There are several issues we are facing with CrowdStrike Falcon Complete MDR, including data overload, noise, and false positive alerts. We experience alert fatigue, contextual gaps, integration complexity, and timeliness of intelligence challenges in our environment. Areas that should be improved include noise reduction, prioritization, real-time delivery, and advanced threat coverage. The filtering algorithm should be improved to address these concerns.
General Manager at a computer software company with 10,001+ employees
MSP
Top 5
Apr 29, 2025
I am comfortable with the way it is working right now. From a pricing perspective, I am not really involved, so I do not know. For UI/UX, it is good, but I think they should keep up with the times. I do not have any particular issues.
Technical Support Analyst at a computer software company with 51-200 employees
Real User
Top 5
Jan 10, 2025
There is room for improvement in the AI of CrowdStrike, known as Charlotte AI, which my team does not currently use. I have not had contact with it at this moment. Additionally, patch management in vulnerabilities needs improvement.
Cyber Security Engineer at a computer software company with 51-200 employees
Real User
Top 5
Apr 8, 2024
We'd like to see the option for an uninstall feature directly on the cloud. It's a tokenless install; however, you should have a token while installing and uninstalling. The installation could always be a bit easier. You need to install it manually at the endpoint.
Learn what your peers think about CrowdStrike Falcon Complete MDR. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
Chief Information Officer at a tech services company with 1-10 employees
Real User
Top 5
Feb 20, 2024
The biggest thing is to scan into your Office 365 environment, not from a cloud access security broker standpoint, but from the Secure Access Security Edge standpoint in protecting the Copilot ecosystem. Copilot has become more widely popular than I could have imagined. You need to back up and protect your Office 365 tools anyway, and Copilot is just a high sense of awareness.
Some features can be enhanced or improved. For example, there can be more integration capabilities. There can be an application for the mobile device for the administrator of the platform to have an overview. In less than two minutes, they should be able to see what is going on and take action. Having an overview in a mobile phone would be super helpful for the administrators because everybody has a mobile phone nowadays.
IT Operation Manager at Orascom Construction Industries
Real User
Top 5
Jan 23, 2024
I think the overall user experience for the operations team could be improved. The dashboard could be more effective, like Microsoft Defender. Microsoft worked on refining the user experience. The security monitoring tools could be simpler and more user-friendly. Integration with the application layer might be another area for improvement.
Information Technology Infrastructure Manager (Region 2 IT Manager) at a transportation company with 201-500 employees
Real User
May 10, 2023
The simplicity of CrowdStrike Falcon Complete's content control and firewall management should be improved. Ransomware protection of the solution needs to be improved.
AVP IT & Communication at Proactive Construction Pvt. Ltd at Proactive data systems
Reseller
Apr 20, 2023
The only challenge is the price, as of now. It could be the only area of improvement for me. It's a little challenging to convince new customers when it comes to the price.
Director Of Infrastructure Solutions at a computer software company with 501-1,000 employees
Real User
Mar 15, 2023
The CSPM UI of the solution could be improved. The cloud solution is where there needs improvement done. The on-premises version is mostly fine. The licensing is a bit complex. People need to take some time to understand it to ensure they are getting the most out of the offering.
Team Lead for Global Security at a non-tech company with 201-500 employees
Real User
Oct 18, 2022
The only thing is you have to pay for it, and it's on the expensive side. That's the one thing with any of these services. It also rates highly on the Gartner scale, so obviously, pricing is a bit high. Their agent is a bit finicky for Mac devices. It works great once you get it working, however, it is a bit finicky to get it deployed across the board. It's not CrowdStrike's fault for the Mac thing, it's just the way Mac is, even though it's not a big concern. Their UI is a bit noisy. They have too many sections and they have too many components. It's hard to get all that data into one dashboard, and Falcon Complete has multiple dashboards. It gets a bit cumbersome, that's the only area I would focus maybe a little bit. Other than that, we didn't really hit any roadblocks, to be honest.
