The pricing is a bit too high. They need to adjust their target market. I'd like to see a risk assessment or vulnerability management feature to show the company risk factors for the endpoints that have Crowdstrike deployed. I'm not sure if they offer patch management. If they don't, they really should. For larger enterprises, managing all those endpoints and trying to figure out which needs a patch can get tedious.
Dashboard creation is one of the areas for improvement in CrowdStrike Falcon. Sometimes, management asks for a custom dashboard, so my team has to collect data from CrowdStrike Falcon, integrate that in Splunk, then create the dashboard in Splunk. The Splunk dashboard is more elaborate, so the CrowdStrike Falcon dashboard needs improvement. Another area for improvement in the tool is the malware detection report, as it needs to be more detailed and include some graphics so that if you want to present that data in a nutshell, it's easier to do. For example, the report should consist of some graphical representation that shows a month's worth of data. In terms of an additional feature I'd like CrowdStrike Falcon to have, it's the device posture assessment feature that detects the device posture within the network. Whichever device connects to the corporate network, my company should be able to analyze the device posture. Then there should be communication with the network, which means that as soon as a device connects, CrowdStrike Falcon can assess the device posture, detect its corporate asset, and decide whether it should be allowed on the network.
CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve.
Head of Cyber Defense & Offensive Security at Habib Bank Limited
Real User
2022-07-04T08:47:00Z
Jul 4, 2022
Area of Improvement The products still require improvement in the Apple environment (Mac). Currently, this solution (as of July 2022) is not compatible with MAC OS (X), Catalina, or Big Sur. Similarly, the product is also not compatible with Unix-based systems including AIX, Darwin, and FreeBSD. CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine. Additional Features required in the Next release: The product requires an add-on feature which should be a turnkey feature if it requires to be turned on to XDR no changes should be required to be made on the user end as the agent is already installed.
The solution keeps changing their website to the point that it's hard to navigate. Also, the technical support is kind of hit-or-miss. Sometimes they really respond quickly and sometimes I don't hear from them for a long time.
Most organizations are currently looking for a scheduled scan to meet their compliance needs. Other players like Symantec and Trend Micro, FireEye, et cetera, are still providing the signature-based regular scheduled scans also, which is not available in CrowdStrike. That is one parameter that we feel should be there in CrowdStrike. CrowdStrike is only working on the dynamic or the files under execution. CrowdStrike is not scanning the static files. The product could be more accurate in terms of performance. We'd like to have a single-click recovery option. With some machines getting corrupted by malware, we need an easy way to start with a blank slate if things happen. That one feature should be there in the EDR.
Falcon could be improved with more function on the mobile end of things and better optimization with mobile devices. In the next release, CrowdStrike should include the ability to send logs to SIM tools.
Chief Technical and Solution Architect at Vertigo Inc.
Real User
2022-05-16T19:25:30Z
May 16, 2022
The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool. In a future release, the mobile space can use improvement. However, some of those constrained are by Apple and other platforms as to what they can do on the platform. Some of the limitations are industry-based.
Especialista em Segurança da Informação - DFIR at a financial services firm with 501-1,000 employees
Real User
2022-01-04T21:31:11Z
Jan 4, 2022
CrowdStrike Falcon could improve if it became an XDR. When we look only to an end-point, we lost the context of the environment. I know it's another line of design of the product. However, if CrowdStrike becomes an XDR, it could be very good.
Consultant at a computer software company with 51-200 employees
MSP
2021-12-13T14:39:00Z
Dec 13, 2021
On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant.
Chief Security Officer at a financial services firm with 201-500 employees
Real User
2021-03-25T16:49:00Z
Mar 25, 2021
The deployment process is an area that needs to be improved. For some reason, CrowdStrike does not provide any help in terms of how to deploy the agent in a more efficient manner. They just don't provide the support there, which leaves their customers to figure out how to push agents out, either through GPO or through BigFix or through SCCM, and there was no support on that side. Not being able to complete the deployment in an efficient manner is one of the huge weaknesses. It would be good if they had a feature to remove agents. We're in a transaction processing environment and if CrowdStrike is affecting a transaction processing server, we need to uninstall that agent pretty fast. Right now, the uninstall has to be done manually, which is not great. If we have a dashboard capability to uninstall agents, I think that would be great. The dashboard seems a little bit too clunky in the sense that it's spread out in so many ways that if you don't log in on a daily basis, you're going to forget where things are. They can do a better job in organizing the dashboard.
