CrowdStrike Falcon Complete MDR Reviews

CrowdStrike Falcon Complete is our EDR solution. It has many modules including vulnerability management, discovery, account application, and assets

Compared to our previous security products, CrowdStrike offers greater efficiency with its various modules that provide full functionality. We've found it to be a helpful tool overall. However, there are some challenges depending on the specific use case and industry, such as finance or retail. This is likely because we're accustomed to our legacy products and CrowdStrike is still new, requiring a learning and testing phase for our team.

We implemented CrowdStrike Falcon Complete to replace the legacy solutions in our environment.

We are impressed with CrowdStrike Falcon Complete SLAs.

The most effective features for detecting and mitigating cyber threats are machine learning and behavior analytics which are well-versed.

CrowdStrike Falcon Complete significantly enhanced our overall security by minimizing false positives, eliminating the need for system restarts during or after deployment.

CrowdStrike Falcon Complete helps us detect and mitigate threats quickly through positive alerts and fast response times.

The management console is user-friendly.

All of the modules are good. The exposure management covers vulnerability management in discovery.  

We find CrowdStrike Falcon Complete to have a steeper learning curve when it is deployed in certain industries such as finance and retail.

I have been using CrowdStrike Falcon Complete for three years.

The technical support is good.

Positive

We were previously using legacy solutions and replaced them with CrowdStrike Falcon Complete because of the next-gen EDR capabilities it offered.

CrowdStrike Falcon offers superior support and technology, making it a better choice than our outdated legacy solutions.

I would rate CrowdStrike Falcon Complete eight out of ten.

CrowdStrike Falcon Complete provides clear and detailed documentation.

I use the solution for a lot of things. It has more visibility than core tech. For example, it's better the TSC scores and that any integration visibility with Zscalar.

The solution helps to provide a better security posture. 

The solution provides more visibility than Zscaler.

There's more security. It provides enhanced security with integration capabilities with third-party tools. 

The threat detection and response are easy. If you have a subscription for the Falcon Consultant Complete sublicense, then they will take care of your MDL service. They will assign their team to it, and they will manage your incident detection and monitoring. CrowdStrike will take care of it via its own expertise so you don't have to overload your existing resources. 

It helps improve our security posture by integrating with web security, email security, and other forms of security. There are also a lot of third-party tools. You have the opportunity for more alerts and security. CrowdStrike shares information with third-party tools that really help with visibility.

The solution is constantly being updated. 

I've been satisfied with the interface. 

We'd like to see the option for an uninstall feature directly on the cloud. It's a tokenless install; however, you should have a token while installing and uninstalling. 

The installation could always be a bit easier. You need to install it manually at the endpoint. 

I've used the solution for a year. 

The stability is very good. I have not witnessed any downtime. 

This is a cloud-based solution, You can easily scale it. 

Technical support has been very good. They are very helpful. It's a strong point for the product.

Positive

I have also used different solutions. For example, I have used Cortex.

The initial setup is very straightforward. It was a simple process.

I'm a technical engineer and don't have visibility on the pricing. However, it can be a bit lower than other options. 

I'd rate the solution 8 out of 10. I can completely rely on CrowdStrike. 

We are using CrowdStrike Falcon Complete. We are using the managed service program, where they do proactive monitoring.

My usage usually includes logging in and looking at the dashboard for any anomalies or anything I need to know and responding to any severity alerts in red, yellow, or green. 

They actively stopped someone scanning our network and found vulnerabilities that we did not know. They were put to the test quickly. Pretty much after we signed the contract, they were responding to something at 1:30 in the morning.

It went live in Q4 when we acquired a hospital. I cannot even tell how many patches were down. CrowdStrike did a vulnerability scan, and as they were doing the scan, they caught a bad actor. We finalized everything at 5 PM, and at 1:30 in the morning, they caught someone.

I am not a CrowdStrike fanboy, but as an IT leader, they make my life easy. I like proactive monitoring and remediation, so I do not have to guess or run around. They are doing everything for me. Secondly, what sold the CEO on it was the insurance policy. After they do a clean slate, they are willing to issue an insurance policy for cybersecurity. They are doing something that nobody else does. Outside the technical piece, they are talking the talk and walking the walk of issuing your policy once they certify that you are fine. They issue a cybersecurity policy once they certify your environment has a clean bill of health and data protection.