Trainee Engineer at COMPASS IT Solutions & Services Pvt.Ltd.
Real User
Top 10
Sep 22, 2022
Their endpoint solution is excellent. But I would like to see them improve their HDR, as well as their DLP (Data Loss Prevention). If they improve in these two areas, they will have a really good product that we will enjoy. Otherwise, we will have to include another product for people who want data loss prevention. There will be a cost, which will be expensive, and it will consume significantly more resources on the client's machine. It would make it easier if everything was together in one center. That is why I looked into Trellix as well as Trend Micro. In the next release, I would like to see Data Loss Prevention and Email Security. safety included. The majority of these businesses are also beginning to use Chrome OS. I would also like to see support for Chrome OS.
This solution is lacking in a recovery feature. If there is a full compromise, this product can't recover the machine, which results in us having to rebuild the entire system. We would also like some data analysis features to be developed for this product.
IT Consultant - Applications & Technology at Select Home Health Services
Consultant
Jul 19, 2022
The downside is that if you are using a device offline, not connected to the internet, you will potentially have exposure. Intrusion detection and endpoint protection is all driven using the internet. You have to be connected. If you're not connected, basically, unlike some antivirus software packages, if you introduce something, let's say through a USB port, and you are not online, you have potential exposure. I'd like to see a capability where the solution can do offline intrusion detection if needed. For example, if you have offline workstations or devices, then there's new data introduced into the device using, I guess, portable data devices. If there was a way to detect that while the device was not connected, that would be great. It's not a major concern for us since 100% of the time, our devices are connected to the internet because most of our business applications are using cloud-based applications. The pricing can look expensive.
I think the pricing is a little high. As of recent, their MITRE scores were not as good as in years past. I would like to see them integrate Humio, which is their SOC or their SIM platform. I would like to see them integrate that into a single solution.
Assistant Vice President at a financial services firm with 10,001+ employees
Real User
Jun 23, 2022
CrowdStrike has multiple parameters of components in the same console, which includes your vulnerability scanning. It has access to, or rather, we can integrate with, our existing SIM technology or SIM tool. The information that gets passed on the SIM control, the soft tool data site or any other tool is very limited. I had to actually provide the control access to my soft team so that they could drill down if needed. The information was get passed on from Falcon control to CrowdStrike and it was very limited. It was acting as more of an alert only. For any further deep-dive analysis, we had to log in on the console itself. CrowdStrike has multiple parameters. For example, my vulnerability scanning team is a separate team who works on different tools altogether. If I need to give them access to my console I just need to provide them read-only access or kind of an admin access for VA scanning. I had to make some customized access that can be provided to different teams on the same console. As a VA team member, if I login to the console with my credential I should be able to see the things which I am working upon. I don't need to see all other tile stack tabs. I should be able to provide some kind of customized access or other kind of access control for the console. Microsoft Defender has one good option which is called the ASR rule. It basically allows the machines to be onboarded to different consoles, which analyzes the process of it and summarizes it in a single console. Obviously, the number of incidents of the event are very huge. It takes about a month or so to evaluate. However, after the evaluation completes, you can actually fine-tune what should not be present in your automation. Which you can set up and get rid of it. It would be nice if this product had something similar.
There have been some issues with Falcon Complete's performance. They could also improve their reporting. In the next release, I'd like Falcon Complete to include a logging component for user authentication.
What could be improved in CrowdStrike Falcon Complete is the threat hunting feature and the insights it provides, in particular, the variable analysis feature. Protection against zero-day threats and sandboxing could also be improved in CrowdStrike Falcon Complete. If you compare it with other solutions, it can go head-to-head, but the features I mentioned still need improvement.
I would love for the threat intelligence part to be more globalized to provide a tailored response to types of malware and ransomware that are trending in other regions. For example, they can add a feature to tell us that there are separate attacks in South Asia or East Asia occurring at these times, so we can supply those things to our environment and protect ourselves.
