CrowdStrike Falcon is used for incident response.
CrowdStrike Falcon Endpoint Protection
CrowdStrikeExternal reviews
352 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Best EDR Platform
What do you like best about the product?
Works quickly, detects almost everything, gives a good indication of the network status and security level in the organization
What do you dislike about the product?
Lots of screens to manage, hard to reach every feature, need to understand computers at a high level to work with the control panel
What problems is the product solving and how is that benefiting you?
Helps identify and maintain remote workstations while external vendors are working on them
CrowdStrike: Best NextGen Endpoint Security
What do you like best about the product?
This is NextGen Antivirus/EPP. It operates on the basis of AI and ML, distinguishing it from other EPP Platforms.
It is straightforward to install and has a file size of less than 150mb.
It supports Windows, Linux distributions, MAC, and even Android.
Customer service is really responsive and helpfull.
It is straightforward to install and has a file size of less than 150mb.
It supports Windows, Linux distributions, MAC, and even Android.
Customer service is really responsive and helpfull.
What do you dislike about the product?
It sometimes generates false positive alerts because it is built on AI-ML and works on process behaviour.
What problems is the product solving and how is that benefiting you?
CrowdStrike Falcon Endpoint Protection Platform is a unified console for endpoint protection and endpoint management.
It provides various features like,
1. Securing and managing endpoint devices like Computers, Laptops, Servers, Cloud Environments and Mobile devices as well.
2. It also feature like Next-Gen SIEM, to monitor logs of files and processes.
3. The Cloud Security protects cloud server, containers and images too. Supoorts AWS, Azure and GCP too.
4. CS Falcon platform provides various features like Identity Protection, Exposure Management, FileVantage, Data Protection (DLP) and muc more...
Overall, this is unfied console for all your endpoint protection and managing needs.
It provides various features like,
1. Securing and managing endpoint devices like Computers, Laptops, Servers, Cloud Environments and Mobile devices as well.
2. It also feature like Next-Gen SIEM, to monitor logs of files and processes.
3. The Cloud Security protects cloud server, containers and images too. Supoorts AWS, Azure and GCP too.
4. CS Falcon platform provides various features like Identity Protection, Exposure Management, FileVantage, Data Protection (DLP) and muc more...
Overall, this is unfied console for all your endpoint protection and managing needs.
Very good experience. Next level generation.
What do you like best about the product?
Ease of deployment, high detection rates.
What do you dislike about the product?
cost. depedency, complexity for beginners.
What problems is the product solving and how is that benefiting you?
Endpoints security and ransoware protection.
Total visibility and protection
What do you like best about the product?
Crowdstrike Falcon provides enhanced visibility into system activity through their telemetry. This information is crucial for threat hunting or during incident response processes. The management console provides an easy to navigate interface; and the Crowdstrike support portal provides great documentation and training materials.
SIEM integration works well with and can be achieved through API with modern SIEM soultions.
SIEM integration works well with and can be achieved through API with modern SIEM soultions.
What do you dislike about the product?
The console reporting and dashboards could be improved upon.
What problems is the product solving and how is that benefiting you?
Crowdstrike provides highly effective and customizable detection and prevention against threats and other suspicious activity. One of the major benefits of Crowdstrike is the lack of false-positives.
Crowdstrike Endpoint Experience
What do you like best about the product?
The innovation we can see monthly, the customer success experience and all the safety we can have with the platform
What do you dislike about the product?
I believe in some situations the support could be faster
What problems is the product solving and how is that benefiting you?
The protection against all the malwares, the collection of logs we can have from the devices, the inventory of devices and installed softwares
Remote investigations with enhanced visibility and easy to use
What is our primary use case?
How has it helped my organization?
It is very easy to hunt a threat in the organization. It keeps logs, making it very easy to investigate any kind of incident using CrowdStrike by looking at the processes that are running on a machine. There's more visibility over the endpoint through CrowdStrike.
What is most valuable?
The ability to remote into other devices for investigation and the way it presents a graphical representation of the detection, like the parent-child process, are valuable features.
What needs improvement?
The new interface, the UI, seems a bit messy. The previous one was quite clear. It might be because of my adaptation to it. That's what I see as needing improvement.
For how long have I used the solution?
