Try our new research platform with insights from 80,000+ expert users

CrowdStrike Falcon pros and cons

Vendor: CrowdStrike

4.3 out of 5

122 reviews
97% willing to recommend

4,491 followers

Pros & Cons summary

CrowdStrike Falcon offers comprehensive threat analysis and detection, appreciated for its lightweight agent that minimizes system impact. Its automatic alerts and scalable architecture enable effective real-time threat response. Integration with platforms like Splunk and BigQuery enhances security workflows. However, users face issues with false positives, malware detection accuracy, complex integrations, subpar support, and high pricing. OverWatch provides proactive monitoring, but log management and integration options require improvement.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

CrowdStrike Falcon provides detailed threat analysis, allowing users to understand the root causes and origins of threats, enhancing proactive security measures.

Its low system impact ensures minimal performance degradation on endpoints, which is crucial for maintaining optimal user experience.

CrowdStrike Falcon offers real-time response capabilities, enabling remote interventions on endpoints globally, which include file management and running custom scripts.

The scalability of CrowdStrike Falcon is highlighted by its efficient deployment capabilities, as seen in rapid rollouts during critical situations like mergers or cyberattacks.

Integration capabilities with platforms like Splunk and BigQuery streamline workflow creation and enhance overall security operation efficiency.

CONS

CrowdStrike Falcon's log aggregation management needs improvement, and privacy concerns arise due to being cloud-based.

Report export options are limited, lacking a PDF format, complicating internal sharing.

Feature releases often cause unforeseen blocks on endpoints, and technical support responses have been less personal with company growth.

False positives are frequent, and scanning attachments and legacy OS support are inadequate, highlighting gaps in threat detection.

Pricing is considered high, raising cost-related concerns compared to competitors.

CrowdStrike Falcon Pros review quotes

JA

Jeffrey-Anderson

Security Analyst II at a healthcare company with 10,001+ employees

Mar 11, 2021

I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good.

Read full review

EH

Chief Information Security Officer at a real estate/law firm with 10,001+ employees

Mar 23, 2021

As long as the machine is connected to the Internet, and CrowdStrike is running, then it will be on and we will have visibility; no VPNing in or making some type of network connection. CrowdStrike always there and running in the background; for us, that is big. We wanted something that could give us data as long as the machines connected to the Internet and be almost invisible to the employees.

Read full review

JM

Information Security Analyst at a insurance company with 1,001-5,000 employees

Mar 10, 2021

The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment.

Read full review

CrowdStrike Falcon

Free Report: CrowdStrike Falcon Reviews and More

Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.

815,854 professionals have used our research since 2012.

MG

Enterprise Cybersecurity Architect at Swagelok Company

Mar 4, 2021

Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that.

Read full review

NC

IT Security Analyst at U.S. Venture, Inc.

Mar 17, 2021

From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool.

Read full review

MK

Associate Director - Infrastructure Engineering at AFT

Jul 12, 2020

The UI is simple and self-explanatory. Everything is easy to understand.

Read full review

reviewer1540044

Chief Security Officer at a financial services firm with 201-500 employees

Mar 25, 2021

The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate.

Read full review

AS

Adam Shusterman

Cyber Security Engineer at a legal firm with 501-1,000 employees

Mar 25, 2021

It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably.

Read full review

Trainee Engineer at COMPASS IT Solutions & Services Pvt.Ltd.

Aug 9, 2024

It's really good because it can detect anything.

Read full review

reviewer1392531

Dy General Manager at a real estate/law firm with 501-1,000 employees

Aug 2, 2020

There's almost no maintenance required. It's very low if there's any at all.

Read full review

Show 10 more reviews (out of 119)

CrowdStrike Falcon Cons review quotes

JA

Jeffrey-Anderson

Security Analyst II at a healthcare company with 10,001+ employees

Mar 11, 2021

I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup.

Read full review

EH

Chief Information Security Officer at a real estate/law firm with 10,001+ employees

Mar 23, 2021

I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization.

Read full review

JM

Information Security Analyst at a insurance company with 1,001-5,000 employees

Mar 10, 2021

It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful.

Read full review

CrowdStrike Falcon

Free Report: CrowdStrike Falcon Reviews and More

Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.