IT Operations Lead at a energy/utilities company with 5,001-10,000 employees
Real User
Feb 28, 2022
The improvements needed for CrowdStrike Falcon Complete are in the way the agent updates. The overall management of endpoints needs to be better. In the next release of CrowdStrike Falcon Complete, they should include more security towards endpoints, add device management, and PAM solutions along with their endpoint solutions.
Senior Account Manager at a tech services company with 201-500 employees
Real User
Jan 4, 2022
They are doing very well in continuously improving their product. The only thing is that it is completely cloud-based, and some customers don't really like that type of approach, but you can only provide such a solution when you have cloud-based intelligence. On the other end, we know that it is sometimes a breaking point for some of the customers. They could potentially have an on-prem or hybrid solution. Any antivirus needs to have its features updated. If there could be a relay between them, it would be helpful, but that's very hard to do. So, you either accept that approach and have the benefit with this little disadvantage.
Lead Systems Engineer at a computer software company with 10,001+ employees
Real User
Oct 25, 2021
CrowdStrike Falcon Complete is not providing application control. This is a very useful feature in any endpoint security because if you want to block any malicious activity of any particular application, you can not block it in this solution. However, you are able to block hashes, but not executable files or processes. Additionally, this solution does not provide a user risk score. These are two areas that CrowdStrike Falcon Complete can improve on in the future.
Information Technology Manager and ISMS Auditor at a consultancy with 51-200 employees
Real User
Jul 30, 2021
The solution needs to have human involvement, they could improve by having more automation where the solution can take the necessary action on time and more accurately.
Considering the recent SolarWinds attacks in November or December last year, we were looking for something that could secure the EDR first tokens. It would be helpful if that was on offer. They need to continuously integrate with other security tools such as CyberArk or Mimecast, to cover the entire IT infrastructure. They should keep in mind that there is a risk in the ADFS web environment. From an Endpoint perspective, it's all good, however, they need to explore the origins via something like Crowdstrike. The customization could be improved upon. As of now with the area first and web security tokens, we don't see the EDR. We are looking for some solution that can provide EDR solution on the EDR first web environment.
Head IT at a consumer goods company with 1,001-5,000 employees
Real User
May 26, 2021
The training provided could be better. There is a need to have more training to allow us to fine-tune our settings. Not that training is not comprehensive; they do provide training in hotels where we can go and see videos and other helpful information. However, they should be providing hands-on experience to the system administrators because this would be more useful. The training is normally for corporations and should be available for personal users as well. In the next release, there should be an IT help desk remote controller so that we do not need to go to a separate IT help desk. If there are any issues from the end-users, they should not need to use another tool to connect to the system, desktop, or anything else. If they would be able to facilitate this it would be easier for our engineers to raise a ticket and have the SLAs to support them.
Deputy Manager Of Information Technology at a consultancy with 501-1,000 employees
Real User
May 11, 2021
We have also been using Cisco AMP for Endpoints for three years. We have received multiple detections in Cisco AMP for Endpoints, and we had to take some actions, whereas CrowdStrike has not detected anything critical since it has been implemented. Most of the incidents that it has detected are false positives. They should work on the false-positive issue. When it is implemented throughout the organization, it gets very difficult to check each false positive and investigate what is correct and what is not correct. It requires technical and manual intervention.
Global Data Protection/Privacy Manager, FIP, CIPP/E, CIPM, CISSP at a manufacturing company with 10,001+ employees
Real User
Apr 16, 2021
It's my understanding that the reporting aspect of the solution could be improved. It should be more flexible and robust. The solution should include some sort of DLP capabilities.
Partner at Fortium Partners: Interim, virtual & fractional CISO and CPO at a tech services company with 51-200 employees
Real User
Apr 5, 2021
People should be able to obtain training at any point of the engagement so that if somebody who doesn't have the basic knowledge is getting thrown into it, they are able to get trained, and CrowdStrike is able to help them out. CrowdStrike is really doing what they're supposed to be doing, but it is like anything else where they have to keep up on their research and development, or they'll fall behind. This is a fast-paced environment, and I've seen that vendors that were really good three years ago are terrible now. CrowdStrike is trying to stay ahead of the bad guys. They have AI. I have not had a problem with them missing anything. If they missed something, they should just make sure that they don't miss it again and understand why they missed it. I don't know if they did.