Their proactive monitoring has been the most effective in stopping cyber threats. There is only so much you can do when you are in the office. There are only so many tools that you can buy that can help you. You can say what you want, but all the tools for IT are more reactive. They are not proactive. Somebody has to be on the front line.

I love their dashboards. It was more or less a paradigm shift in 2020, but now I am used to it. It was a paradigm shift because it went away from the norm.

The biggest thing is to scan into your Office 365 environment, not from a cloud access security broker standpoint, but from the Secure Access Security Edge standpoint in protecting the Copilot ecosystem. Copilot has become more widely popular than I could have imagined. You need to back up and protect your Office 365 tools anyway, and Copilot is just a high sense of awareness.

We have been using CrowdStrike Falcon Complete since November 2021. 

Over the last couple of years, I have seen how they have grown. I am happy with their evolution.

I love the team. They have a fine balance of technical and service. It is a very good thing. I would rate them a nine out of ten because everybody has room to improve.

Positive

The reason for going for CrowdStrike Falcon Complete was simple. A managed service provider was compromised. We were compromised because an attack came through our managed service provider, and the fine print of their contract said that they are not responsible for any threats that happen.

It is a cloud solution. The endpoints are installed on each computer, but everything else is through CrowdStrike's Cloud Platform.

The installation was a paradigm shift because we moved away from the endpoint protection piece, and we were open and saw how the world has evolved where we got to have different connectors. It was just a paradigm shift of how far we have come or how much we have to do to make sure we are secure.

From start to finish, it took up to eight weeks because there were a couple of things that we missed or and they were looking for best practices. 

We did not have the skill set to implement it on our own. We worked directly with CDW and CrowdStrike.

Three other people and I were involved in its deployment, so we had four people. From CDW and CrowdStrike, that was a team. It was like the Justice League. There were 12 people.

In terms of maintenance, you need to do what you are supposed to do. When you do not follow their playbook, you open yourself to problems. They tell you how to install and configure an endpoint. For the admin piece of it, there are reporting tools and proactive services, but you have to be open. If they are going to take the security piece off you, you have got to give them the keys to the car. You have to understand that if they are going to do this, you need to get out of the way and let them do what they do best.

If you are looking from an IT standpoint, you get what you pay for. There is proactive monitoring in addition to the insurance policy. They do that better than others. Would you like it cheaper? Yes, but at what cost?

At that time, Palo Alto was not at their level. SentinelOne was always trying, but back then, the company that was backing SentinelOne was compromised itself. If you cannot protect yourself, why would I trust you to protect my environment?

Open your mind. Understand that what you thought you knew may not be good enough. It is not a knock on you. You are now just getting professionals who do it better than what you possibly could do internally. Keep an open mind, but understand that they are the experts and industry leaders for reasons.

What a lot of clients do not take advantage of is the monthly calls where you can see what is coming down the pipe or have the best practice of using the product, and then keep the staff up to speed. You can work with their client success manager to look at your particular setup and what you can do to finetune the product. You can work with them for any anomalies or something that does not make sense.

Everybody has room to improve, but this one is different. I have to give it a ten out of ten.

We are partners with CrowdStrike and implement CrowdStrike Falcon Complete for all our customers to help protect their environments against breaches and cyber incidents.

Our customers are switching to CrowdStrike Falcon Complete for several reasons. First, their current antivirus solutions are up for renewal. Second, they lack EDR capabilities, which limits their visibility into their security posture. This lack of visibility is a major challenge for them. Finally, they are seeking proactive threat hunting, a service their current Security Operations Center provider doesn't offer. Instead, they receive an unmanaged threat-hunting service, which they find inadequate.

CrowdStrike's Falcon Complete service simplifies endpoint security by using a single sensor we install on our devices. Once installed, CrowdStrike's managed services take care of everything, including monitoring, threat detection, remediation, and alert management. Our customers only need to handle adding new users or groups.

CrowdStrike Falcon Complete improves our ability to respond to and remediate cyber threats.