Information Security, Sr. Analyst at a wholesaler/distributor with 10,001+ employees
Real User
2021-03-24T18:07:00Z
Mar 24, 2021
We would like to be able to perform on-demand scanning, rather than relying on the scheduler. Right now, CrowdStrike does not have an on-demand scanner. They have the always-on, but we have found instances where artifacts are being blocked from running, but they're not being removed. With an on-demand scanner, we would have the ability to remove those artifacts from an end user's machine. I would like to see the multi-site environment functionality added in the next release. Currently, we are working under a single-site environment, and on the roadmap, they mentioned having the ability to have a multi-site environment.
The console is a little cluttered and at times, finding what you're looking for is not intuitive. Once you find it, it's great, but it's not always very intuitive as to how to find exactly what you're looking for sometimes.
Information Security Analyst at a insurance company with 1,001-5,000 employees
Real User
2021-03-10T06:12:00Z
Mar 10, 2021
It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful.
Director of IT at a tech services company with 51-200 employees
Real User
2021-03-08T20:20:00Z
Mar 8, 2021
It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.
Head Of Infrastructure at a insurance company with 201-500 employees
Real User
2020-10-27T21:47:54Z
Oct 27, 2020
The reporting part is basic. It's not that intuitive and you cannot go further backward in terms of historical information. The Integration with tools, SOC tools, could be better.
Director Of Information Technology at a financial services firm with 11-50 employees
Real User
2020-10-19T09:33:00Z
Oct 19, 2020
CrowdStrike Falcon by itself does not supply in-depth reporting. Falcon Protect does what it does. It's endpoint security — nothing more, nothing less. What it does, It does well. However, if you need more information on what it found and how it got there (including board reporting and compliance reporting), that's not there. Some of the other solutions that are available give you that, right out of the box.
Director Of Information Technology at a financial services firm with 11-50 employees
Real User
2020-10-08T07:25:00Z
Oct 8, 2020
I miss a feature for the USB control that they have as an add-on. I haven't gotten to the point where I want to pay for it, but the features that I miss are available. The biggest issue with Falcon as a standalone product is it doesn't have very much reporting. Out of the box, the only weakness is the level of reporting. All the analytics and the telemetry are there, it's just a matter of getting to it. Other vendors offer some of that stuff right out of the box. CrowdStrike Falcon has been very low maintenance. There are features on it that I haven't touched yet. I've got a SIEM that I haven't really had time to explore fully. I have a patch management system that does what it does. I have a firewall and IDS that do what they do, and I have an endpoint security system that does what it does. MSPs keep asking how one person can keep up to the different solutions and alerting, if you don't have any problems, then it's pretty easy to keep up. Everything does what it does. I don't experience any of the issues that apparently a lot of people have on their network. How can I tell you what to improve if it's doing what it's supposed to do?
I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it. It's got a pretty good engine to do that on its own but it's one of the things that are important to us, so I'm just trying to increase the time-to-issue identification. By comparison to buying into the Microsoft suite, it was definitely less costly. CrowdStrike can be costly.
Senior Cyber Security Analyst with 1,001-5,000 employees
Real User
2020-10-01T09:57:51Z
Oct 1, 2020
Any kind of integration that you want to do, such as using the API to connect to a SIEM, is complex and it will be expensive to do. It is quite a pricey product.
Senior System Engineer at a computer software company with 1,001-5,000 employees
Real User
2020-08-30T08:33:28Z
Aug 30, 2020
The solution overall is a good product, and we don't see too much room for improvement. Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply. The solution could use better device control.
Sr. IT Support Executive at a hospitality company with 1,001-5,000 employees
Real User
2020-08-12T07:01:48Z
Aug 12, 2020
I'm new to the solution. Currently, I'm comparing it to other EDR solutions to see if anything is missing, however, I'm still learning the ins and outs of the product. It may be due to the fact that I am new, however, I'm having trouble understanding their licensing. It does take more time to scan than other solutions. The solution should continue to make the learning curve as short as possible by providing even more training and documentation.
