CrowdStrike Falcon Reviews

We use CrowdStrike Falcon to investigate security detections for malicious activities in our environment.

CrowdStrike utilizes machine learning algorithms and detection rules to generate alerts for suspicious activity within our environment. We then investigate these detections individually, analyzing the details of each event.

In addition to automated detection, CrowdStrike allows for custom queries. For instance, if we need to investigate a specific host, we can leverage a cloud security language to examine its activity. Similarly, we can use CrowdStrike to search for activity related to particular users or hosts.

CrowdStrike Falcon provides significant additional value. It excels at identifying suspicious activity the moment an application appears in the environment, immediately bringing these incidents to the attention of our response team. Upon receiving an alert, our team can investigate and take appropriate action if anything malicious is found. In essence, CrowdStrike Falcon acts as a strong barrier against attackers.

In the past 3 years, we have encountered many scenarios where CrowdStrike Falcon has helped mitigate potential security breaches.

The detection and response console is the most valuable feature.

We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike. In these cases, the access disable process can be quite slow.

I'm using CrowdStrike Query Language, and I've noticed an issue with event backups. Searches exceeding a certain event threshold aren't capturing all results. For instance, if I run a search that returns 10,000 events in a single day, only 2,000 events are backed up. This limitation with CrowdStrike Query Language needs to be investigated.

I have been using CrowdStrike Falcon for over 3 years.

CrowdStrike Falcon is generally stable, although event searches may occasionally experience slow performance.

CrowdStrike Falcon's scalability is dependent on the license acquired.

The technical support live chat can experience long wait times. Submitting a ticket may result in a quicker response.

The company was using Carbon Black before I joined. When I came on board, they decided to switch to CrowdStrike.

I would rate CrowdStrike Falcon 9 out of 10.

CrowdStrike Falcon is deployed across multiple end-user systems and locations.

I recommend CrowdStrike Falcon. It's a wonderful security platform that's easy to use and requires minimal effort to maintain.

A lot of customers face ransomware and malware attacks. The solution helps protect endpoints and servers from ransomware and malware attacks.

The solution has multiple layers of security, including web security. We can monitor endpoints, conduct root cause analysis, and find geolocations. If the tool finds any suspicious activity, it blocks and remediates it.

The solution makes our security operations easier. After an incident, we get complete reports and insights. The product provides good monitoring features. The product also has teams that help customers find suspicious activities. The team calls and asks us to check the updates and remediate issues. If the system can remediate it, the team does it through the system. The detection and response are in real-time. There are no security breaches. Resolving issues doesn’t take much time.

The tool is more expensive than other products in the market.

I have been using the solution for more than 3 years.

I did not have any stability issues.

It is easy to scale up. We just need to add the licenses. The product is suitable for small, medium, and large businesses. We must buy a minimum of 50 licenses.

The support is excellent. We rarely need support.

Positive

The initial setup is pretty simple and clear. The time taken for deployment depends on the endpoints. It's a cloud solution. We can use Active Directory or the group policies to deploy it.

The product has a lot of use cases. There are companies that need to run their operations 24/7. It will be a big challenge if their server or infrastructure goes down. They cannot afford downtime. They need to choose the right solution for their needs.

The price depends on the kind of service we need. If we need excellent service, we must pay a reasonable price. We can choose any pricing model if we do not want excellent service. The product is excellent. We need to pay a premium price for the tool.

Microsoft Defender Threat Intelligence, IBM, and Cisco are some competitors. CrowdStrike entered the market with a USP to protect endpoint servers. It has a different approach. Malwarebytes has a similar setup. I prefer CrowdStrike, though.

I will recommend the tool to others depending on their budget. If customers have a good budget and need a premium product, they can choose CrowdStrike. No product is perfect. Overall, I rate the tool an 8 out of 10.

We are using it as an EDR solution for endpoint protection. 

Everything is changing rapidly nowadays, and new threats can come into the organization from any source. I have found this product to be very useful. 

If I want to drill down into an unusual activity or something else, I can do that. I can go deep into what processes were involved, what network operations were involved, and what unauthorized users wanted to do. I can see how CrowdStrike processed and blocked the operation. The investigation is very easy for me. I can go to the tree level and see what is going on. It is very useful.

