Overview
AWS Security Seamless Integration
Falcon Next-Gen SIEM delivers rapid threat detection, investigation, and response for AWS environments. It unifies AWS telemetry with data from endpoints, identities, and other security tools to eliminate silos, reduce noise so SOC teams can find and stop threats quickly. Designed for frictionless activation on AWS, Falcon Next-Gen SIEM provides immediate visibility and rapid time-to-value without complex setup.
With automated onboarding and built-in detections for AWS services including GuardDuty, Security Hub, and CloudTrail, security teams can get up and running in minutes. Security analysts can investigate and respond to threats in real time, while AI and automation streamline triage and reduce alert fatigue. Powered by CrowdStrike frontline adversary intelligence, Falcon Next-Gen SIEM surfaces adversary activity involving stolen credentials, AWS key abuse, privilege escalation, and lateral movement to accelerate detection and response. Prebuilt compliance dashboards and centralized log retention also help teams meet key regulatory requirements with less manual effort.
Key benefits:
Transform AWS Security Operations:
Quickly identify threats like stolen AWS keys, unauthorized access, privilege escalation, and unusual traffic by unifying data from key AWS services and your security tools.Accelerate detection and response:
Reduce MTTD and MTTR with AI-powered detections and stop threats at machine-speed in Falcon Fusion SOAR.Set up your SIEM in minutes:
Quickly discover active AWS services, onboard data sources through a guided wizard, and activate parsers and hundreds of prebuilt detections to start monitoring and finding threats on day one.Meet key compliance requirements:
Out-of-the-box dashboards and centralized log retention help teams meet major regulatory and industry requirements including FISMA, GDPR, HIPAA, ISO 27001:2022, NERC CIP, NIST SP 800-53, PCI DSS v4.0.1, and SOX.Get Started Today:
Step-by-Step Guide to Deploy CrowdStrike Falcon Next-Gen SIEM for AWS through AWS MarketplaceHighlights
- Transform AWS Security Operations. Get unified visibility across AWS security tools, endpoints, identities, and more.
- Accelerate detection and response. Accelerate MTTD and MTTR AI-powered detections and Falcon Fusion SOAR.
- Set up your SIEM in minutes. Automated onboarding and hundreds of out-of-the-box detections let teams find and stop threats on day 1. Out of the box dashboards support compliance requirements (FISMA, GDPR, HIPAA, ISO 27001:2022, NERC CIP, NIST SP 800-53, PCI DSS v4.0.1, SOX).
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Buyer guide

Financing for AWS Marketplace purchases
Quick Launch
Pricing
Dimension | Description | Cost/unit |
|---|---|---|
Falcon Next-Gen SIEM (13-month retention) | Per MB of non Falcon data ingested (flat fee) | $0.00595 |
Falcon Cloud Security Runtime - host protection (e.g., EC2 and Workspaces) | Per hour for each running host | $0.023 |
Falcon Cloud Security Runtime - container cluster and node protection | Per hour for each running worker node | $0.054 |
Falcon Cloud Security Runtime - Fargate container protection | Per hour for each Fargate instance | $0.01 |
Vendor refund policy
All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.
Custom pricing options
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
For support inquiries, please email awsmp@crowdstrike.com . For questions regarding licensing, please refer to our Licensing FAQ at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Cloud-native security has improved real-time threat detection and streamlined daily operations
What is our primary use case?
We use AWS to manage CrowdStrike Falcon . CrowdStrike Falcon is a cloud-native solution, and from the user side, we do not directly manage or choose the cloud provider. CrowdStrike handles the back-end infrastructure. As per my understanding, we simply access the CrowdStrike Falcon console in our cloud and deploy the endpoint agent. So from our perspective, we use it as a cloud-based service without directly interacting with the underlying cloud provider.
What is most valuable?
The features that stand out are its lightweight agent, which doesn't slow down the system, and it is easy to use across multiple devices. This makes it easy for our team.