Senior security consultant at a computer software company with 51-200 employees
MSP
Mar 8, 2021
Its support should be improved. The product is amazing, but the problem is that their support team is overconfident about the product. If something happens, they don't listen. They keep arguing with the customer. It should have more reporting. Reports are not that customizable. We need customizable reports for our customers, but they not there in CrowdStrike as well as SentinelOne.
All of our customers complain about the reporting and say that it is very poor. Technical support in Latin America could be improved. It is not difficult to use and it is fast to implement. I would like to have a feature to collect logs and explore the information. In the next release, I would like to have a simplified remote installation.
Director of Information Security at a computer software company with 201-500 employees
Real User
Feb 25, 2021
The solution doesn't actually scan desktops. They prevent execution and they do a very, very, very good job at that. However, if there is malware, et cetera, on an endpoint, there's not a scan feature to simply remove it. You have to go in and clean the registry and do the other stuff yourself. It would be ideal if there was some sort of scanning functionality built-in. The logging features aren't robust and the information isn't kept long enough. The active logs are only retained for seven days. It would be better if it was available for, let's say, 30 days. If we were going to do any forensics, we would have the time to execute them.
Director of Cloud Security at a comms service provider with 51-200 employees
Real User
Feb 3, 2021
The downside that we see with CrowdStrike is that it is not part of a broader ecosystem. It is an endpoint product. They don't sell firewalls or a broader cybersecurity ecosystem. Some of the behavioral detections could be more robust. It does a good job of stopping common tools and techniques, but when it comes to using Windows utilities, such as PowerShell, etc, it doesn't stop them. These are some of the things where we have been able to get past it. An argument there can be that these are administrative tools, not malware, so maybe it is not its job to stop it, but we see some of the competitive products doing a very good job of detecting behaviors as opposed to malware.
Sr Telecom Analyst at a construction company with 5,001-10,000 employees
Real User
Jan 15, 2021
The documentation that they had for the use of their API's was not very helpful. It took us a lot of time to work through their API on how to do it programmatically. Aside from that, we really have not had very much trouble with Crowdstrike. For an upcoming feature, adding more Linux support for real time response analytics would be helpful. This might be on their roadmap, or maybe even in a very pending release.
There are some parts of this solution that are too slow. The performance slows down by between 10% and 40%, depending on what type of work the machine is doing. For example, we had to shut down our backup because it was too slow and it started to overlap with other tasks. We did not try to use our SQL database because there was too much of an impact. This is not on the network but on the machine and even a few percentage points difference is significant for us because of the volume of transactions. Integration slows down the system a bit. I would like to have an alternate dashboard view, which is somewhat simpler. The one it presents now is like Splunk, and it is very good, but it would be helpful to have a simpler one that only shows the basics like what you have and what it has found. As it is now, it takes time to get used to it. After a while, it won't be a problem for me or other users in the company. When you're working with a regular antivirus, it is much easier to set up and start using.
Security Architect, Endpoint, Mobile Device, Application Technical Presales at a computer software company with 1,001-5,000 employees
Reseller
Dec 21, 2020
The solution could offer integration with some additional solutions - for example, vulnerability scanners. In a future release, it would be ideal if they could add reporting and action histories to their suite of features.
I don't think the solution is really missing any features. We're a small organization. I'm not sure how it would fare if you were larger and had more and more users and added complexity.
IT Security Operations Administrator at a energy/utilities company with 1,001-5,000 employees
Real User
Oct 23, 2020
The solution isn't missing any features at this point. It's ticking all the boxes for our organization. There really isn't anything that I can see that would make me want to change providers. The customization could be tweaked. We can do a bunch of custom dashboards. However, the one thing that I'm not a fan of is when you go to do an investigation, the way that the processes are laid out on the screen is very bland looking. While the information is there, it could be laid out better. I've seen other products like Cisco Secure that gives you a better view of the issues. Cisco just presents the data differently, and it's easier to look at.
