Improved endpoint visibility has reduced incident response time and strengthens threat investigations
What is our primary use case?
I have been using CrowdStrike Falcon for the past two years. My main use case for CrowdStrike Falcon is endpoint protection, threat protection, and investigating suspicious activities on endpoints in my day-to-day work.
In one case, we received an alert about suspicious PowerShell activities detected on one of the endpoints, and CrowdStrike Falcon detected the issue and generated an alert on our SIM solution as well. We started investigating that endpoint using CrowdStrike Falcon, confirming through the process tree that there was suspicious execution, and we began isolating the endpoint device to prevent further impact. That is how we used CrowdStrike Falcon for monitoring and investigating endpoint devices.
We also use CrowdStrike Falcon for endpoint activities and for responding to malware alerts, which is a significant part of our process.
What is most valuable?
CrowdStrike Falcon offers several features that stand out to me, including a feature called Process Tree visibility, where we can see the entire attack history including how it started, how it initiated the connection, how it ended, and the intentions behind that particular incident. Additionally, it has great threat intelligence data, isolation automation, detailed process visibility, a real-time threat blocking system, and behavioral threat detection that helps in responding to incidents on endpoints. These are the best features I have ever used.
I wish more people knew about the Process Tree visibility feature because it helps to understand the full attack chain quickly, making it a very impactful feature I have ever used.
CrowdStrike Falcon has positively impacted my organization by improving endpoint security. Even if end users are doing something on their endpoints without their knowledge, such as receiving documents from vendors, the endpoints will scan attachments before delivery, and if they are malicious, it will detect them and provide notifications and alerts. It has positively impacted endpoint security and reduced the response time for incidents and alerts.
In my experience, I noticed that the Mean Time To Respond (MTTR) has reduced by around 30 to 40 percent due to faster detection and response achieved by the Falcon agents.
What needs improvement?
CrowdStrike Falcon requires experience and knowledge about tuning, as proper tuning is required. Improvement could focus on this aspect, as well as simplifying the user interface for new users and different department employees, since it sometimes generates a lot of false positives. They should concentrate on this as well.
They can work on better reporting and simplifying the interface to enhance the overall user experience.
CrowdStrike Falcon provides very good visibility into endpoint activity, including process execution and behavior. It is not only useful for the security department; it is beneficial for other departments as well. If something happens, even developers can log into CrowdStrike Falcon to check what is happening with their endpoints. Every tool should be built with this capability in mind, including CrowdStrike Falcon, which could also work on improving user interface design.
What do I think about the stability of the solution?
CrowdStrike Falcon is stable, with no major issues I have faced.
What do I think about the scalability of the solution?
CrowdStrike Falcon is highly scalable.
How are customer service and support?
The customer support is good, and I have reached out to them.
Which solution did I use previously and why did I switch?
We were previously using SentinelOne and Microsoft Defender but switched to CrowdStrike Falcon for better detection capabilities, especially for a client handling numerous attachments and endpoint activities.
What was our ROI?
I have seen a return on investment due to strong detection and faster response capabilities of CrowdStrike Falcon.
What's my experience with pricing, setup cost, and licensing?
The pricing, according to my knowledge, is subscription-based, depending on how many endpoints and modules the organization needs to use.
Which other solutions did I evaluate?
Before choosing CrowdStrike Falcon, we evaluated SentinelOne and Microsoft Defender because we needed better detection and visibility.
What other advice do I have?
My advice for others looking into using CrowdStrike Falcon is to have a clear understanding of how to properly fine-tune and monitor the system to get the full benefits. If they are good at these aspects, they can confidently purchase it and start working towards endpoint protection.
CrowdStrike Falcon is a strong solution with faster responses to endpoint-related incidents and alerts. Overall, it is a very robust solution for organizations dealing with endpoint security, and they can confidently choose CrowdStrike Falcon and make it work effectively. I would rate this product a 9 out of 10.
Crowdstrike Helps Your Technical Health, and Mental Health
What do you like best about the product?
The fact that the platform is so insanely robust and granular is an absolute lifesaver. I can make my rules ridiculously complicated if I want to, or I can set up more of a “set and forget” approach that I don’t have to think about again until something actually triggers. The detection rating feels unmatched—the platform gathers more threat intelligence than almost anyone else in the world—and that has been a complete game changer for us. No more spending all day hunting through false positives, and no more overly complex reports that don’t make sense and are frustrating to explain to management. Everything is there, it’s ready, and it’s exportable. You can do just about anything with Crowdstrike, and when I say that, I quite literally mean it.
