CrowdStrike Falcon Complete MDR Reviews

We primarily use the solution for endpoint security. It is a very important aspect of security for us as the threat landscape is growing. There constantly needs to be better monitors of the activity on the endpoints and windows server. That's the main driver behind using this solution.

The AI and the group knowledge base that they get from having multiple clients in the cloud is very useful to us. It helps keep us safe from attacks as it allows them to apply a broader knowledge base to our protection for our company.

The solution doesn't actually scan desktops. They prevent execution and they do a very, very, very good job at that. However, if there is malware, et cetera, on an endpoint, there's not a scan feature to simply remove it. You have to go in and clean the registry and do the other stuff yourself. It would be ideal if there was some sort of scanning functionality built-in.

The logging features aren't robust and the information isn't kept long enough. The active logs are only retained for seven days. It would be better if it was available for, let's say, 30 days. If we were going to do any forensics, we would have the time to execute them.

We have been using the solution for about two years at this point. We plan to use it at least until the end of this year. It hasn't been very long.

We have looked at Carbon Black previously, as well as Cybereason. We were looking for alternatives to Crowdstrike, however, we decided we would keep this solution until the end of the year.

The reason we didn't switch yet is mostly due to time constraints. We had to renew or implement a new solution and it wasn't going to happen in the timeframe we were looking at. Therefore, we had to put it off. 

The Carbon Black is not as advanced as CrowdStrike. Also, Cybereason lags too far behind on Mac OS upgrades. We wouldn't have been able to roll out Cybereason, even though it looks like a very good product, as it didn't support Big Sur and wouldn't for another five or six months, which meant we would have machines that wouldn't be covered

We are a customer and an end-user of the product. We don't have a business relationship of any kind with Crowdstrike.

The solution is deployed from the cloud. We put it on our endpoints, however, the core application is in CrowdStrike's cloud. It's a cloud app.

Overall, I would rate the solution at a seven out of ten.

We use the solution for endpoint detection and response features.

The solution's most valuable feature is AI engine. It helps us automatically block the execution of suspicious activity.

The machines require several resets during the solution's deployment process. They should improve this particular area. Also, the reporting feature could be user-friendly. The reports need to be explained in simpler words instead of technical terms.

We have been using the solution for six years.

I rate the solution's stability as a ten.

We have 1000 solution users. It is very scalable. I rate its scalability as a ten.

I rate the solution's initial setup process as nine. It takes a month to complete. We first deploy the pilot group in a passive mode and then move to active mode. Meanwhile, we also remove the old antivirus platform from the network. Once the pilot is active, we deploy it to the rest of the platform.

The solution's licenses are expensive for small-scale companies. They cost around $120. There are no additional costs. But sometimes, we need to outsource some skills to access good security understanding. Thus, we have to pay extra for it apart from the licenses. I rate its pricing as a nine.

I highly recommend the product and rate it as a nine. It is exceptional, but there are competitive products in the market with better pricing.

Our primary use case is an ordinary antivirus. We also use it to watch the activity on the machine.

It has good visibility, works well, and it is fast.

It is easy to see what is happening and the reporting is good, although I still don't understand everything. We are still trying to understand all of the information that we receive. When a problem is being investigated, the product does a deep inspection and this is something that we really like. You can see things like which file is connected with which services. The deep inspection is something that we don't have in any other of our other tools.

The central console is good and it is easy to work with.

This product is easy to maintain on a daily basis.

There are some parts of this solution that are too slow. The performance slows down by between 10% and 40%, depending on what type of work the machine is doing. For example, we had to shut down our backup because it was too slow and it started to overlap with other tasks. We did not try to use our SQL database because there was too much of an impact. This is not on the network but on the machine and even a few percentage points difference is significant for us because of the volume of transactions.

 Integration slows down the system a bit.

I would like to have an alternate dashboard view, which is somewhat simpler. The one it presents now is like Splunk, and it is very good, but it would be helpful to have a simpler one that only shows the basics like what you have and what it has found. As it is now, it takes time to get used to it. After a while, it won't be a problem for me or other users in the company. When you're working with a regular antivirus, it is much easier to set up and start using.

We have been working with CrowdStrike Falcon Complete for two months. We are still deploying and integrating it into our environment.

Because we are still in the process of initial integration, it is our partner who is in contact with technical support. We're still waiting for them to answer with respect to one issue, and now after waiting for two weeks, I cannot say that I'm very happy with that. However, given that it is the holiday season, it's pretty understandable.

