I am using CrowdStrike Falcon for laptop, desktop, our server, and VM, including Linux, Windows server, and Linux server.
CrowdStrike Falcon Endpoint Protection
CrowdStrikeExternal reviews
376 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Seamless management and installation elevate cybersecurity architecture
What is our primary use case?
What is most valuable?
The most beneficial features of CrowdStrike Falcon are that it is easy to install, easy to manage, lightweight, and it can stop breaches.
The impact of CrowdStrike Falcon lightweight agents on system performance and visibility is good, with only one agent required.
Speaking about the utilization of Falcon threat graph for threat hunting, it helps my security team to predict and prevent potential breaches.
Considering that CrowdStrike Falcon is a cloud-native architecture, the elimination of on-premises infrastructure makes cybersecurity maintenance cost and complexity minimal, because we only need to install it and then monitor from the dashboard.
What needs improvement?
In Indonesia for SMB companies, the price is higher than other solutions.
For SMB organizations, the price may be higher than others, which means they have to think twice about it, but for enterprise companies, the cost is not a concern.
I have been using it for about six years and do not have any problems. The pricing is the only issue.
For how long have I used the solution?
I have been using CrowdStrike Falcon since 2019, before the pandemic.
What was my experience with deployment of the solution?
In terms of deployment of CrowdStrike Falcon, it is quite easy and there are no challenges with deployment.
What do I think about the stability of the solution?
As for stability, I would rate it around eight because last year they faced some downtime with around eight thousand computers, but it will improve.
What do I think about the scalability of the solution?
For scalability, I would rate it a nine because they can scale efficiently with many users.
How are customer service and support?
Technical support from CrowdStrike Falcon is good because usually in Indonesia we have a partner, and if the partner cannot address the issue, we discuss with CrowdStrike directly.
I would rate technical support a nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I used McAfee before CrowdStrike Falcon for the same use case. I switched to CrowdStrike Falcon because McAfee did not have machine learning or AI capabilities at that time.
What was our ROI?
CrowdStrike Falcon saves time and offers good value for money, especially for enterprise companies, because it can stop breaches.
I am not sure about the exact percentage of money it saves, as I have to calculate the risks, but we are satisfied because CrowdStrike Falcon has stopped breaches and prevented hackers.
Which other solutions did I evaluate?
I used McAfee before CrowdStrike Falcon for the same use case. I switched to CrowdStrike Falcon because McAfee did not have machine learning or AI capabilities at that time.
What other advice do I have?
My rating for CrowdStrike Falcon would be eight points because there are many antivirus competitors. For those who want to use CrowdStrike Falcon, they should be mindful of the higher price compared to others.
security analysts handle rules and investigations swiftly with real-time detection
What is our primary use case?
As a security analyst, I primarily focus on creating rules, conducting investigations, and integrating new devices with our CrowdStrike system. After these integrations, I also check the status to ensure everything is functioning properly.
What is most valuable?
For threat detection, CrowdStrike provides queries and searches. If I need to find any IOCs, I would say that is my best option. During a cyber war, once we gather some IOCs, we can ingest them into CrowdStrike. This ensures that if we encounter an attack using those IOCs in the future, we receive alerts, allowing us to investigate further. Also, the detection capability of CrowdStrike is quite real-time. If we enforce a policy preventing users from inserting USBs into the PC and it triggers, it happens in real-time without delay.
What needs improvement?
Currently, users manually input IOCs, and it would be beneficial if IOCs released by major companies were automatically integrated into CrowdStrike. We retrieve files from vendors, which incurs costs. Automating this process could be cost-effective and time-saving.
For how long have I used the solution?
I think I have been using it for around seven and a half years.
What was my experience with deployment of the solution?
There is no maintenance required because I, as a user of CrowdStrike, am part of the security team. I mainly configure new threat detections or explore new dashboards.
What do I think about the stability of the solution?
The stability is quite impressive, and I am enjoying it.
What do I think about the scalability of the solution?
It is stable, and I haven't encountered any issues. It is manageable and comfortable.
Which solution did I use previously and why did I switch?
I am a security analyst, and CrowdStrike is utilized as part of EDR. For websites, other attacks, and banking systems, we have used QRadar, ELK, Sentinel, and some locally built detection systems.
How was the initial setup?
For me, as a security analyst, it doesn't require months or days. Many tasks can be completed in hours. With experience, even critical tasks can be done in minutes.
What about the implementation team?
Whenever our company hires a new employee, they provide him with credentials. He installs the agent and inputs the credentials. The process is entirely console-based.
What was our ROI?
It depends on the size of the company and the tasks we undertake.
What's my experience with pricing, setup cost, and licensing?
I don't have much information about the setup costs, but it was manageable. CrowdStrike offers three or four packages depending on the company's size, and we purchased the most expensive one for better operations.
What other advice do I have?
I would recommend that if you need a quick response against real-time attackers, you should consider purchasing CrowdStrike. Windows Defender doesn't match up, so configuring it on EC2 instances is better for small and large-scale companies as well. Overall rating: nine out of ten.
Detects anomalies and helps with fast threat identification and response
What is our primary use case?
We are using it for endpoint protection, as well as for cloud security coverage. It includes monitoring all our critical servers and endpoint devices. We also design workflows for anomaly behavior detection using machine learning techniques for anything malicious or abnormal. We monitor everything suspicious. We either design the workflows or use CrowdStrike to monitor any new detections and anomaly behaviors, as well as do vulnerability management.