Product Manager, CyberSecurity at a tech services company with 201-500 employees
Reseller
May 27, 2020
At this stage, I don't really see room for improvement. I do think because the IP security market and the threat landscape is moving along so quickly, there's always room for improvement and there are always new elements one has to look at and look at in-depth, but at this stage, OverWatch is much better than the competitors. And I've seen a lot of their competitors.
CrowdStrike Falcon Complete MDR combines AI-driven detection, real-time threat insight, and robust endpoint protection to deliver a comprehensive managed detection response. It ensures rapid incident handling, integrates smoothly with multiple tools, and minimizes false positives while extending SOC capabilities.CrowdStrike Falcon Complete MDR stands out with its AI-powered detection and efficient threat intelligence, offering a strong foundation for endpoint security. It features an...
There are several issues we are facing with CrowdStrike Falcon Complete MDR, including data overload, noise, and false positive alerts. We experience alert fatigue, contextual gaps, integration complexity, and timeliness of intelligence challenges in our environment. Areas that should be improved include noise reduction, prioritization, real-time delivery, and advanced threat coverage. The filtering algorithm should be improved to address these concerns.
I am comfortable with the way it is working right now. From a pricing perspective, I am not really involved, so I do not know. For UI/UX, it is good, but I think they should keep up with the times. I do not have any particular issues.
There is room for improvement in the AI of CrowdStrike, known as Charlotte AI, which my team does not currently use. I have not had contact with it at this moment. Additionally, patch management in vulnerabilities needs improvement.
The tool's customer service team’s inability to respond to our company’s queries is an area where improvements are needed.
We find CrowdStrike Falcon Complete to have a steeper learning curve when it is deployed in certain industries such as finance and retail.
We'd like to see the option for an uninstall feature directly on the cloud. It's a tokenless install; however, you should have a token while installing and uninstalling. The installation could always be a bit easier. You need to install it manually at the endpoint.
The biggest thing is to scan into your Office 365 environment, not from a cloud access security broker standpoint, but from the Secure Access Security Edge standpoint in protecting the Copilot ecosystem. Copilot has become more widely popular than I could have imagined. You need to back up and protect your Office 365 tools anyway, and Copilot is just a high sense of awareness.
Some features can be enhanced or improved. For example, there can be more integration capabilities. There can be an application for the mobile device for the administrator of the platform to have an overview. In less than two minutes, they should be able to see what is going on and take action. Having an overview in a mobile phone would be super helpful for the administrators because everybody has a mobile phone nowadays.
CrowdStrike Falcon Complete MDR offers an optional module that might not be cost-effective for all organizations.
I think the overall user experience for the operations team could be improved. The dashboard could be more effective, like Microsoft Defender. Microsoft worked on refining the user experience. The security monitoring tools could be simpler and more user-friendly. Integration with the application layer might be another area for improvement.
The technical support is satisfactory, but there is room for improvement to enhance it.
I would like to see them introduce DLP.
The simplicity of CrowdStrike Falcon Complete's content control and firewall management should be improved. Ransomware protection of the solution needs to be improved.
CrowdStrike Falcon Complete could improve the threat visibility and have remediated vulnerabilities that they find.
The only challenge is the price, as of now. It could be the only area of improvement for me. It's a little challenging to convince new customers when it comes to the price.
The CSPM UI of the solution could be improved. The cloud solution is where there needs improvement done. The on-premises version is mostly fine. The licensing is a bit complex. People need to take some time to understand it to ensure they are getting the most out of the offering.
Crowdstrike could be cheaper. It's pricier than Carbon Black.
I would improve the Operational Technology environment functionalities.
Falcon Complete's user interface isn't very user-friendly, especially for writing rules.