The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that. In my previous experience, when anything was getting scanned, our PCs would become slow. Users would complain about PCs getting slow. This is a positive point of CrowdStrike Falcon.

The dashboard area must be improved. We have integration with Splunk, and we are creating a dashboard there. Their dashboard area must be up to date. It should have more details and more options to create the reports and things like that.

I have some concerns about their support. I am not happy or satisfied with their support. Something happened, and we opened a ticket. Their support engineer just vanished, and after a month, he came back and told us that he was off work and could not pursue the ticket. He said that he now has the time, but logs are gone because there is a time limit. We were asked to repeat the test. This is very unusual for me. 

In my organization, we have been using it for the last one and a half years. I have been using it for the last two to three months because I recently joined the organization.

From my understanding and observation, it is a stable product, but I have been using this product only for the last two to three months. I am just in the learning phase.

We have almost 3,000 users using this solution. 

I would rate CrowdStrike's support team a three out of ten. Their support is unacceptable for us. We are doing some testing ourselves. When we found an issue where CrowdStrike should have blocked something but did not, we opened a ticket with CrowdStrike. They tried to communicate with us and looked at the files that we shared. We had updated signatures, and we shared with them the SHA values, but after that, they suddenly vanished. Just two days ago, I got an email from them that the engineer was on leave and he is back now. They asked us to perform the activity again, which is unacceptable.

When any issue happened with Symantec, we opened a ticket, and they would accept their mistake if something was not caught by Symantec. They would then update the definitions and send us the latest updates. This is the way to work on the latest technology trends.

Negative

I have experience with Symantec endpoint protection. As compared to Symantec, CrowdStrike is a very good product. I have also worked with Microsoft Defender.

Every product has some advantages and disadvantages. I have worked with Microsoft Defender and Symantec, and now, I am working with CrowdStrike. Every organization's needs are very different. It depends on what the organization wants. For example, the security requirements of the banking sector are very high. The banking sector has different requirements, the retail sector has different requirements, and a software development organization has different requirements. An organization should weigh the pros and cons and decide based on the requirements.

Overall, I would rate CrowdStrike Falcon an eight out of ten.

We integrate the data from this solution with ExtraHop, which is an NDR. Being able to move between both platforms and have network-level data and transactions over the network feed into XDR CrowdStrike is really powerful. It helps us make better decisions, it makes better decisions without human intervention, and it hones the analytics a little bit. The EDR aspect of it works almost exactly the same as the regular Falcon product. I will say that it's probably a lot better at scale than what we're using it for. I work at a school district, so for the individual schools, it's nice to see and isolate issues and have reports built by individual school locations rather than just everything looking like a whole hodgepodge of computers.

It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff, like look for old versions of applications that maybe you forgot about or find stuff that people are running that maybe you don't want on your network, and it lets you get rid of those. Also, its ability to do on-keyboard remote response and run PowerShell script through the sensor is pretty sick. It's ability to quarantine devices is also pretty great.

The ability to receive text alerts natively in the console would be kind of cool. Some people put their email on quiet hours, so having it natively in the system would be nice.

I know that they offer an identity piece and a firewall piece and we haven't subscribed to or purchased either of those, but having some of that data in the base program would be good, and then if you want more control, you pay for it. There's times where I want to look at an internet history of a device that's remote, or I want to see logins, successful or unsuccessful. I don't want to manage identity and I don't want CrowdStrike to alert on it, but it would be nice if the ability to see the data was included with the base product. Then that could kind of get your foot in the door with having the ability to look at that information, but not being able to do anything actionable with it.

I have been using this solution for two years. 

The solution has never failed. The only false positives that we get are ones that we test with. I do true and false positive testing every month to make sure stuff is working correctly and the solution picks up on it. 

The solution is very scalable. Our proof of concept was a few devices and now at full scale we have 50,000 devices. It's a cloud console, so if you do the implementation right and the sensor is put on in an automated process, it doesn't matter how many computers you have. It just runs. They have sensors for every kind of device: Macs, Windows, Linux, and I think even Android.

The support is great. They're quick to respond and you see the same names pretty consistently. They probably do it by region or account or something like that, so it's not just a random person every time.

