CrowdStrike Falcon Cloud Security

I have been using CrowdStrike Falcon Cloud Security  for more than a year, approximately one and a half to two years.

My main use case for CrowdStrike Falcon Cloud Security  is in our environment where we run workloads across multiple AWS  accounts. Our organization is already using native tools from AWS  such as GuardDuty, Inspector , and Security Hub. However, management decided they wanted deeper protection and better monitoring across all accounts. They wanted a centralized solution that would provide an additional layer of security. Although we already have in-house tools, we wanted an overlaying layer for faster threat detection and visibility in one central place. CrowdStrike Falcon Cloud Security helped us bridge this gap and extend our security across all other accounts. It has provided us a good layer of protection across all workloads including EC2 , EKS, ECS, and several parts of our Linux servers.

To compare CrowdStrike Falcon Cloud Security to the native AWS tools I mentioned, such as GuardDuty and Inspector , we needed deep visibility and real-time threat protection. Along with the native AWS tools, we wanted an extra overlaying layer of security to our cloud environment to strengthen our environment security. We chose CrowdStrike Falcon Cloud Security to provide faster threat detection. This is why our organization decided to go with this solution.

I have seen a return on investment by preventing potential incidents and reducing threats, anomalies, or misconfigurations.CrowdStrike Falcon Cloud Security has nearly saved us some amount, though I am not exactly sure of the numbers since the Finops team handles the financial side. What we have gained from CrowdStrike Falcon Cloud Security is that EC2  downtime has been prevented and time has been saved considerably, around eight to ten hours per week through automatic onboarding and centralized visibility. We no longer need to switch between ten plus AWS accounts or perform manual scanning. We can now bring all our accounts together in one tool or solution. Our security has been significantly increased and it is pretty stable in our environment. This is one thing that CrowdStrike Falcon Cloud Security literally gave us with a positive impact and makes it a good investment.

To provide more detail about my main use case and how I use CrowdStrike Falcon Cloud Security day-to-day, I can share a specific example where it helped me respond to a threat. Recently, we had production EC2 instances across multiple AWS accounts, and CrowdStrike Falcon  sensor was deployed automatically using the SSM Manager. We saw an alert where CrowdStrike detected anomalous behavior originating from some rogue IP address. This appeared to be potentially a DDoS attack in our cloud environment, which is fairly common when hackers try to get inside your network and gather organizational data. CrowdStrike performed very well here, detecting the alert and helping us identify that someone was trying to gain access. This really helped us have a broader view, and we acted accordingly in response to it. In any fault and threat detection, CrowdStrike Falcon  plays a crucial role in our environment and gives us a clear point where we can focus our efforts rather than hunting down what is happening.

The best features CrowdStrike Falcon Cloud Security offers include their runtime security, particularly CrowdStrike CWPP . Their runtime security monitors processes at the kernel level and blocks any malicious behavior in real time. This is really good from Falcon  as it protects workloads such as EC2 containers and Linux and Windows workloads at the OS level and kernel level. It detects any kind of credential theft or any movement within these workloads. Additionally, we see it elevates container security in terms of EKS, ECS, and ECR. It scans every image in our ECR and provides real-time vulnerability detection and protection for our container workloads.

Their threat intelligence is really good, and that is one part we really appreciate about Falcon  threat intelligence.

Regarding how CrowdStrike Falcon Cloud Security can be improved, I would say they can improve their support. There were a couple of cases where we needed to escalate issues in order to get proper support. That part could use some tweaking on their end. Additionally, the recent incident during the last summer literally impacted our systems. We had some of our workloads that affected the business, and it was a difficult experience. Apart from that, it is a good tool and the experience with CrowdStrike Falcon Cloud Security has been excellent. We did not find any kind of issues, but if they could improve their response to security-related incidents and provide on-time support or better understand our concerns and address them accordingly, it could be very helpful.

Regarding needed improvements, I think they should enhance automatic alerting with CI/CD scanning and reporting capabilities. Additionally, it would be better to implement Falcon sensor health monitoring so agents are always active. We could know how it is behaving and how it is treating our environment. That could be a little helpful.

The customer support is pretty good, but it can be improved a little bit. I would rate the customer support on a scale of one to ten as a six. They have many improvements that need to be made.