I expect that it will be complete in January when we are fully operational. During New Year and Christmas, it is a bit of a lazy time for everybody.

We have several solutions in place. We have a firewall, antivirus, and email antivirus systems, and there are still things that pass through. This product is our fourth layer of defense.

The initial setup was straightforward for us because we had assistance. On our own, this would not have been as easy.

We had CrowdStrike partners who assisted us with the implementation. They asked us things like what should be protected and what should not be. It was a lot of work for our partner to complete the deployment.

At approximately €60 per machine, per year, I think that it's a good price point. When you compare this to Windows Defender for Endpoints, the price of that solution is about €50 Euro per month per user.

There are people who spend a lot of time trying to find the right price to sell new products at, so I always think that people know the value of their product and what price they can sell it at.

Every solution has pros and cons. I don't see anything that is more advanced than other solutions, and it's just an ordinary spy product. I have to wait for some time to see how well it works in the real world, but it finds some malware and it finds some things that pass through as normal. 

At this point in time, I can't yet say for the general case whether I would recommend this product. We are still having a problem with the slowness and the impact on the performance of the system. For workstations or servers that do not have a high load on them, I would certainly recommend buying it. In our case, we had to remove it from our backup servers. So, if you're already using a backup, or hosting servers for VMware or Hyper-V, or using a SQL database, then you should consider testing it first. I'm still not sure what will happen in our case.

At this point, I cannot rate it an eight or higher because we still don't have an answer on improving the performance. If ultimately they resolve our problem then I would rate this solution an eight or a nine out of ten.

I would rate this solution a seven out of ten.

There are a lot of useful features. First of all, it gives you complete details regarding any malicious activities. So you can replace the impact date or everything from where the file comes. CrowdStrike gives you the complete details of when a file comes to your network, how it's displayed on the other systems, etc. That's the feature most customers like as of now, and they are generally more interested in EDR solutions.

The only challenge is the price, as of now. It could be the only area of improvement for me. It's a little challenging to convince new customers when it comes to the price.

We've been working with CrowdStrike for almost a year — a premium protection solution. However, we provide our customers with whichever version they require, be it the complete solution, premium protection, or basic antivirus.

I would rate the stability of this solution an eight out of ten.

I would rate the scalability of this solution as a ten because it can be easily scaled up whenever needed. Our integration instance is intended for medium-sized clients, and the number of proactive customers who are currently using this solution is more than 2,000 to 3,000 users.

Our distributors provide excellent technical support, and we have experts in our systems. Generally, we don't require any help from OEMs or distributors because they are certified in cloud sites. But whenever we need any kind of help, the distributor provides quick response and mitigation.

Positive

I would like to rate it eight out of ten. It was easy because everything is in the cloud, so you don't have to go through on-premises installation or anything. We just need to set up the cloud, and everything will restart and install that way.

Once we received the credentials from CrowdStrike, we had to set up and create policies such as moderate or high protection. All of these technical steps were taken care of by our technical teams, who are well-experienced and handle different projects.

I would rate pricing a five out of ten, where one indicates the low price and ten indicates the high price. Indian customers are price sensitive, and this solution is a little costlier compared to other solutions. However, customers are still willing to pay for it, but they always compare the price with other solutions since India is a price-sensitive market.

It is a little costlier than other solutions. There are no additional costs except for support costs, which are minimal and not an issue.

We're actually a reseller and a system integrator. We're evaluating several endpoint protection solutions for our customers.

In India, many customers are switching to EDR solutions like CrowdStrike. They prefer automated solutions over traditional legacy antivirus and don't want to invest in additional devices.

I always recommend my customers do a Proof of Concept (PoC) because once they go through the product details, features, and performance, we can convert them into CrowdStrike customers. So I always recommend doing the PoC.

We always recommend doing the PoC, which is like a demo. Overall, the solution is an eight out of ten because it's an automated solution, which is a significant improvement over traditional latency antivirus.

With CrowdStrike, the customer can put in data resources and other things which are automated. In traditional solutions, you would have to work on notifications, do lots of research, and collect logs, but in CrowdStrike, you can easily go through the process and get all the details from when the threat hits your system. It's much more convenient and efficient.

I primarily use the solution on the could to enhance my security posture. It's used to prevent malware from getting on our systems.

I'm looking at using their Spotlight feature. The solution is very good at revealing the vulnerabilities we might have. If there's anything on our system, it will reveal it, and we can address it. 

