Sold by: CrowdStrike
Deployed on AWS
Transform your AWS security operations with Falcon Next-Gen SIEM. Stop threats fast with unified visibility across AWS security tools and your security ecosystem. Prioritize the alerts that matter most and streamline investigations with automation and AI. Meet key compliance requirements with prebuilt dashboards and log retention. Get started in minutes with automated onboarding and flexible, pay-as-you-go consumption billing.
4.4
Overview
Falcon Next-Gen SIEM delivers rapid threat detection, investigation, and response for AWS environments. It unifies AWS telemetry with data from endpoints, identities, and other security tools to eliminate silos, reduce noise so SOC teams can find and stop threats quickly. Designed for frictionless activation on AWS, Falcon Next-Gen SIEM provides immediate visibility and rapid time-to-value without complex setup.
With automated onboarding and built-in detections for AWS services including GuardDuty, Security Hub, and CloudTrail, security teams can get up and running in minutes. Security analysts can investigate and respond to threats in real time, while AI and automation streamline triage and reduce alert fatigue. Powered by CrowdStrike frontline adversary intelligence, Falcon Next-Gen SIEM surfaces adversary activity involving stolen credentials, AWS key abuse, privilege escalation, and lateral movement to accelerate detection and response. Prebuilt compliance dashboards and centralized log retention also help teams meet key regulatory requirements with less manual effort.
Key benefits:
Transform AWS Security Operations:
Quickly identify threats like stolen AWS keys, unauthorized access, privilege escalation, and unusual traffic by unifying data from key AWS services and your security tools.Accelerate detection and response:
Reduce MTTD and MTTR with AI-powered detections and stop threats at machine-speed in Falcon Fusion SOAR.Set up your SIEM in minutes:
Quickly discover active AWS services, onboard data sources through a guided wizard, and activate parsers and hundreds of prebuilt detections to start monitoring and finding threats on day one.Meet key compliance requirements:
Out-of-the-box dashboards and centralized log retention help teams meet major regulatory and industry requirements including FISMA, GDPR, HIPAA, ISO 27001:2022, NERC CIP, NIST SP 800-53, PCI DSS v4.0.1, and SOX.Get Started Today:
Step-by-Step Guide to Deploy CrowdStrike Falcon Next-Gen SIEM for AWS through AWS MarketplaceHighlights
- Transform AWS Security Operations. Get unified visibility across AWS security tools, endpoints, identities, and more.
- Accelerate detection and response. Accelerate MTTD and MTTR AI-powered detections and Falcon Fusion SOAR.
- Set up your SIEM in minutes. Automated onboarding and hundreds of out-of-the-box detections let teams find and stop threats on day 1. Out of the box dashboards support compliance requirements (FISMA, GDPR, HIPAA, ISO 27001:2022, NERC CIP, NIST SP 800-53, PCI DSS v4.0.1, SOX).
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/unit |
|---|---|---|
Falcon Next-Gen SIEM (13-month retention) | Per MB of non Falcon data ingested (flat fee) | $0.00595 |
Falcon Cloud Security Runtime - host protection (e.g., EC2 and Workspaces) | Per hour for each running host | $0.023 |
Falcon Cloud Security Runtime - container cluster and node protection | Per hour for each running worker node | $0.054 |
Falcon Cloud Security Runtime - Fargate container protection | Per hour for each Fargate instance | $0.01 |
Vendor refund policy
All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
For support inquiries, please email awsmp@crowdstrike.com . For questions regarding licensing, please refer to our Licensing FAQ at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
CrowdStrike Services helps organizations train for, react to and remediate a breach quickly and effectively — getting you back to business faster.
The AI-native CrowdStrike Falcon Platform provides comprehensive protection across all areas of enterprise risk - devices, identities, data, endpoints and cloud. Powered by a single agent, crowdsourced data, expert threat intelligence, and advanced AI, the Falcon Platform simplifies security operations and stops breaches.
Automate CrowdStrike Falcon sensor installation and configuration in your EC2 Image Builder AMI creation pipeline.
falcon-mcp enables seamless communication between AI agents and the CrowdStrike Falcon platform. Deployable directly onto Amazon Bedrock AgentCore, it provides programmatic access to Falcon data for agentic workflows and accelerating AI-native security automation.
CrowdStrike AI Red Team Services emulate adversarial attacks and perform deep security assessments across generative AI systems and their integrations. Designed to uncover AI vulnerabilities that risk unauthorized access and breaches, these services strengthen your AI security posture, expose vulnerabilities that could be exploited, and reduce risk across cloud environments.
