CrowdStrike Falcon Reviews

We use Falcon to investigate threats and reduce risks in our environment. It covers multiple departments within the same building and company. All units are attached to one controller, so we can manage them from one point. 

We can implement different kinds of policies on sensitive data for various departments. For example, I can limit how data can be changed if I'm dealing with financial data. It's the same for production or logistics. We can set rules for data sharing and access because some departments need to share data with customers.

CrowdStrike's AI-driven analytics have improved our security considerably. It's sharing information from across the infrastructure and applying machine learning to prevent issues. This is a powerful, proactive approach to cybersecurity. It takes action in time to prevent the problem, so we don't need to remedy it after the fact. Sometimes, by the time you take action, it's already too late. 

Before deploying Falcon, I would avoid taking action due to potential risks. With CrowdStrike, I don't worry about recovering data, so I can focus on preventing situations. In two years, I have never had that problem. When I look at the platform, I can see all the notifications and the actions taken. I can see how potential attacks can possibly reach the server and create a significant incident. Thus, I can directly measure the quality of the service.

Falcon is easy to integrate with our infrastructure because we can control the entire network through our fiber router and switch. CrowdStrike can interface with all devices easily and provide integrated security. Falcon gives you greater control without any problems.

The agent will recognize issues immediately, and we can follow up to create a plan for if this problem reappears or is still present on the infrastructure. Falcon enables instant remediation. It doesn't take two or three days. It's in real-time.

Falcon has the capacity to identify potential problems quickly. The administrator can deploy the agent, and the users cannot change it. This assures you that the agent remains on this device. Also, the agent can act preemptively to provide alerts about potential problems. 

When there's a problem, you can follow the rules. For example, you can put a file that might be infected into quarantine or lock the device, preventing it from propagating the threat to other devices or networks. The agents are collecting information and feeding that back into the CrowdStrike platform, so you have 24/7 control and visibility. 

Falcon's deep learning capabilities are flexible and work across multiple operating systems. You can control everything from the same place, whether you're dealing with a Windows, Linux, or Mac device. You can define your policies precisely and decide how you want the platform to respond in any situation. 

CrowdStrike's AI approach is interesting because it improves the capacity to correlate information based on all the deployments on devices worldwide. It analyzes this data to identify something anomalous that could potentially be a problem in your environment. Falcon can isolate the issue to determine if it's a real threat. You will get an email saying the platform has identified a potential problem they are investigating. 

Falcon explains the steps they are taking. After the issue has been resolved, you will get another message showing CrowdStrike's analysis and evidence that the problem is now under control. I get about 20 emails from CrowdStrike daily. 

I want more ability to customize how you summarize the data. The default views are fine, but it would be interesting to be able to customize them based on the kind of data you want to see immediately. This can help the administrator gain an immediate overview and reduce the investigation time.

We have used Falcon for two years.

I rate CrowdStrike support 10 out of 10. They have one of the best teams that I've worked with. They're very fast and professional, with a high level of skill and knowledge. 

Positive

I previously used Sophos. It's a good solution that works well with other Sophos infrastructure, like firewalls, etc. For example, if the firewall is from Sophos, it can interact with the software to identify a problem. However, CrowdStrike is more powerful when using hardware from different vendors. It doesn't rely on specific hardware because it works with an agent, so you're more flexible and less constrained. 

Overall, Falcon is more powerful than other solutions. It is light on resource consumption. It has a minimal effect on the client when you have installed the system because everything is controlled by our cloud platform where you can see the portfolio of devices.

The installation was quite easy. The platform is based in the cloud, but you need to download agents based on your operating system. After you install the agents, you only need to configure the various devices on the cloud platform. CrowdStrike's platform is managed by the vendor. You can log in and manage your portfolio of devices and define your policy or apply profiles to groups of users and devices. 

We feel like Falcon is worth what we pay.  The cost of the solution is minimal compared to restoring data from a potential attack. 

Falcon's price is accessible, and it's a good value for the level of quality we get. We don't have any objections based on the cost, and we understand that you will pay more for an enterprise solution. There is no objection to the cost. It's appropriately priced for the service that we receive.