Technical Architect at a consultancy with 10,001+ employees
Real User
2020-08-09T07:19:59Z
Aug 9, 2020
In the six months that I have been using CrowdStrike, it has not been able to detect anything. We have been using Trend Micro and it has detected some malicious activities. We have CrowdStrike conduct some inner forensic investigations in hopes that it will be more advanced and detect things that may have been missed by Trend Micro. It would be helpful to have some prebuilt search queries based on the top ten queries in the industry for detection.
Dy General Manager at a real estate/law firm with 501-1,000 employees
Real User
2020-08-02T08:16:48Z
Aug 2, 2020
The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ. I'd really like to have a complete solution. Right now most of the incidents happen on our endpoints. It is visible at the endpoint, the end server. If this can have a correlation tool that could actually give us a comprehensive dashboard, that would be useful. It could give us top-down visibility and could be from the firewall or any kind of security protection tool. It could be part of the DNS protection suite. However, that's why it's so important to have better integration capabilities. If this endpoint is trying to get at this particular website and it is identified as DNS level protection, that also comes to this dashboard. Around 80% to 90% view of whatever it is happening with this endpoint, whatever action it is doing, can be inspected on the dashboard. If the endpoint is protected by CrowdStrike. I am only to access this application through a CrowdStrike protected device.
Associate Director - Infrastructure Engineering at AFT
Real User
2020-07-12T11:48:43Z
Jul 12, 2020
If an operating system is stopped by support by the original vendor like Microsoft, or maybe Apple, within a few weeks, CrowdStrike will also decide they no longer support it, and they kind of move on. I understand their model. However, if we still have the OS, it's hard to keep it protected. So, for example, if Microsoft decides to stop supporting or patching a solution, Crowdstrike too will stop supporting it and making updates. It's still a useable product, it's just not getting updates or patches and therefore may be vulnerable. The result is that we can't guarantee we're going to be able to protect that hardware or operating system. We either have to upgrade to a newer platform, which sometimes is not possible because you have a legacy application. Whatever that constraint is, sometimes we're not able to move things. We still have to rely on other products to support that. That's the only quandary I have with them. Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about. When a file is infected or it detects a ransomware file network, when it does remediate, it should self-heal as Sophos does. That's a good feature to have, but I don't know enough pros and cons about that to kind of recommend that because if it is a false positive, that may be a problem. If it detected a valid file and if for some reason it decides, "Oh, this looks like an infection," and maybe it's not actually infected, and if it goes in and remediates it by replacing it with an older file, that may be a problem. However, I don't know, because I've never used that feature or heard anybody say that's a problem.
The solution doesn't have a whole lot of email security on offer. We did know that going into the purchase, however. We decided to get a different solution for that aspect of security. They have a sandbox feature, but it's all they do. They have different grades. There's the Socket Pro and then there's an ADR. Then there's another one where they pretty much watch your system for you. And it's all different. It's all based on the price you want to spend. I wasn't going to drop a large amount of money. They don't really have anything when it comes to scanning attachments. That would be something I would like.
Director Of Information Technology at DLZ Construction Svs.
Real User
2020-06-17T10:56:00Z
Jun 17, 2020
Improvement could be made in the number of false positives we get, there are more than there needs to be. Typical Windows functions sometimes get stopped by CrowdStrike. In general, I'd rather err on the side of safety but some of these are really straightforward functions that should get through. For the future, I think they need to keep building on their extensibility, the capability to be extended, so that it's not lost and we can utilize the knowledge that we're gaining from the endpoints.
Security Engineer at a tech services company with 11-50 employees
Reseller
2019-03-12T07:26:00Z
Mar 12, 2019
The GUI can use improvement, it's cloud-based so sometimes the interface can be a bit slow. The interface could use a little bit more speed. When I change the policies for some users, I would like to have an option to apply that policy immediately. Right now, I have to wait for the users to connect to the cloud to take the new policy. I would like for them to develop the ability to have an option to apply the post the policy immediately.
Director of Security at a insurance company with 51-200 employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019
It probably needs more integration with firewall vendors. It needs integration with other technologies. It doesn't play well with anything else. It is more of a standalone solution. Therefore, integration with other technologies would be great.
Security Engineer at a tech services company with 10,001+ employees
Real User
2018-12-17T09:44:00Z
Dec 17, 2018
The current version of Falcon does not support DLP which is a may be a good to have in a EDR Solution. It must be included in the future version if possible. There must be a on-premise versions. MDM is also coming soon must also have ability to be controled from same dashboard.