CrowdStrike Falcon's dashboard and reporting capabilities are very useful in daily operations. The centralized dashboard gives a quick overview of all alerts and system activities in one place. I also support customizable dashboards, so different team members can view the data they need. The reporting provides detailed insights, which helps with management. Overall, the combination of easy-to-use dashboards and detailed visibility with automatic reporting makes it very efficient for day-to-day security operations.
From a security perspective, it has significantly improved our ability to detect threats in real-time and respond quickly before they affect multiple systems. It has also made our work more efficient. Earlier, we had to manually check systems and investigate issues, which was time-consuming. With CrowdStrike Falcon, most of the detection and alerting is automated, so we can focus more on critical incidents instead of routine monitoring. Overall, it has helped us save time, reduce risk, and improve response time.
I have seen a noticeable improvement in time and efficiency with CrowdStrike Falcon. I can estimate that our team saves around thirty to forty percent of their time compared to our earlier processes. For example, earlier, it would take a significant amount of time to identify and investigate a suspicious activity, but now with CrowdStrike Falcon, we can detect and respond in minutes. This has significantly improved our response time and overall productivity.
What needs improvement?
While CrowdStrike Falcon is strong overall, there are a few areas where it could be improved. First, the user interface can be a bit complex for new users. Sometimes, navigating through different sections and understanding detailed alerts takes time, especially for teams without deep security expertise. The cost is also something to consider, as the features and additional modules can increase pricing, which may be a challenge for smaller teams. Additionally, some integrations with simpler reporting would be helpful.
The onboarding process for new users is a bit challenging for beginners to understand all features and workflows in the product. More simplified documentation, step-by-step guides, and real-world examples could help new users get comfortable faster. A structured onboarding or basic training module would be very useful for teams who are new to endpoint security tools. In addition, having more in-product guidance and tooltips within the dashboard could make navigation easier and reduce the learning curve. Overall, improving training resources and onboarding support would make the platform more user-friendly, especially for new users.
For how long have I used the solution?
I have been using CrowdStrike Falcon for around six months to one year.
What was our ROI?
We have definitely seen a return on investment with CrowdStrike Falcon in terms of time-saving and operational efficiency. While I don't have exact company-specific financial numbers, based on our experience and industry benchmarks, I can say that we have seen around a thirty to forty percent improvement in time spent on endpoint security operations. It has also reduced the risk of security incidents.
What's my experience with pricing, setup cost, and licensing?
The pricing typically depends on the number of endpoints and the features or modules selected. It is licensed per endpoint on an annual subscription basis. The pricing can vary depending on the subscription chosen. For example, the basic plan starts at a certain price per endpoint per year, while advanced plans with more features cost higher.
What other advice do I have?
In a recent situation while using CrowdStrike Falcon, we saw a suspicious process in the console. We checked the details and the system was showing it in quarantine. We found that the user was trying to access some suspicious link. The system generates alerts if there is suspicious activity. I rate this product an eight out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Endpoint protection has blocked ransomware and malware and gives me real-time control
What is our primary use case?
I am using CrowdStrike Falcon because I want to secure my end-user devices.
What is most valuable?
I am using CrowdStrike Falcon because it works on signature-based and signature-less technology, which will prevent me from outside attackers and outside malware.
CrowdStrike Falcon will protect me from ransomware, and after the installation of CrowdStrike Falcon, I get full control on my endpoints and I am secure from outsiders.
CrowdStrike Falcon features are robust and reliable.
There are multiple features including real-time detection, real-time prevention, ATP, and IPS.
CrowdStrike Falcon makes my job easier because it will prevent me from outsider attacks and outsider detection; for example, if I want to stop any types of pen drive block or allow, it will prevent me from that as well.
It will impact my organization positively because if anybody wants to try to hit something, wants to take access, wants to perform CNC attacks, wants to do DOS attacks, CrowdStrike Falcon will protect me regarding real-time protection, PUA detection, scanning, and scheduler scanning.