It is stable and reliable.

Technical support is helpful.

It's pretty easy to set up.

The solution can scale. 

The CSPM UI of the solution could be improved. The cloud solution is where there needs improvement done. The on-premises version is mostly fine. 

The licensing is a bit complex. People need to take some time to understand it to ensure they are getting the most out of the offering.

I've used the solution for three or four months. 

The solution is stable and reliable. My understanding is it is quite stable. I'd rate it nine out of ten for stability. 

The solution is very scalable. I'd rate it eight of nine out of ten. It can extend well. 

We have more than 400 users. We use it on the server side, not for end-user computing. 

We have been using the solution pretty regularly for monitoring. 

Support is very good. They were very helpful during setup. They got back to us pretty quickly. We haven't had any issues with them. 

Positive

We did POCs with other solutions. However, we did not go live with anything other than Crowd Strike. We wanted a good cloud option and those Crowd Strike.

The initial setup is very easy. I'd rate it at a 7.5 out of ten. We did a POC with them before doing the full contract, and the support was very good. We had a few challenges, and support took care of it in a reasonable amount of time.

The deployment took a month or so since we had quite a number of things to handle and complete. 

Our infrastructure team manages the deployment and maintenance. We have not done a lot of maintenance as of now. We are still in learning mode. Likely down the road, we might need just one person to monitor the console and act on things as they arise. 

We handled the initial setup in-house, although we did get help from support occasionally. 

It is too early to say if there will be an ROI. When we run it for a year or so, we'll have a better idea of if we will see one. 

The pricing is pretty contextual. It's hard to give a general price. 

We did look at other options and found Crowd Strike offered a very good cloud option. 

I am a customer. 

We are using the latest version of the solution. 

I'd advise others to do a lot of research and do a POC so that they are aware of what they will be getting and what they will be signing up for. 

I'd rate the solution nine out of ten.

My organization is a cybersecurity company using CrowdStrike Falcon for incident response and forensic analysis. Twenty-five employees are using it now

CrowdStrike has improved our operations in many ways. Three of our clients recently got hit by ransomware. Using Falcon Complete, we contained and fixed the issue and helped them get things back to normal.

I like Falcon's AI functionality and vulnerability management. That has been so helpful. Falcon Complete can manage vulnerabilities, quarantine threats, and do all kinds of forensic incident analysis. It's a lightweight solution that only uses 1% of the CPU, which is a game changer. Other EDRs have had high CPU usage.

Falcon could use more SIEM capabilities, like a central place to monitor all our clients.

We have been using CrowdStrike Falcon for nearly two years now.

I rate Falcon 10 out of 10 for stability. 

I rate CrowdStrike Falcon 10 out of 10 for scalability. 

We were using McAfee Endpoint Security, but we later partnered with CrowdStrike, so we started using Falcon. The McAfee solution was limited. CrowdStrike EDR has a good dashboard that lets us see what's happening and the processes on my machines. It has better quarantining and remediation.

Setting up Falcon was straightforward. We deploy it on the cloud and on-prem, depending on the client. You can deploy it in under five minutes with an adequate internet connection.

The number of people needed to deploy the solution varies. It only requires one person if we are using Active Directory. However, we typically do it manually with four people to do it, so it's faster for us to reach the organization's endpoints.

We evaluated Trend Micro and a few other EDRs. We found from the ratings that CrowdStrike was more effective than other EDRs. In addition, we have some solutions from other vendors like AlienVault OSSIM and Darktrace because those are the main players in our market.

We don't use the solution internally, but our clients' use cases are primarily EDR and endpoint protection, with peripheral use cases including web app protection.

CrowsStrike Falcon Complete is a good solid endpoint protection solution; it has a good engine and is on par in terms of efficacy with SentinelOne, and with Microsoft Defender for endpoint protection. 

I prefer to put a pound into the prevention and an ounce into the cure, but CrowdStrike put more focus into the EDR. This works as a business model for them, as they get a lot of customers purchasing their MDR services, usually SMBs lacking the staff to leverage the EDR tool themselves adequately. We have many such customers. I would much rather see more refinement and investment into the prevention side of the equation, though CrowdStrike has a good engine. The solution is as effective as SentinelOne and Windows Defender for Endpoint; it's an excellent endpoint protection solution.