Information Security Consultant at a tech vendor with 501-1,000 employees
Consultant
2018-11-06T13:09:00Z
Nov 6, 2018
There are a couple of issues with the compatibility to some of the operating systems. But, I see that there are a lot of things in the pipeline. They have a roadmap, and continuously are improving. Within the last three months I have seen lot of new features in the overall CrowdStrike suite. A couple of things were on the cosmetic part. CrowdStrike needed some improvements on the report functionalities, specifically the dashboard functionalities. Technically there a lot of things also coming from a visual perspective. There are a couple of things they still need to work out like the dashboards. The dashboard does not have the facility to export the reports in a PDF format, which I can quickly share with internal stakeholders. These are minor things, but they are in the pipeline.
CrowdStrike Falcon provides endpoint protection and threat intelligence using a cloud-based platform for real-time detection and response. Its minimal impact on system performance and ease of deployment are key benefits along with advanced logging and reporting for compliance and forensic analysis.
CrowdStrike Falcon is known for its efficacy in identifying malware, ransomware, and sophisticated cyber threats. The platform's cloud-native architecture and advanced AI capabilities ensure...
The pricing is a bit too high. They need to adjust their target market. I'd like to see a risk assessment or vulnerability management feature to show the company risk factors for the endpoints that have Crowdstrike deployed. I'm not sure if they offer patch management. If they don't, they really should. For larger enterprises, managing all those endpoints and trying to figure out which needs a patch can get tedious.
Dashboard creation is one of the areas for improvement in CrowdStrike Falcon. Sometimes, management asks for a custom dashboard, so my team has to collect data from CrowdStrike Falcon, integrate that in Splunk, then create the dashboard in Splunk. The Splunk dashboard is more elaborate, so the CrowdStrike Falcon dashboard needs improvement. Another area for improvement in the tool is the malware detection report, as it needs to be more detailed and include some graphics so that if you want to present that data in a nutshell, it's easier to do. For example, the report should consist of some graphical representation that shows a month's worth of data. In terms of an additional feature I'd like CrowdStrike Falcon to have, it's the device posture assessment feature that detects the device posture within the network. Whichever device connects to the corporate network, my company should be able to analyze the device posture. Then there should be communication with the network, which means that as soon as a device connects, CrowdStrike Falcon can assess the device posture, detect its corporate asset, and decide whether it should be allowed on the network.
The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool.
The performance could be better. It's a bit slow. When we click to launch the dashboard, it should be more responsive.
CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve.
Area of Improvement The products still require improvement in the Apple environment (Mac). Currently, this solution (as of July 2022) is not compatible with MAC OS (X), Catalina, or Big Sur. Similarly, the product is also not compatible with Unix-based systems including AIX, Darwin, and FreeBSD. CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine. Additional Features required in the Next release: The product requires an add-on feature which should be a turnkey feature if it requires to be turned on to XDR no changes should be required to be made on the user end as the agent is already installed.
The solution keeps changing their website to the point that it's hard to navigate. Also, the technical support is kind of hit-or-miss. Sometimes they really respond quickly and sometimes I don't hear from them for a long time.
Most organizations are currently looking for a scheduled scan to meet their compliance needs. Other players like Symantec and Trend Micro, FireEye, et cetera, are still providing the signature-based regular scheduled scans also, which is not available in CrowdStrike. That is one parameter that we feel should be there in CrowdStrike. CrowdStrike is only working on the dynamic or the files under execution. CrowdStrike is not scanning the static files. The product could be more accurate in terms of performance. We'd like to have a single-click recovery option. With some machines getting corrupted by malware, we need an easy way to start with a blank slate if things happen. That one feature should be there in the EDR.
Falcon could be improved with more function on the mobile end of things and better optimization with mobile devices. In the next release, CrowdStrike should include the ability to send logs to SIM tools.
The overall cost of CrowdStrike Falcon could be reduced.
The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool. In a future release, the mobile space can use improvement. However, some of those constrained are by Apple and other platforms as to what they can do on the platform. Some of the limitations are industry-based.
CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time.
CrowdStrike Falcon could improve the logs by making them free to the API.
Setting up and installing CrowdStrike Falcon is not easy, so an area for improvement is for that process to be simplified.
The management of the solution could improve.
