Has improved threat detection accuracy and helped monitor endpoints across hybrid environments
What is our primary use case?
We mostly use CrowdStrike Falcon Cloud Security for different clients across the globe, and we have installed all the agents on most machines to monitor each and every employee, along with laptops and servers in AWS. We are the core monitoring staff with a SOC where we monitor for viruses, malware, and to remove harmful files. Our primary use cases involve monitoring miscellaneous activities.
I have been using CrowdStrike Falcon Cloud Security's workload protection features because it's a very lightweight agent. Its detection speed is remarkable compared to other tools on the market, including Trend Micro. CrowdStrike Falcon Cloud Security is user-friendly and provides detection transparency, allowing us to present real-time documentation to our executives clearly explaining any detected issues.
Workload protection features influence our security strategy significantly, particularly by blocking any suspicious activities on public-facing servers and generating immediate notifications for us to act upon. It helps in quickly identifying whether potential issues need to be whitelisted or blocked, and assists in troubleshooting when applications trigger false alerts due to bugs.
What is most valuable?
The most valuable capabilities of CrowdStrike Falcon Cloud Security relate to preventing attacks caused by human error, such as when someone plugs in a USB device or downloads something without caution. It automatically blocks duplication and activities that could result in data loss, effectively preventing unintended copying of data to personal devices.
Deduplication prevention is definitely the most valuable feature.
CrowdStrike Falcon Cloud Security excels in threat detection with a vast investigation structure, allowing us to verify suspicious activities to identify root causes. It helps us trace back to the origin and fix issues, making it a user-friendly tool for this kind of detection.
CrowdStrike Falcon Cloud Security is built on AI and ML technology, enabling it to detect various threats and block suspicious activities immediately, which is particularly effective compared to traditional AVs and EDRs.
The analytics provided by CrowdStrike Falcon Cloud Security is key for maintaining a proactive security posture. Its AI and ML foundations offer extensive information on threats and suspicious activities, making it renowned for analysis in the industry.
What needs improvement?
The improvements needed for CrowdStrike Falcon Cloud Security include reducing its high cost, which is currently quite expensive, and enhancing the executive reports that are user-friendly for technical engineers but require improvement for higher management.
More detailed and granular reports would be beneficial for better executive comprehension.
For how long have I used the solution?
I have been using CrowdStrike Falcon Cloud Security for more than eight to nine years, but for the past two years, I have not been using it much because I moved into a different domain.
What do I think about the stability of the solution?
When evaluating the stability of CrowdStrike Falcon Cloud Security, their partnerships with all major cloud service providers ensure their servers are optimally positioned, leading to no latency or stability issues that I have observed.
What do I think about the scalability of the solution?
CrowdStrike Falcon Cloud Security is indeed highly scalable, ideally for enterprises with a minimum of 2,000 servers to ensure cost efficiency and easier setup.
CrowdStrike Falcon Cloud Security is primarily suited for larger enterprises and not for small or medium companies.
How are customer service and support?
I have a very good in-house team of about 20 to 30 people working with CrowdStrike Falcon Cloud Security, and we maintain excellent communication with their technical support, resolving any issues immediately without complaints on technical aspects or delays.
Based on my experience with CrowdStrike Falcon Cloud Security's technical support, I would rate them a solid 10 out of 10.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
With 19 years of experience in the industrial field, I have also used technologies such as BigFix, Ivanti, Qualys, and I am considering reviewing Tenable, Ivanti Endpoint Manager, Ivanti Security Control, Tanium, and others, including HCL BigFix and Qualys Patch Management.
How was the initial setup?
I participated in the initial setup and deployment of CrowdStrike Falcon Cloud Security.
The implementation plan I typically follow involves multiple installation methods, one being agentless via AD to push agents, and the other using patching tools such as Ivanti and BigFix. This process can take around 15 to 20 days for 2,000 to 3,000 servers or endpoints due to its user-friendly cloud-based configuration.
During the initial setup, I faced some false alerts due to older versions of some applications we used, which may exhibit atypical behavior. Normalizing these false alerts generally takes around one to two weeks after the initial installation to resolve and ensure smooth operation.
What about the implementation team?
Our company has a partnership with CrowdStrike, so we are one of their partners, and that is how we acquired CrowdStrike Falcon Cloud Security. I bought it directly from CrowdStrike.