I rate CrowdStrike Falcon 10 out of 10.

We use the product for cloud security. We use it for prevention, to watch for gaps in security. We work with customers seeking prevention for advanced apps. 

Sometimes a customer has multiple solutions that come at a higher cost. They have to pay for all of these other security features. With CrowdStrike, customers get one agent for all system operations. It offers more security for remote work and clients gain access to the latest protections.

The solution offers good features. The prevention and device control are useful. It offers helpful firewall management and identity protection.

They've reduced the complexity and provide better security outcomes. Customers tend to prefer CrowdStrike. 

It's easy to deploy and manage.

The solution isn't known in my market. The brand isn't as recognizable. Their shortcomings are more on the marketing side. Everyone knows Microsoft Defender. Customers need to hear more about CrowdStrike and all the advantages and features on offer. 

We've used the solution for three to four months. 

I haven't had any issues with bugs or glitches. I haven't had a problem with stability so far. 

The capability to scale so far has been good. 

Technical support is good. 

Positive

I'm also familiar with Microsoft Defender. However, Defender works best with Microsoft and not necessarily other legacy applications. With CrowdStrike, you can secure all system operations and versions. It's easier to deploy and operate. 

The deployment is seamless and users get immediate protection. It's lightweight. There's one agent deployed to endpoints in minutes. The product offers consistent coverage. There's no complex integrations and it doesn't need fine-tuning. In comparison, Defender can be more complex.

CrowdStrike can be deployed on any operating system, not just Microsoft. 

There isn't really maintenance, it's set and forget. The agent updates automatically and receives continuous security updates, enabling immediate enforcement across endpoints. 

The solution is well worth the cost.

The costs are predictable. There are no surprises. 

In Chile, there are not a lot of CrowdStrike partners of the managed service; therefore, it's a little more expensive than Microsoft, as there are so many more managed partners for Microsoft. That said, if you look at the total cost of ownership, CrowStrike is better than Microsoft.

We're a reseller. We're still new to CrowdStrike. 

I'd rate the solution eight out of ten. The cost is good and they offer better tech support. Also, the protection is wonderful. 

We use CrowdStrike Falcon as a managed SOC for intrusion detection on our endpoints.

Being a cloud-native solution, CrowdStrike Falcon provides flexibility and always-on protection. This is extremely important to have the best protection available.

It is a fully managed service, so they provide all the necessary updates for us which is helpful.

While CrowdStrike Falcon provides us with better peace of mind in terms of protection, it also generates alerts for potential threats, requiring our investigation. However, the platform further alleviates our anxiety by automatically reviewing unaddressed alerts, offering an additional layer of security. This coverage fosters a heightened sense of security.

CrowdStrike Falcon has been instrumental in preventing breaches, allowing us to operate with significantly increased security compared to the past. This has provided us with much greater peace of mind. While no security solution is foolproof, Falcon has brought us remarkably close. 

The anomaly detection is the most valuable feature.

The portal can be clunky to navigate at times and has room for improvement.

I have been using CrowdStrike Falcon for two years.

I would rate the stability of CrowdStrike Falcon a nine out of ten. The only issue I have had is with an old version of the endpoint that was installed and has proven to be problematic. 

CrowdStrike Falcon is scalable.

The technical support is good and they provide prompt responses to all of our questions.

Positive

We implemented CrowdStrike Falcon in response to a security incident. It was the first endpoint detection and response service we had ever used, and we've been utilizing it since 2021.

Deploying the sensors to our endpoints is straightforward. We do have a manual process for deploying the sensors to our endpoints. There are also options to do it through a group policy. It doesn't seem overly complex.

We rolled the solution out to our entire estate which took just over one week. We had up to 300 endpoints and required a team of five people to complete the deployment.

CrowdStrike Falcon enables us to save on resources which in turn provides a 20 percent return on investment.