CrowdStrike Falcon could improve if it became an XDR. When we look only to an end-point, we lost the context of the environment. I know it's another line of design of the product. However, if CrowdStrike becomes an XDR, it could be very good.
The price is too high.
On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant.
In the future release of CrowdStrike Falcon, they should add a sandbox feature.
The deployment process is an area that needs to be improved. For some reason, CrowdStrike does not provide any help in terms of how to deploy the agent in a more efficient manner. They just don't provide the support there, which leaves their customers to figure out how to push agents out, either through GPO or through BigFix or through SCCM, and there was no support on that side. Not being able to complete the deployment in an efficient manner is one of the huge weaknesses. It would be good if they had a feature to remove agents. We're in a transaction processing environment and if CrowdStrike is affecting a transaction processing server, we need to uninstall that agent pretty fast. Right now, the uninstall has to be done manually, which is not great. If we have a dashboard capability to uninstall agents, I think that would be great. The dashboard seems a little bit too clunky in the sense that it's spread out in so many ways that if you don't log in on a daily basis, you're going to forget where things are. They can do a better job in organizing the dashboard.
We would like to be able to perform on-demand scanning, rather than relying on the scheduler. Right now, CrowdStrike does not have an on-demand scanner. They have the always-on, but we have found instances where artifacts are being blocked from running, but they're not being removed. With an on-demand scanner, we would have the ability to remove those artifacts from an end user's machine. I would like to see the multi-site environment functionality added in the next release. Currently, we are working under a single-site environment, and on the roadmap, they mentioned having the ability to have a multi-site environment.
The console is a little cluttered and at times, finding what you're looking for is not intuitive. Once you find it, it's great, but it's not always very intuitive as to how to find exactly what you're looking for sometimes.
It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful.
It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.
They need to strengthen the forensic capabilities of this product, for e-discovery.
The reporting part is basic. It's not that intuitive and you cannot go further backward in terms of historical information. The Integration with tools, SOC tools, could be better.
CrowdStrike Falcon by itself does not supply in-depth reporting. Falcon Protect does what it does. It's endpoint security — nothing more, nothing less. What it does, It does well. However, if you need more information on what it found and how it got there (including board reporting and compliance reporting), that's not there. Some of the other solutions that are available give you that, right out of the box.
I miss a feature for the USB control that they have as an add-on. I haven't gotten to the point where I want to pay for it, but the features that I miss are available. The biggest issue with Falcon as a standalone product is it doesn't have very much reporting. Out of the box, the only weakness is the level of reporting. All the analytics and the telemetry are there, it's just a matter of getting to it. Other vendors offer some of that stuff right out of the box. CrowdStrike Falcon has been very low maintenance. There are features on it that I haven't touched yet. I've got a SIEM that I haven't really had time to explore fully. I have a patch management system that does what it does. I have a firewall and IDS that do what they do, and I have an endpoint security system that does what it does. MSPs keep asking how one person can keep up to the different solutions and alerting, if you don't have any problems, then it's pretty easy to keep up. Everything does what it does. I don't experience any of the issues that apparently a lot of people have on their network. How can I tell you what to improve if it's doing what it's supposed to do?
I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it. It's got a pretty good engine to do that on its own but it's one of the things that are important to us, so I'm just trying to increase the time-to-issue identification. By comparison to buying into the Microsoft suite, it was definitely less costly. CrowdStrike can be costly.
Any kind of integration that you want to do, such as using the API to connect to a SIEM, is complex and it will be expensive to do. It is quite a pricey product.
The solution overall is a good product, and we don't see too much room for improvement. Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply. The solution could use better device control.
I'm new to the solution. Currently, I'm comparing it to other EDR solutions to see if anything is missing, however, I'm still learning the ins and outs of the product. It may be due to the fact that I am new, however, I'm having trouble understanding their licensing. It does take more time to scan than other solutions. The solution should continue to make the learning curve as short as possible by providing even more training and documentation.
In the six months that I have been using CrowdStrike, it has not been able to detect anything. We have been using Trend Micro and it has detected some malicious activities. We have CrowdStrike conduct some inner forensic investigations in hopes that it will be more advanced and detect things that may have been missed by Trend Micro. It would be helpful to have some prebuilt search queries based on the top ten queries in the industry for detection.