I have been using CrowdStrike Falcon for more than three years, around three and a half years.
What do I think about the stability of the solution?
It is quite stable. I would rate it eight or nine out of ten.
How are customer service and support?
I would rate customer service and support a ten. I am very satisfied with the support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used antiviruses like Symantec before. Compared to all of that, I found CrowdStrike quite striking. Even compared to Defender, I find CrowdStrike more appealing.
What was our ROI?
On the terms of investigating, I find it's quite easy to investigate an event and have a broader look at the event using CrowdStrike. I would rate the time saved around eight, nine, or even ten out of ten. Compared to Defender, it makes it faster to investigate.
What's my experience with pricing, setup cost, and licensing?
I think the pricing is quite reasonable with the services they provide.
What other advice do I have?
For an incident investigator, it's quite easy to use, and it provides great visibility over the processes.
I'd rate the solution ten out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
It is a comprehensive solution with very advanced threat intelligence with strong architecture.
What do you like best about the product?
The customer support for this is the highlight of the product and the response time for threats is amazing.
What do you dislike about the product?
It can improve on reporting for threats to get a breif understanding as per need. The pricing can also be lesser as other competitors, especially for smaller clients.
What problems is the product solving and how is that benefiting you?
With newer technolgies on the rise, we see new and innovative threats everyday and this platform is very good in threat intelligence and having a realtime response so that the system is not affected. This helps us keep running with a greater sense of security.
Strong EDR combined with smooth functionality
What do you like best about the product?
Quick response times and outstanding customer support
What do you dislike about the product?
The one feature I’d like to see in this product is protection against CVEs and improved signature-based detection.
What problems is the product solving and how is that benefiting you?
It helps protect against advanced cyber threats with real-time detection and response. This improves our security and helps prevent breaches, keeping our important assets safe.
Offers real-time monitoring features and next-gen AV that uses AI
What is our primary use case?
It gives an overview and insights into my AD accounts. It shows if any identity, like an AD user, is compromised, has a weak password, or is logging in from an unusual system. Any anomalies.
What is most valuable?
I like the insights and detailed view of my AD structure. How protected it is, or is there any loophole or an area that needs more protection.
Another feature I like is that it gives insights into all my domain controllers and ADCs. The configuration is also really easy.
The real-time monitoring feature is good. For example, a user account is hacked. It alerts me that it's been hacked and prompts me to look into it or have the user change their password. I can then log in to my AD, change the password, or notify the user that their account has been compromised and ask them to change their password.
AI capabilities of CrowdStrike are also good.
When I use Identity Protection, I want the full stack, like going for XDR. If anything happens, like a laptop being compromised using a password, it gives me the entire attack flow. For example, the attack came from a particular user, like an IT admin. If their identity is hacked and they log into multiple systems, and those systems are affected, we can see those details and provide good support or recovery for customers and partners.
What needs improvement?
I'm concerned about the recent issue in July 2024. It involved a faulty content configuration update. What if another update causes the same problem again?
For how long have I used the solution?
I have been using it for two years.
What do I think about the stability of the solution?
Stability, I would rate it as a seven out of ten. There are a few instances where our customers have complained about the digital signatures it uses. Sometimes, even if you create a policy, it still tends to block it. A few applications get flagged as malicious even though the customer trusts them. Even if you create an exception rule, it might still block it after a few weeks. Also, there's the recent issue we faced with CrowdStrike and Windows. So, based on that, I'd give it a seven out of ten.
There is room for improvement. They need to conduct more thorough R&D before releasing updates. I think they didn't do that this time, but it was just a one-time issue. However, what if it happens again? That's a concern.
What do I think about the scalability of the solution?
Scalability-wise, I would give it a ten out of ten. It's simple because it's a SaaS solution. For example, this month, I have 50 users. Next month, I have 50 additional users. I just need to buy more licenses and add those systems to CrowdStrike. If I need to put them in certain groups with specific policies, that's easy too.
We work with all types of businesses, including small, medium, and enterprise businesses. Scalability is simple. I don't even need to install it on my laptop. One more good thing is that it offers an XDR view where I can add other components, like the email security solution Proofpoint. I can integrate it, so I'll get my emails and everything will be in a single pane of glass.
How are customer service and support?