Some of our customers purchase CrowdStrike Falcon Cloud Security directly from CrowdStrike while others purchase it via AWS Marketplace or other marketplaces.
What was our ROI?
More than 12 million vulnerabilities have been identified and resolved while working with CrowdStrike Falcon Cloud Security over the past 10 years, which I have been monitoring diligently. This figure reflects the work done not only by me but also collectively with about four customers in one single console, giving a complete picture of our efforts.
What's my experience with pricing, setup cost, and licensing?
The cost of CrowdStrike Falcon Cloud Security is currently quite high, which is an area that needs improvement, particularly for the executive reports that are user-friendly for technical engineers but require enhancement for higher management.
Which other solutions did I evaluate?
With 19 years of experience in the industrial field, I have used technologies such as BigFix, Ivanti, Qualys, and I am considering reviewing Tenable, Ivanti Endpoint Manager, Ivanti Security Control, Tanium, and others, including HCL BigFix and Qualys Patch Management.
What other advice do I have?
I use CrowdStrike Falcon Cloud Security internally in my company. CrowdStrike Falcon Cloud Security is recognized for its reliability, and I can guarantee they are very reliable. My overall rating for CrowdStrike Falcon Cloud Security is 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
One of the reliable and best Security Solution for Cloud workloads
What do you like best about the product?
Ease of deployment in less time across perimeter.
What do you dislike about the product?
Console can be difficult at time to traverse on multiple aspects.
What problems is the product solving and how is that benefiting you?
Mainly complete security on the cloud, specifically Kubernetes workloads. SIEM Integration for advanced visibility is good as well
It simplifies Incident analysis.. must to have in cloud infrastructure
What do you like best about the product?
Interactive dashboard, very detailed analysis of the incident, less false positives, easy integration with other tools
What do you dislike about the product?
Other than the cost factor, I don't see anything to dislike
What problems is the product solving and how is that benefiting you?
Cloud infrastructure is always prone to attack and data leakage, with CrowdStrike Falcon Cloud Security it makes the cloud infra safe, especially in a multi cloud environment.
Powerful and Feature-Rich, Yet Pricey
What do you like best about the product?
As marketed, complete protection from code to cloud, ideal for organizations of all sizes - highly efficient with minimal false positives. I found the interface to be very user-friendly and gives insightful data in any alert, which helps to investigate the incidents easily, and the ease of integration with AWS.
What do you dislike about the product?
While it is feature-rich but you have to consider that pricing is a bit on the higher side (even more if you request a custom quote), I highly doubt if small orgs would be able to afford it while being suitable at the same time. Also, you might face a higher learning curve if you are not well-versed in similar security tools.
What problems is the product solving and how is that benefiting you?
Mainly threat detection & protection, Cloud Security with AWS, and Cloud Misconfigurations identifier
Its an integrated platform for securing cloud, real-time threat detection & AI-powered analysis.
What do you like best about the product?
CrowdStrike Falcon Cloud Security is an integrated platform for securing cloud environments, praised for its real-time threat detection, AI-powered analysis, and features like attack path analysis and compliance benchmarks.
What do you dislike about the product?
High cost, a steep learning curve, and potential complexities with alerts and integrations.
What problems is the product solving and how is that benefiting you?
Uses machine learning and AI to identify and prevent threats in real-time, even without relying solely on signatures.Visualizes potential routes attackers can take to compromise critical assets, highlighting risks from misconfigurations.Provides automated checks against standards like CIS, HIPAA, and PCI to identify and help remediate misconfigurations. Extends security to containers and Kubernetes environments, offering protection from development to deployment.
Excellent cybersecurity tool
What do you like best about the product?
Ease of implementation.....................
What do you dislike about the product?
so far it is a very good tool
What problems is the product solving and how is that benefiting you?
Protect the endpoints, servers, mobiles
EDR Mejor Producto
What do you like best about the product?
It is a very good platform, which, when integrated with your EDR and SIEM solution, delivers not only technical value but also helps with operational efficiency and meeting business objectives.
What do you dislike about the product?
The same, they do not provide partners with price lists and to sell new functionalities or products, the prerequisites to be considered are not clear (a lot of complexity), I think it is because they are new alliances or acquisitions.
What problems is the product solving and how is that benefiting you?