CrowdStrike Falcon offers excellent value for the money for our organization, particularly given our lean IT team. We lack the resources to replicate the full security services they provide without hiring additional personnel. The cost of Falcon is likely comparable to, or even less than, the salary and benefits we'd need for an extra employee. Furthermore, their on-call experts have more expertise, further enhancing the value proposition.

After a year, we reevaluated our endpoint security solution. We considered several options, including Arctic Wolf, SentinelOne, and Darktrace, alongside our existing Fortinet solutions. We participated in demos and ultimately determined that CrowdStrike's offering, both current and future, remained the best fit. While we hadn't initially explored other options before choosing CrowdStrike, external factors subsequently forced our hand. However, after a year of use and further evaluation, we reaffirmed our decision, concluding that CrowdStrike was still the most suitable solution for our needs.

I would rate CrowdStrike Falcon a nine out of ten.

We have around 300 endpoints and three people who have access to the solution.

Three people are required for maintenance.

CrowdStrike Falcon was recommended by our head office in Germany.

I recommend CrowdStrike Falcon. 

We use it for our endpoint detection and response on our devices for both endpoints and servers. It has replaced our traditional antivirus. We are strictly using it now to do all our antivirus duties.

We are primarily a Windows environment, 95 percent Windows. Then, we have a little bit of Linux and Macs in there as well.

They have been able to help us. We have used other functions, such as Discover, to identify software that is running in our environment. This is not necessarily bad software, but it gives us an idea of what is out there to start building a standard configuration, which helps us build policies for what we do want in our environment and what we don't. That has been very valuable as well. It is kind of an offset of what they actually do; their main bread and butter, if you will. They have been very helpful with other tasks, such as that and in finding themes. 

We are pretty confident in CrowdStrike. Knock on wood, we haven't had any breaches that we know about. When you do see a large breach in the news, it seems like CrowdStrike is always mentioned. They are either helping investigate or leading the incident response (IR) process for them. While I can't really say it has specifically stopped a data breach for us, we are confident that if something happened then CrowdStrike would catch it.

We primarily use the Falcon feature. It is very dependable for us. We have done multiple tests against it and thrown everything we could at it. It does seem to pick up quite a bit, if not everything, that we have tested with it. So, we rely heavily on it. Right out-of-the-box, the main Falcon component is the biggest feature that we utilize and rely on.

We are a heavy laptop environment. So, it was nice to know that our users would be protected and we would know what was going on, on the endpoint, regardless of how they were connected. That has been very valuable. This is one of the reasons why we chose to go with this solution.

The fact that this is a cloud-native solution means that we don’t need to worry about updates. They take care of all the back-end and architecture. The only updates that we need to worry about are the sensors themselves. If you set them to auto update, like we do, then you don't even have to worry about that. It definitely frees us up to do more important things. If it wasn't for them doing this, we would need at least a part-time FTE, if not a full-time, to operate and manage CrowdStrike keeping it up-to-date as well as the hygiene. We had half of an FTE assigned to our antivirus prior to CrowdStrike. Now, that is just included in our dailies. It lessens that burden so much that we don't even need a slotted requirement for that. Overall, this solution saves us at least a good 10 hours a week that we would have been using before.

Their threat dashboards are very helpful. For instance, with this zero-day that just came out from Microsoft, they already have a dashboard where you can see the assets in your environment affected or at risk. That is just an added value. 

It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful.

We have been using it for four years.

Stability has been really good. We have not seen the issues that we had with traditional AV. Having it connected to the cloud has really helped with stability, being able to see what a computer is doing at all times, and being able to see the last check-in times, this has kind of helped with the sensors.

It is primarily just me for tweaking or management of the solution. I have backups, if needed, but it is such a light lift that I may spend an hour or two a week in the console. It really is a great product that takes care of itself. Not a lot of tweaking has been needed so far, knock on wood. We haven't really had to make any exclusions like we used to with traditional AV. Everything is running with CrowdStrike's full protection, which is a huge bonus for us, since traditionally you are pretty blind. 

The solution is very scalable and easy to deploy as well as sync up agents with it.