If you want to sleep at night knowing your organization is protected with what I consider the best protection available on the market, I’d strongly suggest going with Crowdstrike. I’m personally sleeping better at night, and members of my team are far less stressed on weekends—we’re no longer dreading a call that our infrastructure has been compromised.
We use this as our main source of protection across our entire enterprise.
What do you dislike about the product?
It's a complex beast to master - it takes time. That's not even really a dislike, it's more of a fact. If you want to be able to fully understand the product, and use all of the features to their fullest, you need to sit down, and do some training and education. Anything worth using though, takes time to master.
What problems is the product solving and how is that benefiting you?
The ever present issue of a breach - if we are breached, we know that response and remediation will take place in minutes, not hours or days. You can do everything right, but the end user is always going to be your weakest link, and the juciest target. However, while users maybe juicy targets, Crowdstrikes Spotlight Vulnerability Mangement platform gives me the ability to patch Windows on the fly, and show me what other third programs need to be patched as well. Not only that, but the remediation time frame window reports, and the general reporting ability of Spotlight is amazing. The reports are straightforward and easy to read for non-technical members of management. They aren't focused on flashy statistics - they're focused on giving you a no frills picture of what's going on in your environment.
Feature-Rich EDR
What do you like best about the product?
It has features you don't see in other technologies; it's a fantastic EDR and offers plenty of options for configuration and customization—something that's difficult to find in other technologies.
What do you dislike about the product?
The learning curve is steep, and there are many modules that change frequently
What problems is the product solving and how is that benefiting you?
Implementing better security policies to strengthen teams against potential breaches, using RTR connections to deploy scripts, and the new approach CrowdStrike is taking with SIEM help provide greater visibility into events as they occur.
Peace of Mind with 24/7 Threat Detection
What do you like best about the product?
I love that with CrowdStrike Falcon Endpoint Protection Platform, I don't have to worry about my endpoints. If there's a problem, they take care of it and notify me, which allows me to sleep much better at night knowing that CrowdStrike Falcon has our back. The platform is worth every penny. It's very easy to set up, and we were able to automate the deployment of the agent, making it very helpful for our team.
What do you dislike about the product?
Absolutely nothing!
What problems is the product solving and how is that benefiting you?
I use CrowdStrike Falcon Endpoint Protection Platform for threat detection, 24/7 endpoint monitoring, and remediation, allowing us to avoid hiring a round-the-clock internal staff.
Advanced Threat Detection with Ease of Use
What do you like best about the product?
I use CrowdStrike Falcon Endpoint Protection Platform as a next-gen endpoint security to protect our organization against advanced cyber threats. I appreciate the endpoint security that goes beyond traditional antivirus, offering features like machine learning at the initial stage after installation, behavior-based threat detection, and a lightweight agent. The detailed process tree for any detection provides accurate investigation reports and makes it easy to understand the root cause. I also like its ability to detect zero-day attacks and unknown malware. The initial setup was easy and straightforward with support from the CrowdStrike team.
What do you dislike about the product?
I have some concerns about pricing and cost transparency with CrowdStrike Falcon Endpoint Protection Platform. Also, learning to use the advanced features isn't very easy.
What problems is the product solving and how is that benefiting you?
It protects our endpoints from modern cyber threats, providing more visibility and device control.
Crowdstrike : Your End point savior
What do you like best about the product?
It is very easy to use, easy to implement & integrate and highly effective at protecting endpoints from vulnerabilities. It also gives administrators the ability to fine-tune settings, which helps ensure that all systems remain protected and well managed. Their customer success team is so prominent and due to this, it is frequently used almost daily
What do you dislike about the product?
Prices could be a bit more economical to fit it to small and mid cap oragnisations
What problems is the product solving and how is that benefiting you?
It is helping us manage and secure our endpoints against vulnerabilities.
Endpoint protection has blocked ransomware and malware and gives me real-time control
What is our primary use case?
I am using CrowdStrike Falcon because I want to secure my end-user devices.
What is most valuable?
I am using CrowdStrike Falcon because it works on signature-based and signature-less technology, which will prevent me from outside attackers and outside malware.
CrowdStrike Falcon will protect me from ransomware, and after the installation of CrowdStrike Falcon, I get full control on my endpoints and I am secure from outsiders.
CrowdStrike Falcon features are robust and reliable.
There are multiple features including real-time detection, real-time prevention, ATP, and IPS.
CrowdStrike Falcon makes my job easier because it will prevent me from outsider attacks and outsider detection; for example, if I want to stop any types of pen drive block or allow, it will prevent me from that as well.
It will impact my organization positively because if anybody wants to try to hit something, wants to take access, wants to perform CNC attacks, wants to do DOS attacks, CrowdStrike Falcon will protect me regarding real-time protection, PUA detection, scanning, and scheduler scanning.