The setup is as complex as you want to make it. They have engineers that help you. We did a proof of concept first and that was pretty seamless. If you want to build out a bunch of dynamic groups and have different policies affect the different groups separately, you can. If you want to purchase a bunch of licenses for integration with different products, they partner with a bunch of different security vendors and you can make it as complex or simple as you want. If you just want NextGen AV, you can just have NextGen AV and it's super simple and the sensor just sits on a computer, but if you have a bunch of data and want it to be really complicated and want to be able to do whatever you want, you can do that too. It's pretty flexible, in that sense.

Getting it off the ground took myself, one CrowdStrike engineer, and we could have done it with one systems engineer, but we had two because one was on the client side for the Windows hosts and one was for enterprise for the data center and servers. We did it with four people, and me and one other guy manage it ourselves.

We pay for Overwatch, which is kind of like a sock where someone that works for CrowdStrike monitors certain aspects of your network, and then they can make notes and quarantine devices for you, and they'll alert you at 2:00 in the morning. It's really great, but it takes two people to manage the alerts after a bit of tuning to make sure that the stuff that is on your network that you want to be there, that's getting picked up by CrowdStrike, is excluded. I get maybe ten alerts a day, but that comes from having good hygiene in other areas. If you're not preventing those alerts or fixing the problems that CrowdStrike is picking up, you're going to have a lot of work to do, but if you use CrowdStrike as a hygiene tool, it's a lot easier to manage.

My advice would be to automate as much of the management as you can. Sensor deployment can be really annoying, but if you figure out how to automate it in your environment, that will make it way easier. That way, as the devices are provisioned, they have the sensor on them and they just pop up into your console. I know some people do it by hand and that's a nightmare.

I would rate this solution as a nine out of ten. It's really good. 

A popular choice for Data Loss Prevention is CrowdStrike Falcon. This is the primary function our clients leverage it for, as it offers industry-leading DLP capabilities.

CrowdStrike Falcon has helped our customers secure their confidential data.

The DLP is the most valuable feature of CrowdStrike Falcon. Additionally, the scanning is good and the deployment is easy.

The console is not user-friendly or visually appealing and has room for improvement. I would like a single pane of glass dashboard.

I have been an integrator of CrowdStrike Falcon for one day. 

CrowdStrike Falcon is stable.

I have also worked with Trend Micro and Panda.

The initial deployment is straightforward. I would rate the ease of setup nine out of ten.

Two people are required for the deployment.

I need to upgrade the software occasionally but it doesn't require continuous maintenance.

While the specific deployment time varies depending on each client's individual environment, on average the process can be completed in a couple of days.

I only deploy the solution for clients, I don't calculate their ROI.

CrowdStrike Falcon's pricing is reasonable. We can customize features and that affects the pricing.

We pay 40,000 dirhams per 100 users.

I would rate CrowdStrike Falcon nine out of ten.

Our clientele ranges from small to enterprise-level businesses.

I recommend CrowdStrike Falcon as it provides all the features of an EDR.

We use CrowdStrike Falcon for endpoint protection and cybersecurity.

We implemented CrowdStrike Falcon to ensure our systems were secure and there were no infiltrations to our system.

We deploy CrowdStrike Falcon across a variety of platforms, including cloud and edge environments. We ensure it meets rigorous security standards, is properly certified, and adheres to our data management policy.

We integrated CrowdStrike Falcon with our end-user systems and servers.

Since implementing CrowdStrike Falcon, we haven't experienced any serious threats, and we've seen a decrease in phishing and ransomware emails. This suggests it's been very effective in mitigating those threats.

The UI is easy to use and comprehensive.

CrowdStrike Falcon's performance has improved our user productivity.

CrowdStrike Falcon offers a comprehensive dashboard that is highly effective in protecting against and blocking external infiltration attempts.

The pricing structure should allow for some flexibility.

I have been using CrowdStrike Falcon for almost 3 years.

CrowdStrike Falcon is stable.

I would rate the scalability of CrowdStrike Falcon 8 out of 10.

The technical support is good. We have not had any issues with them.

Positive

The initial deployment was straightforward. The deployment doesn't take more than one day. Those involved with the deployment are system engineers, IT analysts, and software engineers.

The implementation was completed in-house.

The price is fixed with no room for negotiation.

I would rate CrowdStrike Falcon 8 out of 10.

We have deployed CrowdStrike Falcon in multiple departments, locations, and satellite offices.