Customer reviews
Dhiren
Endpoint security has improved and real-time detection and response reduce false positives
Reviewed on Apr 17, 2026
Review from a verified AWS customer
What is our primary use case?
CrowdStrike Falcon 's main use case is endpoint security and threat detection, which are the primary purposes for which we are using it.
A day-to-day example of using CrowdStrike Falcon for endpoint security detection occurs when a user downloads suspicious files. The system detects this activity and triggers an alert to the administrator. CrowdStrike Falcon detects abnormal behavior of the system, and an alert is generated in a console. When I log into the console, I can see that some users are trying to access malicious files which are harmful for the organization. The security team isolates the endpoint based on this judgment. We can investigate using process trees and logs in CrowdStrike Falcon. Additionally, USB device control helps sometimes with USB blocking and data access via external storage.
What is most valuable?
The best features CrowdStrike Falcon offers are endpoint detection and response, cloud-native lightweight agent, AI-powered threat detection, threat hunting, and Falcon Overwatch.
The feature I use the most is endpoint detection and response, which you can call EDR. EDR makes the difference in this case because it provides real-time alerts for suspicious activity and full process tree visibility showing what ran, what spawned, and what is happening inside the LAN on the endpoint. It allows for quick investigation of endpoint logins and quick host isolation to stop the spread.
Using CrowdStrike Falcon typically leads to faster threat detection, quicker response, and better visibility across the endpoints. This means I can understand, or an administrator can understand the logs and situation, what is happening with the endpoint, and what suspicious behaviors are occurring inside the endpoints. It has reduced false positives and has a lightweight performance impact, resulting in no heavy use or heavy scans of the agent. User productivity is also increased on the endpoint side.
What needs improvement?
Regarding improvements in reports, when I try to pull a custom report, there are some mismatches, or it does not look professional. I hope CrowdStrike will improve their custom report or inbuilt report to look professional rather than appearing like just adding numbers. Based on the requirement, they should improve their custom reports.
For how long have I used the solution?
I have been using CrowdStrike Falcon for around one year.
What do I think about the stability of the solution?
CrowdStrike Falcon is very stable.
What do I think about the scalability of the solution?
The scalability of CrowdStrike Falcon is very good and very positive.
How are customer service and support?
Customer support is also appreciated as it is very good. I have raised multiple tickets with technical support, and every time I have received a good response from customer support.
Which solution did I use previously and why did I switch?
We did not use any kind of solution previously.
What was our ROI?
Before CrowdStrike Falcon, there were 40 to 50 alerts per day with many antivirus detections and time wasted validating non-issues. When we installed the CrowdStrike Falcon agent on the endpoint, there are now 10 to 15 meaningful alerts that we can work on and isolate the system. There is a 60 to 70 percent reduction in false positives, allowing us to disregard those. Additionally, higher quality behavioral detection based on pattern analysis is justified. The investigation time has been reduced from three to four hours to one to two hours, and per user, we used to take around 10 to 15 minutes, but now with the reduced false positives, we can troubleshoot or inspect users within five minutes.
What's my experience with pricing, setup cost, and licensing?
The pricing is very straightforward and negotiable. The license is thoughtful and very fruitful. The licensing is pretty simple, so it has a very good impact with the licensing, setup cost, and pricing with respect to CrowdStrike Falcon.
Money is saved because if a user is receiving spam alerts or spam emails which are damaging the organization's privacy, the number of alerts, data threatening, DLP , data extraction, and everything has been reduced. There is a big impact on the organization's security posture as well as time saved while doing troubleshooting, allowing us to monitor that alert via one single console. The positive impact is significant, and the money saved is a very good effect for the organization.
Which other solutions did I evaluate?
We have not evaluated another option before choosing CrowdStrike Falcon.
Pavan Ingaleshwar
Improved endpoint visibility has reduced incident response time and strengthens threat investigations
Reviewed on Apr 14, 2026
Review provided by PeerSpot
What is our primary use case?
I have been using CrowdStrike Falcon for the past two years. My main use case for CrowdStrike Falcon is endpoint protection, threat protection, and investigating suspicious activities on endpoints in my day-to-day work.
In one case, we received an alert about suspicious PowerShell activities detected on one of the endpoints, and CrowdStrike Falcon detected the issue and generated an alert on our SIM solution as well. We started investigating that endpoint using CrowdStrike Falcon, confirming through the process tree that there was suspicious execution, and we began isolating the endpoint device to prevent further impact. That is how we used CrowdStrike Falcon for monitoring and investigating endpoint devices.