Falcon could use more SIEM capabilities, like a central place to monitor all our clients.
I want better integration with other security solutions; integrating with third-party apps wasn't as seamless as I expected.
The only thing is you have to pay for it, and it's on the expensive side. That's the one thing with any of these services. It also rates highly on the Gartner scale, so obviously, pricing is a bit high. Their agent is a bit finicky for Mac devices. It works great once you get it working, however, it is a bit finicky to get it deployed across the board. It's not CrowdStrike's fault for the Mac thing, it's just the way Mac is, even though it's not a big concern. Their UI is a bit noisy. They have too many sections and they have too many components. It's hard to get all that data into one dashboard, and Falcon Complete has multiple dashboards. It gets a bit cumbersome, that's the only area I would focus maybe a little bit. Other than that, we didn't really hit any roadblocks, to be honest.
Their endpoint solution is excellent. But I would like to see them improve their HDR, as well as their DLP (Data Loss Prevention). If they improve in these two areas, they will have a really good product that we will enjoy. Otherwise, we will have to include another product for people who want data loss prevention. There will be a cost, which will be expensive, and it will consume significantly more resources on the client's machine. It would make it easier if everything was together in one center. That is why I looked into Trellix as well as Trend Micro. In the next release, I would like to see Data Loss Prevention and Email Security. safety included. The majority of these businesses are also beginning to use Chrome OS. I would also like to see support for Chrome OS.
This solution is lacking in a recovery feature. If there is a full compromise, this product can't recover the machine, which results in us having to rebuild the entire system. We would also like some data analysis features to be developed for this product.
The downside is that if you are using a device offline, not connected to the internet, you will potentially have exposure. Intrusion detection and endpoint protection is all driven using the internet. You have to be connected. If you're not connected, basically, unlike some antivirus software packages, if you introduce something, let's say through a USB port, and you are not online, you have potential exposure. I'd like to see a capability where the solution can do offline intrusion detection if needed. For example, if you have offline workstations or devices, then there's new data introduced into the device using, I guess, portable data devices. If there was a way to detect that while the device was not connected, that would be great. It's not a major concern for us since 100% of the time, our devices are connected to the internet because most of our business applications are using cloud-based applications. The pricing can look expensive.
I think the pricing is a little high. As of recent, their MITRE scores were not as good as in years past. I would like to see them integrate Humio, which is their SOC or their SIM platform. I would like to see them integrate that into a single solution.
CrowdStrike has multiple parameters of components in the same console, which includes your vulnerability scanning. It has access to, or rather, we can integrate with, our existing SIM technology or SIM tool. The information that gets passed on the SIM control, the soft tool data site or any other tool is very limited. I had to actually provide the control access to my soft team so that they could drill down if needed. The information was get passed on from Falcon control to CrowdStrike and it was very limited. It was acting as more of an alert only. For any further deep-dive analysis, we had to log in on the console itself. CrowdStrike has multiple parameters. For example, my vulnerability scanning team is a separate team who works on different tools altogether. If I need to give them access to my console I just need to provide them read-only access or kind of an admin access for VA scanning. I had to make some customized access that can be provided to different teams on the same console. As a VA team member, if I login to the console with my credential I should be able to see the things which I am working upon. I don't need to see all other tile stack tabs. I should be able to provide some kind of customized access or other kind of access control for the console. Microsoft Defender has one good option which is called the ASR rule. It basically allows the machines to be onboarded to different consoles, which analyzes the process of it and summarizes it in a single console. Obviously, the number of incidents of the event are very huge. It takes about a month or so to evaluate. However, after the evaluation completes, you can actually fine-tune what should not be present in your automation. Which you can set up and get rid of it. It would be nice if this product had something similar.
There have been some issues with Falcon Complete's performance. They could also improve their reporting. In the next release, I'd like Falcon Complete to include a logging component for user authentication.
