valuable features of CrowdStrike Falcon Complete are the modern and intuitive capabilities, and because it is cloud-based it is much easier to adopt and roll out to the environment.

I have been using CrowdStrike Falcon Complete for approximately one year.

CrowdStrike Falcon Complete is a stable solution.

The scalability of CrowdStrike Falcon Complete is good.

We have approximately 1,000 users using this solution in my company. We have plans to increase our usage.

The support is good from CrowdStrike Falcon Complete. We call them and we have a response immediately. They could improve by increasing their knowledge.

I rate the support from CrowdStrike Falcon Complete a four out of five.

Previously used Symantec Endpoint Protection. We switched to CrowdStrike Falcon Complete because we had a lot of real threats that passed through the antivirus and at the same time, we were not getting the right technical support from Symantec.

The setup of CrowdStrike Falcon Complete was easy. We have not yet completed the full implementation, it is still ongoing and we hope to finish it in two to three months. 

We had some initial proof of concept and did it on test PCs and test servers. We are moving it into production. We are doing small steps every week.

We had support from CrowdStrike Falcon Complete available during the implementation.

I rate CrowdStrike Falcon Complete an eight out of ten.