The end users are the security team, which consists of about four of us. Then, we have a couple of leads from other technical teams. So, there are probably eight users who have access to CrowdStrike. Primarily, there are just three of us who are in there constantly.

The technical support has been pretty good. They are usually very responsive. We haven't had to escalate anything. When we have needed a more technical, deep dive, we have been able to get a dedicated engineer for our account to assist us. So, there has never been a time where we feel like we can't get the help that we need.

We were previously using McAfee.

CrowdStrike seems to detect quite a bit more than McAfee did. We like how it is kind of real-time, if you will. It is not so much signature-based. So, it has been able to stop things quicker than McAfee did. We have seen a huge increase in performance on our systems. Oftentimes, the daily scans would need to be run with signature-based AV or scans with servers, then that would cause great performance hits. It kind of limited us as well to where we could only scan certain windows. Now that we have CrowdStrike, we are kind of always-on and not limited to having to do those scans. So, that has been a big performance increase for us.

It is a lot easier to use CrowdStrike than McAfee, especially having the team at CrowdStrike handle the maintenance day-to-day, etc. With on-prem, you are responsible for everything. Whereas, with CrowdStrike, we can just worry about our IR response, basic deployment, and health checks. So, it is very convenient having them handle it in the cloud.

CrowdStrike was cutting edge technology at the time. EDR was still kind of new then versus the traditional AV. Not only because of licensing costs, but also because of performance, we felt that we needed something new.

It is easy to deploy the solution’s sensor to our endpoints. We have that as part of our build process. When new things are built, we have those as part of the build. If for some reason, something gets corrupted, then it is fairly simple to redeploy and we utilize SCCM for that. However, it is pretty run of the mill, i.e., easy. With the updates being taken care of by CrowdStrike, once it is deployed, then you are pretty much good to go.

Our initial deployment took about a week. That was only due to working out how to adjust CrowdStrike in our environment: weed out false positives, mimic anything that we needed to from our traditional AV over to CrowdStrike, and test previous exclusions that we had for our traditional AV, if we needed those anymore in CyberArk. It was very easy to deploy with SCCM, then it was more just tweaking. 

We did a test in our test environment and saw no negative impacts. Although not advised by CrowdStrike, we were able to run our traditional AV while we were deploying CrowdStrike. Once we knew CrowdStrike was on the machine working, then we were able to send out scripts to remove the old, traditional AV. Our strategy: We knew that it would not, at least in our environment, hurt us to have both on temporarily. So, our deployment strategy was very simple, knowing that we had an AV in place to back us up if something didn't go right with the CrowdStrike install.

I did the deployment. If there were exclusions or something that we needed to address, then I worked with the individual teams.

The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment.

We did the free trial to kick the tires. Part of that head trial was having us load stuff and trying to get by it, and we weren't. That trial really helped sell us that it was a good product.

Getting the free trial was very easy. It has been years now, but it was as simple as just going to the website and requesting a free trial, then it was stood up maybe even that same day. It is hard to remember now, but it was very quick.

The pricing and licensing are fairly good. It is definitely not a cheap product, but I have felt that it is worth the money that we spent. So, we have discussed it in the past, and were like, "Yes, it is probably pricier than some other solutions, but we also feel they really are the leader. We are very comfortable with their level of expertise. So, it's kind of worth the price that we pay."

We do add their OverWatch protection, which is an extra bit of an add-on, but that gives us 24/7 SOC-type watching. So, we have added that on, which has been valuable as well. Outside of that, there have been no more additional costs.

We were looking for an EDR solution. At the time, CrowdStrike was the leader. We were very big into Gartner reviews, and we went off of Gartner. We just wanted the best that was out there.

Do it. It is a great product. I seriously think it is worth considering. We have been completely happy with the solution that we have been running on for years now and have never regretted our decision. I highly recommend it.

We plan on possibly looking into the added features that they offer to see if there is something there that can increase our incident response or add value to our business.

It is our primary EDR, so we are using it 100 percent for that and plan on using it for other avenues. We found Discover can help us with the inventory for applications. So, I am looking for other business opportunities there to help us, which will be our goal in the future.