I would like to see more integration capabilities and expansion into vulnerability management. I'd like to see it go beyond that into unified endpoint management, a unified security solution that doesn't just tell me what's wrong; it helps me fix it operationally.

We have been a reseller of the solution since 1989.

The solution is very stable. 

It is a very scalable solution, there is no question about that. 

The technical support is good; it's not bad and not the best.

The setup is relatively complex. Post-setup, the maintenance is light, but deployment is more complicated compared to some competitors, including SentinelOne or Cylance. Falcon Complete requires more tuning.

Once the product is implemented, I would say most of our customers require around a quarter of an FTE for maintenance. 

This product is one of the more expensive ones on the market. 

I'd rate the product an eight out of ten because there's always room for improvement in my mind. There are enough other solutions in the market space that are on par with the features and capabilities of CrowdStrike that bump it down from a nine to an eight. It's a pretty level playing field.

Most of my customers are small to medium size businesses. They don't have the people, the knowledge or the time to spend on complex setups and tuning. Any solution has to be simple out of the gate, easy to understand, and it has to be quick to deploy. Therefore, many of my clients use the implementation and managed services, and I have firsthand experience of some issues that can cause. Companies may hold off on more complicated features or configurations they don't fully understand, sometimes even permanently. This isn't unique to Falcon Complete; there are many solutions with features that are never fully leveraged by some clients. The issue is when the solution is not as effectively deployed and configured as possible because it's not a small investment.

When it comes to this solution, my advice is to shop around. CrowdStrike is an excellent brand with an outstanding reputation, but it's also the most expensive or one of the most expensive solutions. If price is a concern, other solutions can do the same job for you or be just as effective. Falcon Complete has few features that make it a big market differentiator nowadays. It makes sense if you need the product's specific features or have the staff to fully leverage the EDR without paying for the MDR.

The most valuable feature is that it has a zero-day approach. It does not work with the signature itself. It looks into what is happening on an endpoint and protects you better against threats that are not yet known but are captured in a signature. It provides far better detection than when it is only signature-based. You get much quicker protection against any new threat. This is the most important feature of the CrowdStrike solution.

They have very good knowledge of how to hunt for threats. It is all about the intelligence you put into a solution for detection. It is about making sure that if you see a number of things, you can interpret them correctly and take the right action against them. They're one of the best vendors because they come from that background. 

They are doing very well in continuously improving their product. The only thing is that it is completely cloud-based, and some customers don't really like that type of approach, but you can only provide such a solution when you have cloud-based intelligence. On the other end, we know that it is sometimes a breaking point for some of the customers. They could potentially have an on-prem or hybrid solution. Any antivirus needs to have its features updated. If there could be a relay between them, it would be helpful, but that's very hard to do. So, you either accept that approach and have the benefit with this little disadvantage. 

I have been working with this solution for three years.

We don't see any specific limitations on that at the moment. 

We have large implementations, and we don't really see any issues with the scalability of the solution. It seems to be able to scale up fairly quickly within the environment.

Their support is top-notch. They're very dedicated. Their experts are online when you need them. 

It is very straightforward. It takes very limited time to set it up. People get used to it very quickly.

Being a cloud-based solution, you don't really have to do a lot of installation. They have their own cloud. It is maintaining itself. There are automatic updates. That's one of the reasons why you want to go to the cloud-based approach. It is very easy in terms of maintenance.

I would advise anyone interested in such a solution to try it out. It is very easy to try it out. 

It is an absolute requirement to get an EDR solution in place. You should go with the ones that really have the most advanced capabilities for threat hunting. It is best to go with the experts. They've had some competition from Microsoft, which is not a bad solution, but Microsoft is not a security expert. CrowdStrike knows very well how to identify threats and link them to specific behavior. That's what you really want to have in there, and that's their strength. One of the reasons why they're still leading is that they are the only ones who can say, "We manage your network, and we would give you money back if we could not detect the issues upfront." That's one of their strong points.

If they don't do any specific scanning, they will adapt themselves to that. If it is a new system, they would need to learn that. If there is something new in there, it could be harder for them to detect it because they don't yet know the behavior, and they have to learn about it. That's the only negative element I see in it. 

They're doing quite a bit of work in improving it. They are doing a good job in evolving the product. I don't see any specific needs at this given moment on that. You could ask a lot, but in the end, you still need to make sure that the core is functioning well. They should stick with what they do best. Evolve that but not start doing everything. That's because it will not work. I'd rather have them stick to their niche.

I would rate it a nine out of 10.