CrowdStrike Falcon Complete boasts AI-powered analytics that hold significant promise. While I haven't used it personally, we'll be implementing it with a few clients. Once their quarterly reviews are completed, we should gain valuable feedback. The generative AI capabilities seem comprehensive, which is positive for our needs.

The real-time threat-hunting capabilities stand out for us.

Falcon Complete incident response feature works in the background where a team at the threat center reviews the detections and automatically remediates the threats.

We're continually evolving our cybersecurity posture, and Falcon Complete has significantly improved our response time to cyber threats.

We don't have an in-house SOC team so Falcon Complete has been crucial in helping with threat detection and resolution.

Overwatch is the most valuable feature of CrowdStrike Falcon Complete.

Threat hunting is the most valuable feature for strengthening our cybersecurity posture.

I would like to see CrowdStrike Falcon Complete XDR integrate more effectively with other technologies. 

I have been using CrowdStrike Falcon Complete for a few months.

CrowdStrike Falcon Complete is extremely stable.

I would rate the scalability of CrowdStrike Falcon Complete ten out of ten.

The technical support is excellent.

Positive

Before our partnership with CrowdStrike, we offered Trend Micro, McAfee, and Symantec products. We transitioned to CrowdStrike Falcon Complete due to its ideal alignment with our customer needs and its inclusion of threat hunting and cyber insurance within the service package.

The initial deployment is straightforward. We integrated with ADR in SCCM and pushed all the software agents on all the machines. The deployment required two people.

We have seen a return on investment with CrowdStrike Falcon Complete.

I would rate CrowdStrike Falcon Complete ten out of ten.

CrowdStrike Falcon Complete is a managed service so it does not require maintenance from our end.

I recommend CrowdStrike Falcon Complete to others.

We use Falcon to protect the overall environment, including the client and the servers.

We've seen a tremendous improvement since implementing CrowdStrike Falcon. In the past few years, we were exposed to 30 different attacks, but now our environment is completely monitored, and everything is detected. It catches threats and attacks before they occur. We get more visibility across the environments than we've ever had before. When malicious activities are happening, we see the notifications immediately. It's a huge improvement over the response time of our previous solution.

We like the SOC teams that support the service. CrowdStrike has a huge SOC team that responds immediately when they discover any incident or risk in the environment. They conduct the forensic behind the tool, coordinating with our in-house team. 

We get an immediate response to threats and reporting about whatever actions are taken across the entire organization and the environment. Each system is reporting to CrowdStrike what happened behind the scenes. They have an impressive tool for monitoring and discovering what happens in every part of our systems.

I think the overall user experience for the operations team could be improved. The dashboard could be more effective, like Microsoft Defender. Microsoft worked on refining the user experience. The security monitoring tools could be simpler and more user-friendly. Integration with the application layer might be another area for improvement. 

We have used CrowdStrike Falcon for nearly a year.

A good indicator of the product's stability is the stability of the environment itself. The product is highly stable. 

We haven't expanded it, so I don't know what would happen if we tried. 

I rate CrowdStrike support 10 out of 10. They have a perfect support team. When we're working with technical support, it's like you are talking into a community, not just one person talking to you about incidents. You have a community supporting you.

Positive

We previously used Trend Micro Apex One. There were too many threats in our environment that went undetected, so we saw little value from Trend Micro. 

The portal is on the cloud, but there are on-prem agents. The deployment required about four or five people. It was straightforward and took about a week to cover all environments. Around three or four people are needed for maintenance. 

Although it's an expensive solution, we see a return because security is the top priority.

I don't know the details of the licensing, but Falcon Complete one of the most expensive solutions we have right now.

We looked at a few products, including Microsoft Defender. It's a good player in the game, and we believe Defender will be the next stage.

I rate CrowdStrike Falcon Complete 10 out of 10. I would recommend Falcon Complete to others. To those planning to implement Falcon Complete, I recommend cleaning the environment before installing the new product. You need to ensure every tool that was installed on the machines is removed.

Our customers use it, but we deliver the services. We use it for advanced endpoint protection capabilities and threat-hunting capabilities. We use it for data lakes and repositories to reduce the cost and computational efforts for submitting or uploading in the cloud.