815,854 professionals have used our research since 2012.

MG

Enterprise Cybersecurity Architect at Swagelok Company

Mar 4, 2021

A year and a half ago or more, if you put in a support request by email, then it wasn't timely addressed. It could be a day to three days before you received a response, which was a bit frustrating. There was a lot of customer feedback around this issue, which has been greatly refined.

Read full review

NC

IT Security Analyst at U.S. Venture, Inc.

Mar 17, 2021

I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool.

Read full review

MK

Associate Director - Infrastructure Engineering at AFT

Jul 12, 2020

Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about

Read full review

reviewer1540044

Chief Security Officer at a financial services firm with 201-500 employees

Mar 25, 2021

If we have a dashboard capability to uninstall agents, I think that would be great.

Read full review

AS

Adam Shusterman

Cyber Security Engineer at a legal firm with 501-1,000 employees

Mar 25, 2021

There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it.

Read full review

Trainee Engineer at COMPASS IT Solutions & Services Pvt.Ltd.

Aug 9, 2024

I'm concerned about the recent issue that involved a faulty update.

Read full review

reviewer1392531

Dy General Manager at a real estate/law firm with 501-1,000 employees

Aug 2, 2020

The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ.

Read full review

Show 10 more reviews (out of 117)

Product Categories

Product Categories

Endpoint Detection and Response (EDR)

Endpoint Protection Platform (EPP)

Identity Management (IM)

Threat Intelligence Platforms

Active Directory Management

Extended Detection and Response (XDR)

Attack Surface Management (ASM)

Ransomware Protection

Identity Threat Detection and Response (ITDR)

AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons

Microsoft Defender for Endpoint vs CrowdStrike Falcon

Cloudflare vs CrowdStrike Falcon

Fortinet FortiEDR vs CrowdStrike Falcon

Wazuh vs CrowdStrike Falcon

Microsoft Entra ID vs CrowdStrike Falcon

Splunk Enterprise Security vs CrowdStrike Falcon

Cisco Secure Endpoint vs CrowdStrike Falcon

SentinelOne Singularity Complete vs CrowdStrike Falcon

Microsoft Defender for Cloud vs CrowdStrike Falcon

Darktrace vs CrowdStrike Falcon

Fortinet FortiClient vs CrowdStrike Falcon

Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon

Microsoft Defender XDR vs CrowdStrike Falcon

IBM Security QRadar vs CrowdStrike Falcon

Elastic Security vs CrowdStrike Falcon

See all alternatives

Product Categories

Product Categories

Endpoint Detection and Response (EDR)

Endpoint Protection Platform (EPP)

Identity Management (IM)

Threat Intelligence Platforms

Active Directory Management

Extended Detection and Response (XDR)

Attack Surface Management (ASM)

Ransomware Protection

Identity Threat Detection and Response (ITDR)

AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons

Microsoft Defender for Endpoint vs CrowdStrike Falcon

Cloudflare vs CrowdStrike Falcon

Fortinet FortiEDR vs CrowdStrike Falcon

Wazuh vs CrowdStrike Falcon

Microsoft Entra ID vs CrowdStrike Falcon

Splunk Enterprise Security vs CrowdStrike Falcon

Cisco Secure Endpoint vs CrowdStrike Falcon

SentinelOne Singularity Complete vs CrowdStrike Falcon

Microsoft Defender for Cloud vs CrowdStrike Falcon

Darktrace vs CrowdStrike Falcon

Fortinet FortiClient vs CrowdStrike Falcon

Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon

Microsoft Defender XDR vs CrowdStrike Falcon

IBM Security QRadar vs CrowdStrike Falcon

Elastic Security vs CrowdStrike Falcon

See all alternatives

Related questions

153

I would like to compare CrowdStrike and Carbon Black. On what basis should I decide?

232

What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?

30

What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?

255

What is the biggest difference between CrowdStrike and Cylance?

124

CrowdStrike Falcon vs Microsoft Defender ATP: Comparison of features and performance

214

Is Crowdstrike Falcon better than Trend Micro Deep Security?

561

What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?

183

Which solution do you prefer: CrowdStrike Falcon or SentinelOne Singularity Complete?

139

How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?

78

How does Crowdstrike Falcon compare with FireEye Endpoint Security?