We also use CrowdStrike Falcon for endpoint activities and for responding to malware alerts, which is a significant part of our process.
What is most valuable?
CrowdStrike Falcon offers several features that stand out to me, including a feature called Process Tree visibility, where we can see the entire attack history including how it started, how it initiated the connection, how it ended, and the intentions behind that particular incident. Additionally, it has great threat intelligence data, isolation automation, detailed process visibility, a real-time threat blocking system, and behavioral threat detection that helps in responding to incidents on endpoints. These are the best features I have ever used.
I wish more people knew about the Process Tree visibility feature because it helps to understand the full attack chain quickly, making it a very impactful feature I have ever used.
CrowdStrike Falcon has positively impacted my organization by improving endpoint security. Even if end users are doing something on their endpoints without their knowledge, such as receiving documents from vendors, the endpoints will scan attachments before delivery, and if they are malicious, it will detect them and provide notifications and alerts. It has positively impacted endpoint security and reduced the response time for incidents and alerts.
In my experience, I noticed that the Mean Time To Respond (MTTR) has reduced by around 30 to 40 percent due to faster detection and response achieved by the Falcon agents.
What needs improvement?
CrowdStrike Falcon requires experience and knowledge about tuning, as proper tuning is required. Improvement could focus on this aspect, as well as simplifying the user interface for new users and different department employees, since it sometimes generates a lot of false positives. They should concentrate on this as well.
They can work on better reporting and simplifying the interface to enhance the overall user experience.
CrowdStrike Falcon provides very good visibility into endpoint activity, including process execution and behavior. It is not only useful for the security department; it is beneficial for other departments as well. If something happens, even developers can log into CrowdStrike Falcon to check what is happening with their endpoints. Every tool should be built with this capability in mind, including CrowdStrike Falcon, which could also work on improving user interface design.
What do I think about the stability of the solution?
CrowdStrike Falcon is stable, with no major issues I have faced.
What do I think about the scalability of the solution?
CrowdStrike Falcon is highly scalable.
How are customer service and support?
The customer support is good, and I have reached out to them.
Which solution did I use previously and why did I switch?
We were previously using SentinelOne and Microsoft Defender but switched to CrowdStrike Falcon for better detection capabilities, especially for a client handling numerous attachments and endpoint activities.
What was our ROI?
I have seen a return on investment due to strong detection and faster response capabilities of CrowdStrike Falcon.
What's my experience with pricing, setup cost, and licensing?
The pricing, according to my knowledge, is subscription-based, depending on how many endpoints and modules the organization needs to use.
Which other solutions did I evaluate?
Before choosing CrowdStrike Falcon, we evaluated SentinelOne and Microsoft Defender because we needed better detection and visibility.
What other advice do I have?
My advice for others looking into using CrowdStrike Falcon is to have a clear understanding of how to properly fine-tune and monitor the system to get the full benefits. If they are good at these aspects, they can confidently purchase it and start working towards endpoint protection.
CrowdStrike Falcon is a strong solution with faster responses to endpoint-related incidents and alerts. Overall, it is a very robust solution for organizations dealing with endpoint security, and they can confidently choose CrowdStrike Falcon and make it work effectively. I would rate this product a 9 out of 10.
Ashutosh Jha
Endpoint protection has blocked ransomware and malware and gives me real-time control
Reviewed on Mar 09, 2026
Review provided by PeerSpot
What is our primary use case?
I am using CrowdStrike Falcon because I want to secure my end-user devices.
What is most valuable?
I am using CrowdStrike Falcon because it works on signature-based and signature-less technology, which will prevent me from outside attackers and outside malware.
CrowdStrike Falcon will protect me from ransomware, and after the installation of CrowdStrike Falcon, I get full control on my endpoints and I am secure from outsiders.
CrowdStrike Falcon features are robust and reliable.
There are multiple features including real-time detection, real-time prevention, ATP, and IPS.
CrowdStrike Falcon makes my job easier because it will prevent me from outsider attacks and outsider detection; for example, if I want to stop any types of pen drive block or allow, it will prevent me from that as well.
It will impact my organization positively because if anybody wants to try to hit something, wants to take access, wants to perform CNC attacks, wants to do DOS attacks, CrowdStrike Falcon will protect me regarding real-time protection, PUA detection, scanning, and scheduler scanning.
I have seen on my portal, as the owner, that last week there were some detections about Trojan malware and some detections about CryptoGuard crypto malware. There are many detections, and I have seen that Trojans and malware have been blocked by CrowdStrike Falcon.