I have seen on my portal, as the owner, that last week there were some detections about Trojan malware and some detections about CryptoGuard crypto malware. There are many detections, and I have seen that Trojans and malware have been blocked by CrowdStrike Falcon.
What needs improvement?
As of now, CrowdStrike Falcon does not have application control and web control. If CrowdStrike Falcon applies those types of features, it will be more reliable and stronger than any other antivirus or next-gen antivirus in the world or in the industries.
For how long have I used the solution?
I am using CrowdStrike Falcon from last two years.
What do I think about the stability of the solution?
CrowdStrike Falcon is stable right now.
What do I think about the scalability of the solution?
It is good; I can increase it any time.
How are customer service and support?
Customer support is good for CrowdStrike Falcon; they have the best support.
Which solution did I use previously and why did I switch?
I have used Seqrite, but I have switched because Seqrite does not have signature-less technology.
What was our ROI?
CrowdStrike Falcon has saved me money because if any attacker attacks, they can borrow money to decrypt the file, so it is the money saved and time saved.
What's my experience with pricing, setup cost, and licensing?
Pricing, setup cost, and licensing is very good for CrowdStrike Falcon based on what I have seen.
Which other solutions did I evaluate?
I have evaluated Sophos.
What other advice do I have?
As of now, I think CrowdStrike Falcon is better and it is working fine. I rate it 10 out of 10 because it is lightweight, it has real-time detection, and it has the more powerful signature-based and signature-less technology. I can advise others that if there are any opportunities, they should use CrowdStrike Falcon because it is a very lightweight agent with signature-based and signature-less technology. CrowdStrike Falcon has real-time scanning, real-time prevention, and multiple other features. My overall rating for this product is 10 out of 10.
Cloud threat visibility has improved and now supports flexible, low-overhead protection for startups
What is our primary use case?
I use it for cloud workload protection and threat detection in AWS environments.
How has it helped my organization?
The pay-as-you-go model enabled me to deploy quickly from the AWS Marketplace management account.
It scaled protection for workloads without upfront commitments and reduced the initial operational overhead.
It provides real-time visibility into cloud threats, helping stop breaches faster in dynamic AWS setups.
What is most valuable?
I find the seamless AWS integration and single lightweight agent to have minimal performance impact.
The cloud-native SIEM and runtime security leverages threat intelligence for proactive detection.
Flexible billing through AWS is ideal for startups testing security without long-term locks.
What needs improvement?
I believe that AI-powered SOAR workflow suggestions could streamline incident response.
For how long have I used the solution?
I have been using it for 1 month.
Which solution did I use previously and why did I switch?
We are a new startup, so we did not use any previous solutions.
What's my experience with pricing, setup cost, and licensing?
The pay-as-you-go model excels for startups with variable AWS workloads, avoiding large upfront costs and scaling with usage.
Which other solutions did I evaluate?
I evaluated Prisma Cloud, Wiz , and Orca Security alongside native AWS options.
What other advice do I have?
CrowdStrike Falcon for AWS (pay-as-you-go) delivers strong cloud-native protection via AWS Marketplace , which is ideal for startups scaling workloads.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Proactive threat hunting has improved breach prevention and now provides deeper endpoint visibility
What is our primary use case?
I deal with endpoint security, firewall, and XDR solutions. I use Sangfor and work with Trend Micro and CrowdStrike. I use CrowdStrike Falcon for enterprise companies, which is what I typically recommend.
How has it helped my organization?
CrowdStrike Falcon has helped my customers predict and prevent potential breaches because of its proactive approach.
What is most valuable?
The most valuable features in CrowdStrike Falcon are its AI capabilities. The lightweight agent has a positive impact on system performance and visibility through ease of use. I utilize its Threat Graph for threat hunting.
What needs improvement?
To improve my recommendation to a perfect score, I would focus on better selling skills and improved integration with different vendors.
For how long have I used the solution?