It has given us some insight into how threat actors work. The biggest thing for us has been threat actor education. They give you intel which helps you identify what attackers you would more likely be targeted by. A lot of this comes with our OverWatch protection. Their threat intel has probably been the biggest thing for us.

Overall, I hate to give a perfect score, but it is probably a 10 out of 10. It is a really great product. 

We use CrowdStrike Falcon for both our server and endpoint security, including our users' laptops and PCs.

CrowdStrike Falcon has made a significant difference for us, especially in mitigating ransomware and zero-day attacks. Its proactive and defensive response approach effectively isolates threats, setting it apart from other endpoint solutions.

Integrating CrowdStrike Falcon into our environment was seamless. Once we set the policy the software was activated immediately and distributed on all our endpoints.

The real-time response is highly effective. It automatically takes immediate action whenever it detects suspicious activity, alerting us to the problem and providing clear mitigation steps. In some cases, it even pushes through updates to resolve the issue proactively.

The usability and interface of CrowdStrike Falcon for daily operations are good. 

The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action.

CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR.

The pricing has room for improvement.

I have been using CrowdStrike Falcon for three years.

In the three years of using CrowdStrike Falcon, we have not encountered any stability issues.

CrowdStrike Falcon scales well. We are using it in a large environment with no problems.

The technical support is responsive.

Positive

We previously used both Symantec Endpoint Detection and Response and Kaspersky Endpoint Detection and Response but found that they lacked the 24/7/365 monitoring and response offered by CrowdStrike Falcon. Additionally, their detection capabilities, particularly for ransomware and zero-day attacks, were not as effective.

The initial deployment was straightforward and non-disruptive. The deployment took one week to complete.

We required two people from our organization for the deployment on-site and the CrowdStrike team worked remotely.

The CrowdStrike team helped with the implementation.

CrowdStrike Falcon is one of the more expensive endpoint solutions on the market.

I would rate CrowdStrike Falcon an eight out of ten.

We deployed CrowdStrike Falcon across all our locations, including subsidiaries and remote sites in various regions.

Maintaining CrowdStrike Falcon is simple because it only requires a client agent to be installed on the machine at the kernel level, below the operating system.

We are using it primarily for NGAV, but we also use their EDR product and Falcon OverWatch.

Most of our internal stuff is still on-prem. We do use SaaS for vendor products, but our internal environment is still mostly on-prem.

I think everyone is trying to move away from on-prem solutions. Having the cloud-based management console makes it a lot easier to maintain. It takes a load off our hands as engineers and analysts. It helps with upgrades and patching, I don't have to worry about on-prem servers for maintenance, but also as another thing to defend against, so getting rid of that is definitely beneficial.

As a cloud-native solution, it provides us with flexibility and always-on protection. I don't have to worry about data center failures on my end. I don't have to worry about any issues in our server rooms affecting the protection of the environment as a whole. Having CrowdStrike take that responsibility is a load off our backs.

Falcon has been very successful in preventing breaches. In the beginning, there were a lot of false positives as Falcon learned our environment, but I would definitely give it a positive rating overall for protecting our environment.

The NGAV portion is the most valuable feature. The primary reason that we went with the product was their reputation. In practice, it has been a definite step up from where we were previously.

We are using Falcon Investigate, which is their EDR tool. The EDR has made it infinitely easier to investigate into more detail on end user workstations and servers. Any sort of detection where I can go back into the EDR tool and dig down deeper into the endpoint is great. This was a function that we did not have previously.

There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it.

I have been using it less than a year. We are relatively new customers.

My impressions of the stability are positive. I haven't had any problems since implementation with stability or availability.

Minimal maintenance is required on our side post-deployment, but it still does require maintenance. If I have to build out new groups or a troubleshooting group, e.g., tweaking policies if machines change subnets, then there is still maintenance required.

All post-implementation maintenance and administration is handled by a single security engineer.

We are a relatively small firm, but I have had no problems in my deployment plans. I could easily see this scaling upwards.

In total, we are protecting roughly 1500 endpoints.

They have been very on point and helpful. I have never had to ask them where they are. They are always following up with me trying to keep the tickets live, so that is great. I have been very impressed.

We replaced Symantec Endpoint Protection. On the one hand, we wanted a fully NGAV. Symantec was still using a hybrid model, a mix of signature-based and behavioral-based detections, so moving over into a full NGAV product was important to us. We wanted to stay up to date on the ever changing nature of malware, especially since we have been seeing more malware nowadays that can evade strictly detection-based systems. Also, Symantec support was very hard to track down or talk to. All in all, CrowdStrike has been more responsive to any questions or concerns, which is big when you are dealing with vendor solutions.

Fortunately, we have not experienced any major detections. However, testing-wise, CrowdStrike has been more effective overall.

Deployment was pretty easy. We scripted out a process in GPO, then we were able to deploy it fairly seamlessly.

We managed to deploy it to all our servers within a week or two. That was mostly due to getting clearance from server owners, not due to the CrowdStrike installation. Then, for the workstations, it was a bit longer just because of office locations and when people had their computers on. The CrowdStrike process was very smooth. It was really just the bureaucracy part that took a while.

We had to change management protocols. We put it out to dev servers and workstations in detect-only mode as we deployed CrowdStrike to endpoints that had a preexisting AV system still on them, in order to avoid any time where a system would not be protected by an antivirus system. So, we deployed CrowdStrike, then disabled the previous antivirus system and activated CrowdStrike's prevention policies, then uninstalled the previous antivirus system.

Four or five people were involved in the deployment: a security engineer, two workstation engineers, and various server owners.

It is protecting our environment, so it is worth the cost.

It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably.

The pricing was very fair for what we got.

Different components are additional price points. We got the components that were right for us, but other organizations may require more (or less) components to suit their needs.

CrowdStrike is an industry leader. When we were looking for a replacement technology for NGAV, their name was on the top of a Google search.

We did a PoC with CrowdStrike. We deployed the PoC only to a select group of test machines, so we were able to deploy rather quickly. The PoC helped immensely in the decision-making process.

We did evaluate Cylance and Carbon Black. All the products that we investigated looked good. In the end, we went with CrowdStrike because of: 

1. The reputation of the organization in the AV community.
2. Its out-of-the-box readiness. 
3. Ease of maintenance and administration.

Take the time you need in the beginning to fully build out all the groups and prevention policies that you will need. It may take a bit longer during the initial setup, but it is worth it in the long run because it makes maintenance down the line much easier than having to build new groups or prevention policies as they come up. Definitely take the time needed in the beginning. Then, later down the road all you have to do is check some boxes, as opposed to building out brand new groups and prevention policies, which can take awhile.

In the beginning, there will be a bunch of false positives as it learns your environment. However, those are very easily handled within the UI, creating IOA or machine learning exceptions. With our previous solution, we had a couple hundred exceptions, and with CrowdStrike, we have six or so.

CrowdStrike has fulfilled its function very well. We got it specifically to serve the purpose that it is serving.

It is a solid nine out of 10.

The initial use case was for CrowdStrike to be a replacement for McAfee. We wanted to come up with something that was a lot more adaptive to emerging world threats and not just strictly signature-based. We wanted something focused a lot more on heuristic analysis and pattern analysis first, e.g., isn't just sheer signature. Additional use cases are workstation servers and as much as we can do in our OT environment.

It has allowed our security team to have more time and resources built into things that are used to run the business versus needing to babysit our antivirus platform, or any malware platform. With what we have been paying for, it allows us to be a lot more involved with how the business is being run from a security, risk, and compliance standpoint.

We have signed up for Falcon Complete, which is their completely managed service. This has done nothing but paid dividends since we have rolled it out. Slightly before I started, there was a ransomware issue. CrowdStrike did exactly what it was supposed to when we joined networks with the company that we were acquiring. So, that was helpful to us.

To the best of our knowledge, it has stopped everything that we have seen. It has allowed us to focus our efforts on other things relevant to how the overall business functions.

It helps us in the M&A environment because it is a very simple, easy tool to deploy, being pretty much all cloud-based. While we're not building our security practice around it, it is a tool that we want to make sure does integrate well, if at all possible, with any new tool that we purchase moving forward.

It is especially important to us that CrowdStrike Falcon is a cloud-native solution. We have a directive for cloud-first architecture at this point. Anything that is cloud-native, or has a cloud offering, will always get first billing over something that is on-prem. We are a small security team. Having the ability to have a service or application that is not wholly managed by us, but rather governed and used by us, is the ideal solution.

The flexibility comes from allowing us to do a mass push, if we need to. We would find always-on protection with pretty much any solution. However, the fact that it is in the cloud, that just makes it that much better.

I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool. 

U.S. Venture has been using it since the first quarter of 2019. I, however, did not start with the organization until the Summer of 2020.

It has been very stable. There have been no real issues that we have had in the deployment or use of the CrowdStrike system in general. There has been zero downtime.

For our workstations, we don't worry about the updates. However, we have a tighter grip on updates for our server environment only because there was an issue at a point with one update. Since then, we would like to keep our deployments at an N-1. So, there is more of a check built-in just to make sure that the latest and greatest doesn't actually break anything unintentionally.

The CrowdStrike sensor is always kept at N-1 for our production servers. Our test servers are always up to date.

From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool.

We have all our desktop engineering group and server team as admins in the system, but they only use it for specific troubleshooting in their job roles. So, if the server team needs to do something, then they can just log in and do it as well as the desktop engineering group. They can just go in and do stuff, if it is something related to computers or servers. As far as for the overall management of the system, that is left to the security team.

It is currently being used to the extent that we need it. After CrowdStrike had their user conference last Fall, they introduced a lot of new tools, specifically one around forensic that we would like to get our hands on. However, there are no real plans for doing any major increases of its toolset. I do know that there is a project that will be going on for using its mobile application on some Android tablets, but it is still very much in its infancy. So, we are not quite sure how that will roll out yet.

I have never used their standard technical support. I do everything through their unofficial Reddit support forum. Also, if there are any other major technical issues, then I work directly with our TAM. So, I have never just reached out and created a general support case. Therefore, I cannot speak to how well they respond. However, their unofficial Reddit support has been fantastic with helping me work through troubleshooting issues and a couple of queries, where I was having issues trying to get the syntax correct. They have been nothing but helpful.

I believe they have their actual support engineers on Reddit, but there is no SLA nor anything guaranteed on that Reddit page. They claim that right there in the subreddit rule. However, I have had nothing but good luck working through them. It could take a few hours to one or two days to get a response, but it has always been for things that aren't pressing. For things that are pressing, then it is a direct call or email to our technical account manager who is very responsive.

They have a great online forum for customer use cases. That has been a great crowd sourcing thing. It is unofficial. I just stumbled across it, but the subreddit for their support has been spectacular for many reasons.

Previous to CrowdStrike, our organization was using McAfee VSE with McAfee ePolicy Orchestrator (ePO). Switching from McAfee to CrowdStrike, we saw a reduction in resources being used on both the workstations and servers. We saw an increase in detections, be that good or bad. We would like to think it was a good thing, because now it is finding a lot more stuff that wasn't strictly signature-based. So, it provided almost a very lightweight SIEM-type of response. It was providing information about installed applications, account lockouts, and top console users. It was a very nice bonus to have that information in addition to just the general overall anti-malware that CrowdStrike is known for.

CrowdStrike is so much easier to use. The UI is far more intuitive. The breakout of how the policies as well as the organizational structure within the UI for how the computers are laid out is far more intuitive. It feels a lot more based around how AD kind of functions. Because I am already familiar with Active Directory, the move to using that in CrowdStrike is very seamless, at least in my mind.

The agent is far more lightweight than our previous antivirus solution. It is a lot less resource intensive. We don't have any more on-prem servers to manage for running the application, which is another benefit to being in the cloud. There are just a couple of holes punched in the firewall for communication in and out.

A lot of the switch was focused around the fact that CrowdStrike was solely a cloud-native solution as well as heuristics versus signature.

It is very simple to deploy the solution’s sensor to our endpoints. Right now, it is part of our standard build process through a SCCM. So, it gets a version, then it is obviously outdated because our desktop engineering group can only update the image so quickly. Once it is checked into the cloud, it updates, decides to download, and gets the new seamless version. It has been wonderful to have and very helpful to us.

The initial setup was done in less than two months.

The implementation strategy was done how any other mass deployment is done. You take a small set of computers, put it on one, remove the old solution, and then run that group by itself, figuring out if there are any new or existing exemptions that needed to be in play. Once it is stable, it is rolled out to a larger group, the process is repeated, and then it is moved onto the servers.

Overall, four people worked on the deployment: It would have been my predecessor, my other coworker, and two server guys to do the server environments.

Our ROI has been high compared to what we had with McAfee. We spend about two hours a month for its care and feeding, which is really low maintenance. We previously spent two to three times that amount of time managing our McAfee environment.

Pricing and licensing seem to be in line with what they offer. We are a smaller organization, so pricing is important. Obviously, we would make a business case if it is something we really needed or felt that we needed. So, the pricing is in line with what we are getting from a product standpoint.

Since moving to CrowdStrike, we have not looked at other endpoint management solutions. In fact, when we look at a new tool, we want to make sure it will play well with CrowdStrike, be it a new SIEM or anything cloud-based. 

Make sure you know what the policies do. There are a lot of good and bad things that you can do with too strict or too loose of a policy governing workstations or servers.

We have evaluated the CrowdStrike Horizon module. We are not there yet. Our environment has not changed drastically since our last review of it. So, we have not felt the need to revisit it since then.

It is important to not solely rely on one product, especially one that has a good or bad name, such as McAfee. Because there was a lot of, "Oh no, we got an antivirus. We're fine." It helps to make sure you always have an in-depth defense strategy.

I would rate it a solid nine out of 10. 

We use CrowdStrike Falcon to investigate security detections for malicious activities in our environment.

CrowdStrike utilizes machine learning algorithms and detection rules to generate alerts for suspicious activity within our environment. We then investigate these detections individually, analyzing the details of each event.

In addition to automated detection, CrowdStrike allows for custom queries. For instance, if we need to investigate a specific host, we can leverage a cloud security language to examine its activity. Similarly, we can use CrowdStrike to search for activity related to particular users or hosts.

CrowdStrike Falcon provides significant additional value. It excels at identifying suspicious activity the moment an application appears in the environment, immediately bringing these incidents to the attention of our response team. Upon receiving an alert, our team can investigate and take appropriate action if anything malicious is found. In essence, CrowdStrike Falcon acts as a strong barrier against attackers.

In the past 3 years, we have encountered many scenarios where CrowdStrike Falcon has helped mitigate potential security breaches.

The detection and response console is the most valuable feature.

We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike. In these cases, the access disable process can be quite slow.

I'm using CrowdStrike Query Language, and I've noticed an issue with event backups. Searches exceeding a certain event threshold aren't capturing all results. For instance, if I run a search that returns 10,000 events in a single day, only 2,000 events are backed up. This limitation with CrowdStrike Query Language needs to be investigated.

I have been using CrowdStrike Falcon for over 3 years.

CrowdStrike Falcon is generally stable, although event searches may occasionally experience slow performance.

CrowdStrike Falcon's scalability is dependent on the license acquired.

The technical support live chat can experience long wait times. Submitting a ticket may result in a quicker response.

The company was using Carbon Black before I joined. When I came on board, they decided to switch to CrowdStrike.

I would rate CrowdStrike Falcon 9 out of 10.

CrowdStrike Falcon is deployed across multiple end-user systems and locations.

I recommend CrowdStrike Falcon. It's a wonderful security platform that's easy to use and requires minimal effort to maintain.