What could be improved in CrowdStrike Falcon Complete is the threat hunting feature and the insights it provides, in particular, the variable analysis feature. Protection against zero-day threats and sandboxing could also be improved in CrowdStrike Falcon Complete. If you compare it with other solutions, it can go head-to-head, but the features I mentioned still need improvement.
The solution could use an on-demand scan feature.
I would love for the threat intelligence part to be more globalized to provide a tailored response to types of malware and ransomware that are trending in other regions. For example, they can add a feature to tell us that there are separate attacks in South Asia or East Asia occurring at these times, so we can supply those things to our environment and protect ourselves.
The improvements needed for CrowdStrike Falcon Complete are in the way the agent updates. The overall management of endpoints needs to be better. In the next release of CrowdStrike Falcon Complete, they should include more security towards endpoints, add device management, and PAM solutions along with their endpoint solutions.
I would like to have the option to deploy on-premise.
They are doing very well in continuously improving their product. The only thing is that it is completely cloud-based, and some customers don't really like that type of approach, but you can only provide such a solution when you have cloud-based intelligence. On the other end, we know that it is sometimes a breaking point for some of the customers. They could potentially have an on-prem or hybrid solution. Any antivirus needs to have its features updated. If there could be a relay between them, it would be helpful, but that's very hard to do. So, you either accept that approach and have the benefit with this little disadvantage.
CrowdStrike Falcon Complete is not providing application control. This is a very useful feature in any endpoint security because if you want to block any malicious activity of any particular application, you can not block it in this solution. However, you are able to block hashes, but not executable files or processes. Additionally, this solution does not provide a user risk score. These are two areas that CrowdStrike Falcon Complete can improve on in the future.
The solution needs to have human involvement, they could improve by having more automation where the solution can take the necessary action on time and more accurately.
Considering the recent SolarWinds attacks in November or December last year, we were looking for something that could secure the EDR first tokens. It would be helpful if that was on offer. They need to continuously integrate with other security tools such as CyberArk or Mimecast, to cover the entire IT infrastructure. They should keep in mind that there is a risk in the ADFS web environment. From an Endpoint perspective, it's all good, however, they need to explore the origins via something like Crowdstrike. The customization could be improved upon. As of now with the area first and web security tokens, we don't see the EDR. We are looking for some solution that can provide EDR solution on the EDR first web environment.
The training provided could be better. There is a need to have more training to allow us to fine-tune our settings. Not that training is not comprehensive; they do provide training in hotels where we can go and see videos and other helpful information. However, they should be providing hands-on experience to the system administrators because this would be more useful. The training is normally for corporations and should be available for personal users as well. In the next release, there should be an IT help desk remote controller so that we do not need to go to a separate IT help desk. If there are any issues from the end-users, they should not need to use another tool to connect to the system, desktop, or anything else. If they would be able to facilitate this it would be easier for our engineers to raise a ticket and have the SLAs to support them.
Pricing is definitely a problem. It could be cheaper for licensing.
We have also been using Cisco AMP for Endpoints for three years. We have received multiple detections in Cisco AMP for Endpoints, and we had to take some actions, whereas CrowdStrike has not detected anything critical since it has been implemented. Most of the incidents that it has detected are false positives. They should work on the false-positive issue. When it is implemented throughout the organization, it gets very difficult to check each false positive and investigate what is correct and what is not correct. It requires technical and manual intervention.
It's my understanding that the reporting aspect of the solution could be improved. It should be more flexible and robust. The solution should include some sort of DLP capabilities.
People should be able to obtain training at any point of the engagement so that if somebody who doesn't have the basic knowledge is getting thrown into it, they are able to get trained, and CrowdStrike is able to help them out. CrowdStrike is really doing what they're supposed to be doing, but it is like anything else where they have to keep up on their research and development, or they'll fall behind. This is a fast-paced environment, and I've seen that vendors that were really good three years ago are terrible now. CrowdStrike is trying to stay ahead of the bad guys. They have AI. I have not had a problem with them missing anything. If they missed something, they should just make sure that they don't miss it again and understand why they missed it. I don't know if they did.