The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ. I'd really like to have a complete solution. Right now most of the incidents happen on our endpoints. It is visible at the endpoint, the end server. If this can have a correlation tool that could actually give us a comprehensive dashboard, that would be useful. It could give us top-down visibility and could be from the firewall or any kind of security protection tool. It could be part of the DNS protection suite. However, that's why it's so important to have better integration capabilities. If this endpoint is trying to get at this particular website and it is identified as DNS level protection, that also comes to this dashboard. Around 80% to 90% view of whatever it is happening with this endpoint, whatever action it is doing, can be inspected on the dashboard. If the endpoint is protected by CrowdStrike. I am only to access this application through a CrowdStrike protected device.
The management reporting functionality needs to be improved. We would like to see more features for vulnerability management included.
If an operating system is stopped by support by the original vendor like Microsoft, or maybe Apple, within a few weeks, CrowdStrike will also decide they no longer support it, and they kind of move on. I understand their model. However, if we still have the OS, it's hard to keep it protected. So, for example, if Microsoft decides to stop supporting or patching a solution, Crowdstrike too will stop supporting it and making updates. It's still a useable product, it's just not getting updates or patches and therefore may be vulnerable. The result is that we can't guarantee we're going to be able to protect that hardware or operating system. We either have to upgrade to a newer platform, which sometimes is not possible because you have a legacy application. Whatever that constraint is, sometimes we're not able to move things. We still have to rely on other products to support that. That's the only quandary I have with them. Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about. When a file is infected or it detects a ransomware file network, when it does remediate, it should self-heal as Sophos does. That's a good feature to have, but I don't know enough pros and cons about that to kind of recommend that because if it is a false positive, that may be a problem. If it detected a valid file and if for some reason it decides, "Oh, this looks like an infection," and maybe it's not actually infected, and if it goes in and remediates it by replacing it with an older file, that may be a problem. However, I don't know, because I've never used that feature or heard anybody say that's a problem.
The solution doesn't have a whole lot of email security on offer. We did know that going into the purchase, however. We decided to get a different solution for that aspect of security. They have a sandbox feature, but it's all they do. They have different grades. There's the Socket Pro and then there's an ADR. Then there's another one where they pretty much watch your system for you. And it's all different. It's all based on the price you want to spend. I wasn't going to drop a large amount of money. They don't really have anything when it comes to scanning attachments. That would be something I would like.
Improvement could be made in the number of false positives we get, there are more than there needs to be. Typical Windows functions sometimes get stopped by CrowdStrike. In general, I'd rather err on the side of safety but some of these are really straightforward functions that should get through. For the future, I think they need to keep building on their extensibility, the capability to be extended, so that it's not lost and we can utilize the knowledge that we're gaining from the endpoints.
I would like to see the machine learning feature enhanced.
The GUI can use improvement, it's cloud-based so sometimes the interface can be a bit slow. The interface could use a little bit more speed. When I change the policies for some users, I would like to have an option to apply that policy immediately. Right now, I have to wait for the users to connect to the cloud to take the new policy. I would like for them to develop the ability to have an option to apply the post the policy immediately.
It probably needs more integration with firewall vendors. It needs integration with other technologies. It doesn't play well with anything else. It is more of a standalone solution. Therefore, integration with other technologies would be great.
The current version of Falcon does not support DLP which is a may be a good to have in a EDR Solution. It must be included in the future version if possible. There must be a on-premise versions. MDM is also coming soon must also have ability to be controled from same dashboard.
We have had to open a case with the technical support to get some issues and bugs resolved, but they were resolved relatively quickly.
Unfortunately, native applications are not supported.
I would like CrowdStrike to provide some correlation in the threat analysis, so we can visualize things better.
There are a couple of issues with the compatibility to some of the operating systems. But, I see that there are a lot of things in the pipeline. They have a roadmap, and continuously are improving. Within the last three months I have seen lot of new features in the overall CrowdStrike suite. A couple of things were on the cosmetic part. CrowdStrike needed some improvements on the report functionalities, specifically the dashboard functionalities. Technically there a lot of things also coming from a visual perspective. There are a couple of things they still need to work out like the dashboards. The dashboard does not have the facility to export the reports in a PDF format, which I can quickly share with internal stakeholders. These are minor things, but they are in the pipeline.
The management and log aggregation need some improvement. We have had some issues with the logs.
It would be nice if we could extrapolate indicators of compromise and write them within sandboxes.