CrowdStrike Falcon doesn't require maintenance from our end other than the updates.

I recommend CrowdStrike Falcon to others.

I'm a security analyst. We get alerts on the cloud side that appear in the CrowdStrike console and also in our email. We can consolidate them on the console and check the process tree. You can see the hostname, user details, and all the information on the right side.  On the file part, we can see whether the malicious file has been executed and decode it to see where the hash appears.

I worked with an event-tracking tool before I started working at this company, and any insights that were triggered in that tool would be noted in the infrastructure certificate tool. The information we gather from CrowdStrike will be updated in Azure, so all the information, resolutions, etc. will be added to Azure. We can check the activity and whether the malicious file is being blocked, quarantined, or allowed.

I like Falcon's threat detection and endpoint investigation features. It's a user-friendly solution. We determine the root cause of an alert and contact the end user via our Slack channel if necessary to gather additional information to determine whether they know about the activity. We can download and investigate the malicious file in the sandbox to see what's happening. We check to see if it has been executed. We can easily delete it in the CrowdStrike console if it hasn't.

I have used CrowdStrike for two years. 

I rate CrowdStrike Falcon ten out of ten for stability. 

I rate CrowdStrike Falcon ten out of ten for scalability. 

I rate CrowdStrike support eight out of ten. They respond quickly on weekdays, but the weekend response times are slower. 

Positive

I'm working on two projects. One is using CrowdStrike Falcon and the other is using Crowdstrike XDR, which is the advanced version.

Falcon is a cloud-based platform so deployment is easy. You only need to deploy the agent to the endpoints, but the data is stored in CrowdStrike. 

I rate CrowdStrike Falcon ten out of ten. I would recommend Falcon to others. 

We use CrowdStrike Falcon mostly for EDR.

We implemented CrowdStrike Falcon to gain better control over our endpoints, servers, and work sessions. Unlike traditional antivirus programs, Falcon's sophisticated features allow us to comprehensively manage and enhance security, providing a more robust solution for our specific needs.

In the past year, Falcon has significantly improved our organization's security by consolidating endpoint management. With a single call to Falcon, we can oversee all endpoints, eliminating the need for multiple platforms and streamlining our security operations for better efficiency and awareness.

The most valuable feature of CrowdStrike Falcon for me is its unified sensor, applicable across all models. This consistency simplifies operations, and while the analytics and server capabilities are significant, having a single sensor for all models stands out as the key advantage in managing security effectively.

There is room for improvement in managing multiple customer IDs. Enhancements in the console web for better control and customization of sensor features would be valuable to ensure a smoother experience in handling various customer IDs and installations.

I have been using CrowdStrike Falcon for about a year.

I have not had any stability issues with CrowdStrike Falcon.

I would rate the scalability of CrowdStrike Falcon as a ten out of ten.

The technical support is not very good. I would rate it as an eight out of ten. One improvement could be reducing the response time for cases, as waiting two or three days, even for less critical issues, can be a bit long. Additionally, a better feedback loop on submitted ideas would enhance the efficiency of communication with the product group, providing more clarity on whether proposed features or versions will be considered.

Positive

Before Falcon, we used Trellix. We switched to Falcon for enhanced security, moving beyond just antivirus protection. Falcon provides more advanced features and a comprehensive security solution.

The deployment of Falcon was relatively easy, with no major issues except occasional misconfigurations on the filter. The process for individual work sessions is fast, taking around a few minutes, but for servers, it requires more time due to the need for antivirus removal and sensor replacement, involving server restarts. Overall, the deployment time depends on the scope, ranging from minutes for work sessions to more extended periods for servers.

At the moment, we have around twenty thousand users in our environment. Our setup spans multiple locations, mainly in Portugal, and we operate on various operating systems, including Mac, Linux, and Windows.

Falcon, being a SaaS product, doesn't require maintenance on our end. Updates are needed for servers, but they can be easily managed through the web interface without causing any inconvenience for us.

I would recommend conducting a proof of concept with CrowdStrike Falcon before making a decision. While the product has strengths, I would advise new users to address questions and doubts directly with the product team, especially when seeking new features or improvements. Ensure there is a clear communication channel for feedback and inquiries. Overall, I would rate CrowdStrike Falcon as a nine out of ten.