What needs improvement?
As of now, CrowdStrike Falcon does not have application control and web control. If CrowdStrike Falcon applies those types of features, it will be more reliable and stronger than any other antivirus or next-gen antivirus in the world or in the industries.
For how long have I used the solution?
I am using CrowdStrike Falcon from last two years.
What do I think about the stability of the solution?
CrowdStrike Falcon is stable right now.
What do I think about the scalability of the solution?
It is good; I can increase it any time.
How are customer service and support?
Customer support is good for CrowdStrike Falcon; they have the best support.
Which solution did I use previously and why did I switch?
I have used Seqrite, but I have switched because Seqrite does not have signature-less technology.
What was our ROI?
CrowdStrike Falcon has saved me money because if any attacker attacks, they can borrow money to decrypt the file, so it is the money saved and time saved.
What's my experience with pricing, setup cost, and licensing?
Pricing, setup cost, and licensing is very good for CrowdStrike Falcon based on what I have seen.
Which other solutions did I evaluate?
I have evaluated Sophos.
What other advice do I have?
As of now, I think CrowdStrike Falcon is better and it is working fine. I rate it 10 out of 10 because it is lightweight, it has real-time detection, and it has the more powerful signature-based and signature-less technology. I can advise others that if there are any opportunities, they should use CrowdStrike Falcon because it is a very lightweight agent with signature-based and signature-less technology. CrowdStrike Falcon has real-time scanning, real-time prevention, and multiple other features. My overall rating for this product is 10 out of 10.
reviewer2795868
Cloud threat visibility has improved and now supports flexible, low-overhead protection for startups
Reviewed on Jan 10, 2026
Review from a verified AWS customer
What is our primary use case?
I use it for cloud workload protection and threat detection in AWS environments.
How has it helped my organization?
The pay-as-you-go model enabled me to deploy quickly from the AWS Marketplace management account.
It scaled protection for workloads without upfront commitments and reduced the initial operational overhead.
It provides real-time visibility into cloud threats, helping stop breaches faster in dynamic AWS setups.
What is most valuable?
I find the seamless AWS integration and single lightweight agent to have minimal performance impact.
The cloud-native SIEM and runtime security leverages threat intelligence for proactive detection.
Flexible billing through AWS is ideal for startups testing security without long-term locks.
What needs improvement?
I believe that AI-powered SOAR workflow suggestions could streamline incident response.
For how long have I used the solution?
I have been using it for 1 month.
Which solution did I use previously and why did I switch?
We are a new startup, so we did not use any previous solutions.
What's my experience with pricing, setup cost, and licensing?
The pay-as-you-go model excels for startups with variable AWS workloads, avoiding large upfront costs and scaling with usage.
Which other solutions did I evaluate?
I evaluated Prisma Cloud, Wiz , and Orca Security alongside native AWS options.
What other advice do I have?
CrowdStrike Falcon for AWS (pay-as-you-go) delivers strong cloud-native protection via AWS Marketplace , which is ideal for startups scaling workloads.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
reviewer2788083
Proactive threat hunting has improved breach prevention and now provides deeper endpoint visibility
Reviewed on Dec 15, 2025
Review provided by PeerSpot
What is our primary use case?
I deal with endpoint security, firewall, and XDR solutions. I use Sangfor and work with Trend Micro and CrowdStrike. I use CrowdStrike Falcon for enterprise companies, which is what I typically recommend.
How has it helped my organization?
CrowdStrike Falcon has helped my customers predict and prevent potential breaches because of its proactive approach.
What is most valuable?
The most valuable features in CrowdStrike Falcon are its AI capabilities. The lightweight agent has a positive impact on system performance and visibility through ease of use. I utilize its Threat Graph for threat hunting.
What needs improvement?
To improve my recommendation to a perfect score, I would focus on better selling skills and improved integration with different vendors.
For how long have I used the solution?
I have been working with CrowdStrike Falcon for approximately five years.
Which solution did I use previously and why did I switch?
I have previously worked with a Total Information Management Corporation solution.
Which other solutions did I evaluate?
I work with competitors as well, and there is good competition to Sangfor at the moment.
What other advice do I have?
I have experience with these products from prior use. I work with security vendors and some of my customers use Trend Micro and CrowdStrike as well. My experience has been positive and I have been satisfied. The pricing might be a little expensive, but I find it cost-effective. I do not find CrowdStrike Falcon to be the most expensive when comparing pricing with competitors. I would rate this solution an 8 out of 10.