CrowdStrike Falcon Platform

What do you like best about the product?

What I like best about Crowdstrike Falcon is how Lightweight it feels compared to traditional antivirus solutions. A lot of endpoint protection tools tend to bog down your system with constant scans and updates, but Falcon runs quietly in the background without really affecting performance which honestly surprised me given how much it's doing under the hood.

The cloud-native architecture is another big plus, Since everything is managed through the cloud, there's no need to deal with on-prem servers or constant manual updates. New threat intellgence and detection capabilities just get pushed out automatically, so you're always working with the latest protections without lifting a finger.

I also really appreciate the visibility and detail it gives you when something does get flagged. Instead of just saying "this file is bad," It shows you the full attack chain what triggered it, what process did what, and how it all connects. That kind of context makes it so much easier to actually understand what happened and respond properly, instead of just reacting blindly.

And honestly, the speed of detection stands out too. Threats get flagged almost instantly, which gives a lot of peace of mind when you're responsilble for keeping syetem secure.

What do you dislike about the product?

One thing that bugs me a bit about Falcon is the pricing. It's definately on the higher end compared to some other endpoint protection tools, and smaller teams or businesses, that cost can add up fast especially once you start adding on extra modules for things like identity protection or threat intelligence. It almost feels like the "full experience" is locked behind multiple add-ons rather than one straightforward package.

The console UI can also feel a bit overwhelming at first. There's just so much data, so many tabs, and so may ways to drill into things that it takes a while to actually get comfortable navigating it. For someone new to the platform, it's not the most intuitive experience right out of the gate.

Another thing alert fatigue is real. Beacuse it's so thorough, you sometimes get a lot of detections or alerts, and not all of them turn out to be critical. It takes some tuning and experience to fatigue out what actually needs immediate attention verus what's just noise. Without proper triage, it can feel like a lot ot keep up with.

Lastly, support response times can vary. Sometimes you get quick, helpful responses, but other times especially for more complex issues it can take longer than you'd expect, which is frustrating when you're dealing with a potential secuirty incident.

What problems is the product solving and how is that benefiting you?

Falcon is solving the problem of not knowing what's happening on your endpoint until it's too late. Traditional antivirus tools mostly rely on signatures, so they're great at catching known threats but often miss new or more sophisticated attacks. Falcon takes a behaviour based approch instead looking at what processes are actually doing which means it can catch things that would otherwise slip through completely unnoticed.

For me, the biggest benefit has been around proactive threat detection. instead of finding out about a problem after the damage is done, Falcon flags suspicious behaviour early, which gives a real chance to investigate and contain something before it spreads. That shift from "reactive" to "proactive" security makes a huge difference in day-to-day peace of mind.

It's also helped a lot with visibility across endpoints. In environments where you've got a lot of devices spread out, it can be really hard to know what's going on everywhere at once. Falcon centralizes all of that into one piece, so you're not jumping between different tools or relying on guesswork to fatigue out what's normal vrus what's not.

And from an incident response perspective, the detail it provides really speeds things up When something does happen, having that full attack chain laid out means less time spent piecing together what occured and more time actually responding to it.

So overall, it solves the problem of blind spots and that translates into faster detection, faster response, and a lot less uncertainly when it comes to endpoint security.

What do you like best about the product?

I appreciate CrowdStrike Falcon Endpoint Protection Platform's detection capability. It doesn't just rely on known signatures, but picks up on unusual behavior, which makes a big difference when dealing with newer threats. The platform runs quietly in the background, so our staff never even noticed it's there, which is exactly how it should be. The behavioral detection has caught things that traditional antivirus would have completely ignored, saving us from potential serious issues. Additionally, the agent runs very light, allowing our team to get on with their work without any complaints about slow machines, which used to be a constant issue before.

What do you dislike about the product?

The pricing is worth mentioning; it's not the cheapest option out there, and for smaller teams or businesses, it can be a tough sell. Also, when you first get into the platform, there is quite a bit to take in. The amount of data and options available is great, but it can feel like information overload until you get properly comfortable with it. Better onboarding resources would go a long way. Some short video walkthroughs or interactive guides built into the platform would really help new users find their feet faster. Right now, you end up spending a lot of time digging through documentation, which is not always the quickest way to learn.

What problems is the product solving and how is that benefiting you?

I use CrowdStrike Falcon Endpoint Protection Platform for endpoint security, monitoring devices, and catching threats early. It flags suspicious activity ahead of time, reducing stress. