What is our primary use case?
The following is a list of use cases that were tested and evaluated against Crowd Strike along with different competitors.
1 - Execution of Fileless Ransomware - The test was conducted using PowerShell script execution, the script was executed using privileges rights and it was successful. Although all the preventive controls were enabled in the CS falcon dashboard, CS falcon had raised a red flag regarding fileless execution, however, the moment it let us know our system got encrypted.
2 - Uploading large volume of Data over the cloud - Using customized script in the USB, a test was conducted to copy (.docx, .xlsx, .pptx, .png, .jpg, .pdf, .txt, .rtf) files from the system. It performs a copy operation from the whole disk and creates a password-protected .zip file in APPDATA of the complete files, once the protected file is created it then checks the internet connectivity. As soon as the script finds connectivity with 8.8.8.8, 8.8.4.4. it starts sending the protected .ZIP file over its CnC cloud.
3 - Disabling of CS Falcon Agent - I have conducted a test to disable the Falcon agent from the Windows-based OS. The agent was successfully disabled by booting up another OS and renaming of agent files from the system.
4 - Perform Privilege Task in Crowd strike - CS roles have some additional privileges. While performing host containment, it has the ability to perform the following operations without informing the user:
* Host Containment
* Isolating the host from the network;
* Copying data from the host machine into the CS cloud;
Considering the above situation it may cause a breach of user privacy due to which user can file a complaint against InfoSec team.
How has it helped my organization?
The solution fits well in the organization and took out valuable output as expected from Endpoint Detection and Response solution.
This solution supersedes the requirement of an Endpoint Protection solution. The cost of EPP can be saved while using EDR.
One good thing is the active association of the Crowd Strike team in terms of support and coordination.
Features that require further evaluation include:
Let's take an example of ten machines that require CS falcon agent installation. Apart from agent compatibility and ease of installation, one of the most important areas is the network bandwidth which would require whenever an agent updates the server through the cloud.
An estimated network bandwidth utilization takes 0.4 MB/hour for a single machine to update its probes over the cloud. If we estimate the total working hours in our case it is eight hours, the formula would be 0.4 X 8 = 3.2 MB per host per day is the data uploading requirement on the cloud. It is highly recommended to assess a number of agents and the network bandwidth requirements.
What is most valuable?
The CS falcon agent is a lightweight agent compared with other agents of EDR products. Moreover, the following is the list of valuable features which I found very useful:
1 - Lateral Movement
2 - Overwatch detections
3 - Custom IOC blocking
4 - Suspicious Process and Registry operations
5 - Azure/AWS agent installation and easy integration with SIEM
6 - Triage of the complete incident is well created in the CS dashboard. It helps to show complete details about the incident.
7 - It is an agent-based license not machine-based, so once the machine gets outdated/old, installation of the same agent license in another machine is possible.
What needs improvement?
Area of Improvement
The products still require improvement in the Apple environment (Mac). Currently, this solution (as of July 2022) is not compatible with MAC OS (X), Catalina, or Big Sur.
Similarly, the product is also not compatible with Unix-based systems including AIX, Darwin, and FreeBSD.
CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine.
Additional Features required in the Next release:
The product requires an add-on feature which should be a turnkey feature if it requires to be turned on to XDR no changes should be required to be made on the user end as the agent is already installed.
Buyer's Guide
CrowdStrike Falcon
July 2026
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,118 professionals have used our research since 2012.
For how long have I used the solution?
The solution has been used for around two years, including the demo version with full features and final version with specific features.
This solution has been used without any compatibility issue and/or technical failure due to anti-virus installation.
When we procured Crowd Strike as an EDR it was on the Gartner top ranking as well.
The agent was being utilized in Windows Servers (2016, 2019), Linux Servers (Fedora, Red hat, Cent OS), Windows Endpoints (10, 11), and Mac.
What do I think about the stability of the solution?
The solution is stable and we have used it for more than 2500+ hosts.
What do I think about the scalability of the solution?
It is a cloud-based solution - so scalability is not an issue.
How are customer service and support?
When it comes to customer service and support is that the principal engages whenever required.
Which solution did I use previously and why did I switch?
This was the first product that we evaluated out of 6 (six) products.
How was the initial setup?
The setup was straightforward and it's easy to use.
What about the implementation team?
A vendor team was engaged in the installation of the complete solution.
What's my experience with pricing, setup cost, and licensing?
Licensing is relatively low than other EDR solutions.
Which other solutions did I evaluate?
We evaluated Carbon Black and FireEye.
What other advice do I have?
Crowd Strike is a good solution. However, it requires you to build more features in protecting Endpoint agents for example:
DOM Improvement
DLL's Injections
Detection of CNC in Network Neighbors
Detection of similar attack surfaces in the network.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.