We have a Technical Account Manager (TAM). We can directly call them and raise a ticket. Initially, it was a six or even a five because we had to send an email, and it would take three to four days for them to reply. Now, with the TAM, we can get issues resolved faster.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have experience with CrowdStrike, apart from their Cloud Security offering, which is on GCP. I've worked with CrowdStrike Identity Protection, Device Control, Device Control, EDR, XDR - basically everything except their cloud solution.
How was the initial setup?
The initial setup is straightforward. I don't need to install an agent in my AD, and I can get alerts from my read-only domain controller, which is also good.
I would rate my experience with the initial setup a ten out of ten, with ten being easy and one being difficult.
It's not required to deploy on-premises. It's a SaaS solution. I just need to download the agent and install it on each of my devices, whether they're VMs or my laptop.
One more good thing is that I don't need to be in my office network for it to keep protecting me. I can take the system home, and it will still be protected.
The deployment itself takes about a day to install everything if it's user-based. But for CrowdStrike to learn what to block and what not to block in your specific environment, it will take easily about two weeks. There will be some applications that it might consider a threat because it's a next-gen AV that uses AI.
So, some applications the customer uses might be flagged. I can whitelist them or create a policy to allow them. That's also a very good feature of CrowdStrike.
So, for the initial setup takes two weeks. For it to get to know your environment and work smoothly, just to install agents and set up the dashboard, policies, and all that, it takes about one day.
It offers seamless integration with the existing security infrastructure. We haven't faced any challenges because our customers use CrowdStrike only for endpoint and server security. They haven't gone to the XDR level yet. However, many other OEMs I've spoken to, like Zerto, have said that the CrowdStrike and Zerto integration is very seamless. So, if anything happens on my server end, I'll know when it happened and what the issue is from CrowdStrike. Or, for example a ransomware attack happens, I can restore from my Zerto application.
What was our ROI?
The benefit I've seen is their backend, which powers the EDR, XDR, and NGAV. It's really good because it can detect anything due to the wide range of customers they have.
For example, one customer has a vulnerability because of a zero-day attack. All the other customers will benefit because it propagates to the cloud and analyzes if other customers are on the same version of the drivers or any other Windows patch. If they are, it will tell us that there's an issue and provide remediation steps. Many of our customers find this very helpful. It's called the CrowdStrike community.
What's my experience with pricing, setup cost, and licensing?
I would rate it a seven out of ten, where one is cheap, and ten is expensive because it's a bit on the costlier side. Compared to Symantec or Trend Micro, CrowdStrike is more expensive.
What other advice do I have?
Overall, I would rate the product an eight out of ten because of one recent issue that happened.
I'm concerned about the recent issue that happened. What if another update causes the same problem again? Is it really as good as it seems? Even our customers have given very good feedback, they get more insights into what's happening, what they should do, and what remediation steps to take. So, in that way, it's very good.
I would recommend it, especially if you're going for endpoint security. I'd definitely recommend CrowdStrike first because it's more mature than SentinelOne and other EDR solutions in the APAC region.
The best endpoint protection platform
What do you like best about the product?
The most extensive and prominent endpoint protection solution for your computing infra. It supports the major computing platform like Windows, Linux and Mac. The Falcon agent is really efficient in detecting all sort of malicious activity and their SOC team always monitors your infractructure for potential threat activities. You can easily configure your deployment strategy and roll out the falcon agent to your computing infra. It protects your end points from all type of attack vectors and zero day attacks as well due to its UBA module and AI/ML features. You can integrate your SIEM solution over falcon API to ingest logs and perform SOAR activities.
What do you dislike about the product?
The recent outage due to CrowdStrike agent was caused due to inefficient testing and rolling out faulty sensor update. They can improve their testing infrastructure to better manage product roll out.
What problems is the product solving and how is that benefiting you?
Every enterprise needs a robust endpoint protection plan to combat ever growing threat landscape and notorious threat actors. Crowdstrike falcon endpoint protection plan is the most advance threat protection solution you can use to protect your infra from threat actors. They make use of AI/ML techniques and world class threat intel to map every sort of activities happing inside your computing infrastructure and detect any sort of malicious activities in it's very early stage. It has a very extensive detection rules and live threat detection anomaly rules which protect against zero day attacks as well.
showing 41 - 50