I have been working with CrowdStrike Falcon for approximately five years.
Which solution did I use previously and why did I switch?
I have previously worked with a Total Information Management Corporation solution.
Which other solutions did I evaluate?
I work with competitors as well, and there is good competition to Sangfor at the moment.
What other advice do I have?
I have experience with these products from prior use. I work with security vendors and some of my customers use Trend Micro and CrowdStrike as well. My experience has been positive and I have been satisfied. The pricing might be a little expensive, but I find it cost-effective. I do not find CrowdStrike Falcon to be the most expensive when comparing pricing with competitors. I would rate this solution an 8 out of 10.
Efficient threat detection and seamless deployment improve overall security
What is our primary use case?
We are using CrowdStrike Falcon because it has very low surface impact and minimal consumption of our resources, and we mainly use it for our endpoint protection.
CrowdStrike Falcon helps with endpoint protection by having very low memory utilization and processor usage, so it doesn't impact the computer system performance, and the computer system works very fast compared to all other endpoint protection solutions.
We find it very unique that CrowdStrike Falcon, which we deployed in many countries wherever our offices are, can be installed very quickly, maintained on a single console, single panel of console, and it's really easy to use and deploy. We primarily use it for endpoint protection.
What is most valuable?
The single panel console of CrowdStrike Falcon is very user-friendly, which is what we are looking for. Having multiple administrators between various offices with this single console gives us the ability to see all offices, branch offices, and partners, making it very useful to detect machines, identify machines, and check security risks. Everything in the single console is very useful.
CrowdStrike Falcon has positively impacted our organization in terms of efficiency because it's very lightweight, easy to deploy, easy to manage, and works very efficiently. It quickly detects issues and doesn't have a signature-based system, so it works fast and takes immediate action.
What needs improvement?
I don't think anything is missing in CrowdStrike Falcon, but if they can manage their SOC solution instead of users or the end users or customers doing that, it will be very useful, just as Sophos does.
For how long have I used the solution?
We have been using CrowdStrike Falcon for the past seven years.
What do I think about the stability of the solution?
CrowdStrike Falcon is stable; I have not had any issues with reliability or downtime.
What do I think about the scalability of the solution?
For scalability, CrowdStrike Falcon deserves a perfect score of ten out of ten.
How are customer service and support?
Regarding customer support, our experience has been really positive as they are very quick to assist us.
The customer support deserves a rating of ten out of ten.
Which solution did I use previously and why did I switch?
We were previously using Symantec Endpoint because we were not getting proper quotations, pricing, or support, particularly in India, which is why we wanted to switch.
What was our ROI?
In terms of return on investment, we find that CrowdStrike Falcon has ROI covered because less manpower is required. It's very easy to deploy without many IT admins, saving time, and while I cannot specify the money saved, the time saved is money in terms of manpower. This makes it very useful, quick to run, quick to install, easy to manage, and easy to deploy.
What's my experience with pricing, setup cost, and licensing?
We do not find any price challenges or setup costs with CrowdStrike Falcon; everything is smooth.
Which other solutions did I evaluate?
We evaluated three products, which were Sophos, CrowdStrike Falcon, and Trend Micro, before choosing CrowdStrike Falcon.
What other advice do I have?
In some cases, we have Excel files with VBA code inside, and CrowdStrike Falcon detects that it's a bit risky for us. When people download EXE files that are threats to our organization, it detects them very quickly. It also detects threats under ZIP files and can show us the path from where it came and where it goes, allowing us to easily see where the infection is and where it has spread.
My advice for others looking into using CrowdStrike Falcon is that as an endpoint protection solution, Falcon is always reliable, and I can recommend that this is the product you can deploy and forget all the worries.
We are an end user customer of CrowdStrike Falcon; we are not a partner or reseller, and we are not receiving any gift card or incentive for this review. We are just sharing our experience as an end user and as an IT Manager.
I rate CrowdStrike Falcon 9 out of 10.