Before choosing CrowdStrike Falcon Cloud Security, we also looked at Wiz , which is another cloud security platform. We evaluated Wiz  before moving to CrowdStrike Falcon Cloud Security.

Regarding my experience with pricing, setup cost, and licensing, the sales team deals directly with this kind of pricing. In terms of licensing, it is a little expensive. CrowdStrike Falcon Cloud Security is on the higher side of the price part.

The advice I would give to others looking into using CrowdStrike Falcon Cloud Security is that if they already have any in-house cloud tools and want to enhance their security in their cloud environment, CrowdStrike Falcon Cloud Security can bring a positive impact. It is a really value-for-money tool. Otherwise, we did not see any issues. It runs lightweight and it gives accurate alerts, so there are no more false alarms. It is a good product to enhance your cloud and strengthen your security. I would rate this product an eight out of ten.

I usually work with CrowdStrike Falcon Cloud Security . I work with all the modules, IDP , and the Falcon  EDR. My experience with them has been great. I requested information because a customer was about to switch from CrowdStrike IDP  to Microsoft ITDR , so I needed to understand the differences and what makes ITDR  special. I work as customer support for the majority of banks in Nigeria, supporting their CrowdStrike Falcon Cloud Security  implementation. I needed to understand what was making some of them switch from CrowdStrike to ITDR, and the basic reason was cost. In terms of technicality, CrowdStrike Falcon Cloud Security was obviously better, but it was a bit expensive for them.

The typical use case for cloud security varies. Sometimes, rather than using Rapid7 exposure management, some customers use CrowdStrike Falcon Cloud Security to monitor their assets on the cloud, providing insights into vulnerabilities on machines, exposed assets, and misconfigurations.

Compared to before, in respect to breaches and downtime, they have seen significant differences.

Customers love the UI of CrowdStrike Falcon Cloud Security. They appreciate everything about the dashboard and dashlet. The majority of customers particularly love how seamless the integration is - just copy and paste in your AWS  terminal and you're good to go.

The threat detection capability of CrowdStrike Falcon Cloud Security has always been the major seller, and it works effectively. Looking at the detection index for the last two years, CrowdStrike Falcon Cloud Security is consistently ranked number one. Then you have MD and Sentinel  alternating positions. In terms of threat detection, CrowdStrike Falcon Cloud Security has always been top-notch in how they explain the workflows.

In terms of improvement, CrowdStrike Falcon Cloud Security could expand into the remediation path. While there is the IT security module, looking at competitors such as Vicarious and SCCM, there is room for advanced capabilities. If CrowdStrike Falcon Cloud Security could implement pushing out remediation from the sensor installed on machines, that would be beneficial. This feature is likely in their pipeline, but implementing it faster would help them maintain their competitive edge.

I am a partner with CrowdStrike Falcon Cloud Security.

The initial setup and deployment of the solution is straightforward.

I have seen a return on investment with CrowdStrike Falcon Cloud Security.

CrowdStrike Falcon Cloud Security is relatively new, approximately a year or two old. I have experience working with both CrowdStrike Falcon Cloud Security and Microsoft Defender for Identity .

I work with CrowdStrike Falcon Cloud Security, Falcon LogScale , Observability , and Sandbox. Different teams manage different parts of CrowdStrike's workload protection features.

I rate CrowdStrike Falcon Cloud Security 9 out of 10 overall.

We mostly use CrowdStrike Falcon Cloud Security  for different clients across the globe, and we have installed all the agents on most machines to monitor each and every employee, along with laptops and servers in AWS . We are the core monitoring staff with a SOC where we monitor for viruses, malware, and to remove harmful files. Our primary use cases involve monitoring miscellaneous activities.

I have been using CrowdStrike Falcon Cloud Security 's workload protection features because it's a very lightweight agent. Its detection speed is remarkable compared to other tools on the market, including Trend Micro. CrowdStrike Falcon Cloud Security is user-friendly and provides detection transparency, allowing us to present real-time documentation to our executives clearly explaining any detected issues.

Workload protection features influence our security strategy significantly, particularly by blocking any suspicious activities on public-facing servers and generating immediate notifications for us to act upon. It helps in quickly identifying whether potential issues need to be whitelisted or blocked, and assists in troubleshooting when applications trigger false alerts due to bugs.