It has a lot of false positives, which can be an issue, but you can verify these false positives.
It would be better if they offered other language options. It's only in English, and in Latin America, we mostly speak Spanish.
Its support should be improved. The product is amazing, but the problem is that their support team is overconfident about the product. If something happens, they don't listen. They keep arguing with the customer. It should have more reporting. Reports are not that customizable. We need customizable reports for our customers, but they not there in CrowdStrike as well as SentinelOne.
All of our customers complain about the reporting and say that it is very poor. Technical support in Latin America could be improved. It is not difficult to use and it is fast to implement. I would like to have a feature to collect logs and explore the information. In the next release, I would like to have a simplified remote installation.
The solution doesn't actually scan desktops. They prevent execution and they do a very, very, very good job at that. However, if there is malware, et cetera, on an endpoint, there's not a scan feature to simply remove it. You have to go in and clean the registry and do the other stuff yourself. It would be ideal if there was some sort of scanning functionality built-in. The logging features aren't robust and the information isn't kept long enough. The active logs are only retained for seven days. It would be better if it was available for, let's say, 30 days. If we were going to do any forensics, we would have the time to execute them.
Some dashboards can be very complex, but once you get to know them, it is very logical.
The downside that we see with CrowdStrike is that it is not part of a broader ecosystem. It is an endpoint product. They don't sell firewalls or a broader cybersecurity ecosystem. Some of the behavioral detections could be more robust. It does a good job of stopping common tools and techniques, but when it comes to using Windows utilities, such as PowerShell, etc, it doesn't stop them. These are some of the things where we have been able to get past it. An argument there can be that these are administrative tools, not malware, so maybe it is not its job to stop it, but we see some of the competitive products doing a very good job of detecting behaviors as opposed to malware.
The documentation that they had for the use of their API's was not very helpful. It took us a lot of time to work through their API on how to do it programmatically. Aside from that, we really have not had very much trouble with Crowdstrike. For an upcoming feature, adding more Linux support for real time response analytics would be helpful. This might be on their roadmap, or maybe even in a very pending release.
There are some parts of this solution that are too slow. The performance slows down by between 10% and 40%, depending on what type of work the machine is doing. For example, we had to shut down our backup because it was too slow and it started to overlap with other tasks. We did not try to use our SQL database because there was too much of an impact. This is not on the network but on the machine and even a few percentage points difference is significant for us because of the volume of transactions. Integration slows down the system a bit. I would like to have an alternate dashboard view, which is somewhat simpler. The one it presents now is like Splunk, and it is very good, but it would be helpful to have a simpler one that only shows the basics like what you have and what it has found. As it is now, it takes time to get used to it. After a while, it won't be a problem for me or other users in the company. When you're working with a regular antivirus, it is much easier to set up and start using.
The reporting could be better. It's not as good as it could be. If they could improve that a bit, and make it more robust, that would be ideal.
The solution could offer integration with some additional solutions - for example, vulnerability scanners. In a future release, it would be ideal if they could add reporting and action histories to their suite of features.
I don't think the solution is really missing any features. We're a small organization. I'm not sure how it would fare if you were larger and had more and more users and added complexity.
The solution isn't missing any features at this point. It's ticking all the boxes for our organization. There really isn't anything that I can see that would make me want to change providers. The customization could be tweaked. We can do a bunch of custom dashboards. However, the one thing that I'm not a fan of is when you go to do an investigation, the way that the processes are laid out on the screen is very bland looking. While the information is there, it could be laid out better. I've seen other products like Cisco Secure that gives you a better view of the issues. Cisco just presents the data differently, and it's easier to look at.
It would be nice to have full-scale ESR reporting. In the future, I would like to see better reporting and better SIEM integration.
At this stage, I don't really see room for improvement. I do think because the IP security market and the threat landscape is moving along so quickly, there's always room for improvement and there are always new elements one has to look at and look at in-depth, but at this stage, OverWatch is much better than the competitors. And I've seen a lot of their competitors.