Valida la postura de seguridad de las cargas de trabajo en todas las nubes desde una única plataforma.
The ultimate monitoring tool
What do you like best about the product?
ease of use and works as expected, just install and let falcon handle all the hard work.
What do you dislike about the product?
we tend to have to restart the agent a few times since setting it up.
What problems is the product solving and how is that benefiting you?
we needed a tool to detect viruses/malwares/etc. this is what was recommended by our 3rd party HIPAA compliant vendor.
Boosts security by automatically blocking applications or activities, but query responses have been slower recently
What is our primary use case?
I am working for an MSSP. We use CrowdStrike on a daily basis for different clients across the globe for security purposes and for monitoring and remediating threats.
We have installed agents on the machines of employees in different organizations. We monitor their activities and block several applications. For example, if an organization does not want its employees to use WhatsApp on company-provided laptops, we block such applications. We also monitor malicious activities. If an employee downloads a file from the internet that is not legitimate, such as a virus or malware, we connect to the machine, remove all the files, and run different scans to ensure nothing is harmed.
Additionally, we use it for inventory purposes. At the end of the year, for audit and compliance, I gather information about how many devices, servers, and workstations we have and what their types are.
What is most valuable?
It helps us by automatically blocking certain applications or activities. We can prevent employees from copying data or attaching any personal USB devices to company machines, thus avoiding malware transfer or data theft. We can block USBs and unwanted applications. It automatically blocks and remediates malicious activities, so we do not have to do regular checks.
What needs improvement?
For the past six months, we have been facing some issues. Because it is a cloud-based infrastructure, it has been getting slower. There are no bugs because they release updates continuously. We highly appreciate that, but during hunting or running a query on different logs, the time frame has increased in the past six months. It takes longer to give us the results.
Another issue is the lack of proper documentation. During investigations, there is no proper documentation available. This is a problem because many people are saying there should be proper documentation explaining what CrowdStrike captures from the machine and the meaning of it.
For how long have I used the solution?
I have been using it for more than three years.
What do I think about the stability of the solution?
It is stable, but sometimes it shows instability. Occasionally, when the workload increases, it slows down considerably and sometimes becomes unresponsive. I would rate it a seven out of ten for stability.
What do I think about the scalability of the solution?
It is quite scalable. I would rate it an eight out of ten for scalability.
It is deployed across multiple departments and multiple locations. Some people are in one country, and some are in another country.
How are customer service and support?
I have contacted customer service, and they are fast. I have had a good experience with them.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We have some clients not using CrowdStrike due to cost or other factors. In our opinion, CrowdStrike is the best solution, which is why we recommend it to our clients. Almost 90% of our clients who receive our services use CrowdStrike. Its users include various organizations such as banking, financial, and other organizations.
Over the past three years, more than ten clients have purchased it. Some are using all of its features, and some are using fewer features depending on the budgets and requirements.
How was the initial setup?
It is straightforward, but sometimes, we have difficulties with installing the agents on some machines. It happens quickly, but sometimes it takes a few minutes. It depends on the infrastructure and the machine.
The deployment duration depends on the organization. If the organization is big, it takes a large amount of time. If it is a small one, it is real quick.
The implementation strategy is to use automated scripts that run on the cloud. This automatically reflects changes across thousands of machines.
It does not require any maintenance.
What about the implementation team?
We implement it ourselves.
What's my experience with pricing, setup cost, and licensing?
Compared to other EDRs, CrowdStrike is expensive. However, the main point is that even though it is expensive, it provides a huge capability to the organization. It is expensive, but it adds value.
What other advice do I have?
I would recommend it because it is the best one I have ever used. It has greatly helped me improve my investigative skills in my job. I have gained a lot of skills by using this product.
Overall, I would rate it a seven out of ten.
Integrates with Defendify for added value
What do you like best about the product?
We benefit from CrowdStrike offering cloud workload protection alongside its real-time threat EDR. The deep visibility provided to our engineers helps compliment our integrations.
What do you dislike about the product?
Minor hiccups with false positives. No concers that this product is not doing its job and keeping agents secure.
What problems is the product solving and how is that benefiting you?
Catching and preventing threats in real time with AI machine learning, is a key benefit to mitigate potential threats quickly. The visibility into the cloud environments and very beneficial. Workflows and automation are also used in some cases to help the team remain viligent and reduce hands on security incidents.