I have seen on my portal, as the owner, that last week there were some detections about Trojan malware and some detections about CryptoGuard crypto malware. There are many detections, and I have seen that Trojans and malware have been blocked by CrowdStrike Falcon.
What needs improvement?
As of now, CrowdStrike Falcon does not have application control and web control. If CrowdStrike Falcon applies those types of features, it will be more reliable and stronger than any other antivirus or next-gen antivirus in the world or in the industries.
For how long have I used the solution?
I am using CrowdStrike Falcon from last two years.
What do I think about the stability of the solution?
CrowdStrike Falcon is stable right now.
What do I think about the scalability of the solution?
It is good; I can increase it any time.
How are customer service and support?
Customer support is good for CrowdStrike Falcon; they have the best support.
Which solution did I use previously and why did I switch?
I have used Seqrite, but I have switched because Seqrite does not have signature-less technology.
What was our ROI?
CrowdStrike Falcon has saved me money because if any attacker attacks, they can borrow money to decrypt the file, so it is the money saved and time saved.
What's my experience with pricing, setup cost, and licensing?
Pricing, setup cost, and licensing is very good for CrowdStrike Falcon based on what I have seen.
Which other solutions did I evaluate?
What other advice do I have?
As of now, I think CrowdStrike Falcon is better and it is working fine. I rate it 10 out of 10 because it is lightweight, it has real-time detection, and it has the more powerful signature-based and signature-less technology. I can advise others that if there are any opportunities, they should use CrowdStrike Falcon because it is a very lightweight agent with signature-based and signature-less technology. CrowdStrike Falcon has real-time scanning, real-time prevention, and multiple other features. My overall rating for this product is 10 out of 10.
Lightweight enterprise security that doesn't bottleneck developer workflows
What do you like best about the product?
As an engineer, the best thing about CrowdStrike Falcon is how incredibly lightweight the single agent is. Unlike traditional antivirus software that hogs CPU resources during system scans, Falcon runs silently in the background. It doesn't interfere with my heavy workloads, local development environments, or Docker containers, yet it still provides top-tier, real-time behavioral threat detection
What do you dislike about the product?
Out of the box, the platform can generate a lot of noise. If your security team doesn't tune the policies correctly, developers can experience alert fatigue or false positives—especially when we are compiling new binaries or running custom scripts. Additionally, maintaining compatibility with cutting-edge Linux kernels can sometimes be a bit of a headache during updates
What problems is the product solving and how is that benefiting you?
At a Web3 company, we need to secure a distributed engineering team handling highly sensitive infrastructure and digital assets. CrowdStrike gives our security operations centralized visibility into every machine. It benefits us by ensuring strict compliance and protecting against advanced ransomware without severely degrading our daily developer machine performance
Lightweight Agent with Powerful Real-Time Threat Detection and Endpoint Visibility
What do you like best about the product?
What I like most is the lightweight agent and powerful real-time threat detection capabilities. The platform runs smoothly without impacting system performance, which is critical in a production environment. It's behavioral-based detection and AI-driven analysis provide excellent protection against advanced threats, including ransomware and zero-day attacks. Having a centralized cloud console also gives strong visibility across our endpoints, making monitoring and incident investigation much more efficient.
What do you dislike about the product?
I think the main drawback is the pricing structure, which we all know it can be expensive, especially for smaller organizations or when additional modules are required. Also, there is a learning curve when first navigating the dashboard and configuring advanced features. While the interface is very powerful and useful especially during investigation, it can feel complex for teams that are new to EDR/XDR platforms.
What problems is the product solving and how is that benefiting you?
CrowdStrike Falcon helps us proactively detect and prevent advanced cyber threats before they impact our systems. It reduces manual investigation time by providing detailed endpoint telemetry and automated alerts, allowing our team to respond faster and much more effective. This has strengthened our overall security posture, minimized downtime risk and increased confidence that endpoints across the organization are continuously protected.
Strong Real-Time Protection That’s Easy to Manage
What do you like best about the product?
CrowdStrike Falcon provides strong, real-time protection against modern cyber threats while being easy to manage. It uses cloud based intelligent to detect and stop malware, ransomware, and advanced attack without slowing down systems.
What do you dislike about the product?
CrowdStrike Falcon is that it can be expensive especially for smaller team and organizations. Some advanced features require additional modules, which increases overall cost.
What problems is the product solving and how is that benefiting you?
It solves the problem of advanced and fast-moving cyber threats that traditional Antivirus tools often fail to detect. It helps protects system from malware, ransomware, and suspicious behaviour continually monitoring endpoints and stopping threats in real-time.