How has it helped my organization?
The best benefit of CrowdStrike Falcon is 99% MITRE coverage. It detects suspicious or undetected activities on the system and provides protection for zero-day vulnerabilities. If there is a sudden rise in CPU consumption or abnormal storage use, it helps us by creating a ticket, allowing us to investigate any abnormal behavior present. We can look into the machine and investigate. It reduces the false negatives common with other technologies.
The real-time response helps with MTTR. We achieve faster detection and response times.
It helped prevent breaches. In the past, there was abnormal consumption of RAM along with CPU on a server. It also started communicating with other subnets. CrowdStrike Falcon triggered an alert. We did our investigation and found that we had ransomware. We successfully mitigated it.
What is most valuable?
The machine learning behavior for anomaly detection is a valuable feature. It helps identify any suspicious or unusual activities within the system.
Furthermore, it has impressive MITRE coverage.
What needs improvement?
Deployment in cloud environments is challenging. Another concern is CrowdStrike's GUI. It changes annually, making it hard to work and find options. After a year, options change or integrate with something else, which is challenging for me as it requires relearning. It is time-consuming.
For how long have I used the solution?
I started working on CrowdStrike in 2018.
What do I think about the stability of the solution?
We are following N-1 versions across our environment, which is stable. Due to our requirements, we never switch to the N version; we always stick to N-1 and never face anything abnormal while using it.
What do I think about the scalability of the solution?
It has proven to be a good technology for me. It has adequate coverage and is easy to deploy. Its scalability is good.
It is deployed across the globe.
How are customer service and support?
I would rate them a seven out of ten. They take a lot of time to come back to us.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have used SentinelOne as well. SentinelOne was similar but had major challenges with workflow implementation. Workflow implementation is far easier in CrowdStrike compared to SentinelOne.
How was the initial setup?
We have it in the on-premises environment and cloud environments. For endpoint hosts, it is very easy, but in the cloud environment, there are challenges, especially if we have AWS technologies with Lambda functions, which are serverless.
My implementation strategy was simple. I segregated servers based on criticality, then network, and finally OS level. Anything critical was based on my CMDB asset configuration. Following criticality was the network, determining internal versus public-facing. The last segmentation was on OS configuration. These three categorizations were primarily used in deploying agents across our environment.
In terms of maintenance, there are patches or version upgrades.
What about the implementation team?
We had a group of five people, which was enough to manage this.
What was our ROI?
It is worth the money.
What's my experience with pricing, setup cost, and licensing?
It is expensive compared to SentinelOne, but as the market leader, it is worth it.
What other advice do I have?
I would rate CrowdStrike Falcon an eight out of ten. They have some challenges with the cloud environment, which is a major drawback, especially with the serverless aspect. Their GUI also causes issues with regular changes.
If anyone has worked with CrowdStrike, they would promote it. However, cloud security presents challenges. Moving from physical to cloud environments is difficult. I have raised 7-8 tickets to resolve cloud issues, especially with AWS.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Easy to deploy and manage with many helpful features
What is our primary use case?
We use the product for cloud security. We use it for prevention, to watch for gaps in security. We work with customers seeking prevention for advanced apps.
How has it helped my organization?
Sometimes a customer has multiple solutions that come at a higher cost. They have to pay for all of these other security features. With CrowdStrike, customers get one agent for all system operations. It offers more security for remote work and clients gain access to the latest protections.
What is most valuable?
The solution offers good features. The prevention and device control are useful. It offers helpful firewall management and identity protection.
They've reduced the complexity and provide better security outcomes. Customers tend to prefer CrowdStrike.
It's easy to deploy and manage.
What needs improvement?
The solution isn't known in my market. The brand isn't as recognizable. Their shortcomings are more on the marketing side. Everyone knows Microsoft Defender. Customers need to hear more about CrowdStrike and all the advantages and features on offer.
For how long have I used the solution?
We've used the solution for three to four months.
What do I think about the stability of the solution?
I haven't had any issues with bugs or glitches. I haven't had a problem with stability so far.
What do I think about the scalability of the solution?
The capability to scale so far has been good.
How are customer service and support?
Technical support is good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I'm also familiar with Microsoft Defender. However, Defender works best with Microsoft and not necessarily other legacy applications. With CrowdStrike, you can secure all system operations and versions. It's easier to deploy and operate.
How was the initial setup?
The deployment is seamless and users get immediate protection. It's lightweight. There's one agent deployed to endpoints in minutes. The product offers consistent coverage. There's no complex integrations and it doesn't need fine-tuning. In comparison, Defender can be more complex.
CrowdStrike can be deployed on any operating system, not just Microsoft.
There isn't really maintenance, it's set and forget. The agent updates automatically and receives continuous security updates, enabling immediate enforcement across endpoints.
What was our ROI?
The solution is well worth the cost.
What's my experience with pricing, setup cost, and licensing?
The costs are predictable. There are no surprises.
In Chile, there are not a lot of CrowdStrike partners of the managed service; therefore, it's a little more expensive than Microsoft, as there are so many more managed partners for Microsoft. That said, if you look at the total cost of ownership, CrowStrike is better than Microsoft.
What other advice do I have?
We're a reseller. We're still new to CrowdStrike.
I'd rate the solution eight out of ten. The cost is good and they offer better tech support. Also, the protection is wonderful.
showing 1 - 4