The most valuable capabilities of CrowdStrike Falcon Cloud Security relate to preventing attacks caused by human error, such as when someone plugs in a USB device or downloads something without caution. It automatically blocks duplication and activities that could result in data loss, effectively preventing unintended copying of data to personal devices.

Deduplication prevention is definitely the most valuable feature.

CrowdStrike Falcon Cloud Security excels in threat detection with a vast investigation structure, allowing us to verify suspicious activities to identify root causes. It helps us trace back to the origin and fix issues, making it a user-friendly tool for this kind of detection.

CrowdStrike Falcon Cloud Security is built on AI and ML technology, enabling it to detect various threats and block suspicious activities immediately, which is particularly effective compared to traditional AVs and EDRs.

The analytics provided by CrowdStrike Falcon Cloud Security is key for maintaining a proactive security posture. Its AI and ML foundations offer extensive information on threats and suspicious activities, making it renowned for analysis in the industry.

The improvements needed for CrowdStrike Falcon Cloud Security include reducing its high cost, which is currently quite expensive, and enhancing the executive reports that are user-friendly for technical engineers but require improvement for higher management.

More detailed and granular reports would be beneficial for better executive comprehension.

I have been using CrowdStrike Falcon Cloud Security for more than eight to nine years, but for the past two years, I have not been using it much because I moved into a different domain.

When evaluating the stability of CrowdStrike Falcon Cloud Security, their partnerships with all major cloud service providers ensure their servers are optimally positioned, leading to no latency or stability issues that I have observed.

CrowdStrike Falcon Cloud Security is indeed highly scalable, ideally for enterprises with a minimum of 2,000 servers to ensure cost efficiency and easier setup.

CrowdStrike Falcon Cloud Security is primarily suited for larger enterprises and not for small or medium companies.

I have a very good in-house team of about 20 to 30 people working with CrowdStrike Falcon Cloud Security, and we maintain excellent communication with their technical support, resolving any issues immediately without complaints on technical aspects or delays.

Based on my experience with CrowdStrike Falcon Cloud Security's technical support, I would rate them a solid 10 out of 10.

Positive

With 19 years of experience in the industrial field, I have also used technologies such as BigFix , Ivanti, Qualys, and I am considering reviewing Tenable, Ivanti Endpoint Manager , Ivanti Security Control, Tanium , and others, including HCL BigFix  and Qualys Patch Management .

I participated in the initial setup and deployment of CrowdStrike Falcon Cloud Security.

The implementation plan I typically follow involves multiple installation methods, one being agentless via AD to push agents, and the other using patching tools such as Ivanti and BigFix. This process can take around 15 to 20 days for 2,000 to 3,000 servers or endpoints due to its user-friendly cloud-based configuration.

During the initial setup, I faced some false alerts due to older versions of some applications we used, which may exhibit atypical behavior. Normalizing these false alerts generally takes around one to two weeks after the initial installation to resolve and ensure smooth operation.

Our company has a partnership with CrowdStrike, so we are one of their partners, and that is how we acquired CrowdStrike Falcon Cloud Security. I bought it directly from CrowdStrike.

Some of our customers purchase CrowdStrike Falcon Cloud Security directly from CrowdStrike while others purchase it via AWS Marketplace  or other marketplaces.

More than 12 million vulnerabilities have been identified and resolved while working with CrowdStrike Falcon Cloud Security over the past 10 years, which I have been monitoring diligently. This figure reflects the work done not only by me but also collectively with about four customers in one single console, giving a complete picture of our efforts.

The cost of CrowdStrike Falcon Cloud Security is currently quite high, which is an area that needs improvement, particularly for the executive reports that are user-friendly for technical engineers but require enhancement for higher management.

With 19 years of experience in the industrial field, I have used technologies such as BigFix, Ivanti, Qualys, and I am considering reviewing Tenable, Ivanti Endpoint Manager , Ivanti Security Control, Tanium , and others, including HCL BigFix and Qualys Patch Management .

I use CrowdStrike Falcon Cloud Security internally in my company. CrowdStrike Falcon Cloud Security is recognized for its reliability, and I can guarantee they are very reliable. My overall rating for CrowdStrike Falcon Cloud Security is 8 out of 10.