By implementing CrowdStrike Falcon Complete, we wanted to improve the visibility of our operators, analysts, and engineers. We wanted to be more efficient in our operations. Instead of finding information themselves, they can use the platform to find the information automatically.

Its benefits can be seen from the beginning. It is super easy in terms of deployment, and it works perfectly with the human resources and the stack of technologies that our clients have.

Partner support is beneficial. They are a trusted partner. They plan to continue in the market by themselves. They are not expecting somebody to purchase them. It helps to build confidence with the clients, and we can trust that nothing will change in that aspect.

They continue to improve their threat-hunting capabilities, which is important for me because there are more and more advanced threats, such as zero-day attacks. If we combine these threat-hunting capabilities with endpoint detection, we have an extra layer of response. It is super strong for us. We have different agents: one for detection and monitoring and the other one for the preventing aspect, which means threat hunting and response. I can combine the telemetry for threat hunting and monitoring and respond properly.

They are working hard to continue and enhance their labs for identifying new threats and malware. They are continuously labeling them with fancy names for marketing, but they are super helpful and useful because malware and attacks are labeled as per what is happening in specific industries or at specific locations. They give you an overall idea about what is going on not only in your country but also all over the world, and more specifically, in the industry you are working with.

The team of Falcon Complete works around the clock and does monitoring around the clock. It is quite good because it is a solution that combines monitoring and response, and at the same time, it labels all the threats in the world. They are super helpful in managing the threat exposure that companies face on a daily basis. 

The continuous improvement in detections and response times is valuable. They are more focused on threats that come from the cloud, not only that we see. Five or six years ago, we were just focusing on the infrastructure. They, for sure, have better coverage for the supply chain devices or assets that are in the environment of the clients. We have better coverage of third-party vendors, and we have more visibility and more interactions with those third-party vendor solutions.

Some features can be enhanced or improved. For example, there can be more integration capabilities.

There can be an application for the mobile device for the administrator of the platform to have an overview. In less than two minutes, they should be able to see what is going on and take action. Having an overview in a mobile phone would be super helpful for the administrators because everybody has a mobile phone nowadays.

I have been working with CrowdStrike Falcon Complete for four years.

It is stable. It is 90% compliant with what they promised.

It is scalable.

Their support is quite good. I would rate them a seven out of ten. They can add better resources or more resources locally.

Neutral

I am not involved in its deployment, but it can be deployed on-premises and on the cloud. The cloud provider depends on the client's preference. We do not have any issues.

It is expensive, but looking at the capabilities that it brings, it is reasonable.

There are no additional costs to the licensing costs. If you increase the number of licenses, support is included.

I would rate CrowdStrike Falcon Complete an eight out of ten.

We wanted a very high level of endpoint protection and intrusion detection. Based on all the reviews, you have a bunch of products out there to choose from. One differentiator of CrowdStrike is that it's nearly what I would call zero-touch on the workstation. You don't have to worry about upgrades and all that. Then, when something suspicious is detected, the CrowdStrike team investigates that for us. It's part of the service that we purchased from them. Basically, we use the solution for security.

Basically, from an overall management perspective of the devices, you really only install the sensor once, and then you set up policies on the portal to say, okay, we want to stay on the N minus one version of the sensor. If there's an update that's required, the portal pushes it to the workstation. It makes everything very easy and doesn't require any touch.

It's mainly the next-generation antivirus that we are leveraging.

In the traditional antivirus, like McAfee, for example, you'd have to maintain signature files and all that on the workstation. We don't have to do that. On top of that, the footprint on the workstation is nearly zero.

One unique thing that they offer is a breach warranty. We basically have a warranty of up to $100,000 should there be any breach that they're not able to manage.

The downside is that if you are using a device offline, not connected to the internet, you will potentially have exposure. Intrusion detection and endpoint protection is all driven using the internet. You have to be connected. If you're not connected, basically, unlike some antivirus software packages, if you introduce something, let's say through a USB port, and you are not online, you have potential exposure.

I'd like to see a capability where the solution can do offline intrusion detection if needed. For example, if you have offline workstations or devices, then there's new data introduced into the device using, I guess, portable data devices. If there was a way to detect that while the device was not connected, that would be great.

It's not a major concern for us since 100% of the time, our devices are connected to the internet because most of our business applications are using cloud-based applications.

The pricing can look expensive.

We started using the solution in April or May of this year. It's only been a few months. 

It's stable. So far, so good. I've not had any issues around it in terms of impacting usage, et cetera. It's pretty transparent to us.

It's pretty scalable. I've talked to some users from huge companies, Fortune 500 companies, so I know that it's scalable.

We don't really have any users for it. It's pretty much myself and one other person who just monitors the portal, and that's about it. In terms of devices, we have 100 to 150 devices. 

We intend to explore the other capabilities of what the sensor can provide us. However, right now, we're just focused on antivirus and intrusion detection. That's about it. 

The intent is obviously to deploy. Every time we have new devices, et cetera, we just deploy this and go.

Support is pretty transparent for me. We've had probably five or six incidents, and they were minor, however, then those are handled by the CrowdStrike team. 

They would notify me if I needed to take action on my side. So far, they are good. I haven't needed to take any drastic action, like shutting down the device and all that.

We had decentralized solutions. They were mainly workstation-based and was McAfee. We went to a centralized solution so that it can be centrally managed.

The setup is pretty straightforward. We started out with a lot of effort since we didn't have managed devices when we installed it. We didn't have a device management system in place for Windows, so we had to install it at each workstation. 

The deployment probably took us a week. We had to install the sensors manually. However, the installation process is very straightforward. It takes less than five minutes.

In terms of maintenance, it's all maintained on the CrowdStrike side.

We did the initial setup ourselves in-house.

There's potentially really no ROI. It addresses an area of risk. That is all. You're putting the investment in the service as a kind of insurance against cyber attacks, data breaches, et cetera.

We have a subscription. 

The cost, the overall cost of the service, is something that could be improved. If you compare it to other antivirus systems, it'll seem more expensive as there's one piece that people overlook - you have a technical team monitoring for you behind the scenes.

The cost is approximately $35,000 to $40,000 a year. It covers up to 300 devices and 300 Windows or Mac OS devices, and about 150 mobile devices. There are no additional costs beyond the main fee. It's all paid on an annual lease. 

We looked at Microsoft Defender, McAfee, Norton, and two other solutions, however, this one came up on top. The only downside is the overall cost when you compare it to the competition.

We are customers and end-users.

I'm not sure which version of the solution we're using. Typically, we set ourselves to N minus one. We're typically one version behind the most current.

I'd warn potential new users that they have to look at the total cost of ownership. One item that's overlooked is when you get an antivirus or a security product, you will need experts to manage and maintain it. CrowdStrike basically provides you with the software solution and the technical support behind it. If you basically add up all those things, it'll probably be on a total cost basis; it'll be reasonable.

I'd rate the solution nine out of ten.

The solution did a good job of preventing ransomware. It is used for behavioral analysis. For instance, if something appears to be suspicious then the solution blocks it.

If someone is using the old Microsoft Office and the system is not updated then CrowdStrike takes action on behalf of the operating system. So it is not only going above the application level but also the operating system level.

The analysis of the investigation of the incident could be easier. Offline scanning can be included in the next release. 

Moreover, Crowdstrike should think about making the price cheaper.

I have been using it for one year.

It is a stable solution.

The solution is scalable. Presently, in the company, there are three hundred users, and in the group, there are one thousand users.

The technical support team is in the middle range and not very good. We have a dedicated team from CrowdStrike working for us; it is called the watch service. 

We also subscribe to EDR Plus watch service. So we have a team from CrowdStrike always monitoring things before it happens.

Previously, I used Carbon Black EDR for three years, and I was a very happy user, but their technical support was not very relevant, so I switched.

The initial setup was straightforward. The deployment took around two weeks. We have only one engineer helping with the deployment.

There has been a Return on Investment. We have been working with two incidents, and the support team was really helpful from their side.

We need to pay a yearly subscription fee, which is expensive compared to others.

Anyone using CrowdStrike should ensure that they have the watch service. Though I do not remember the name of the service, it says Crowdstrike engineers are also monitoring.

I rate the solution a nine out of ten.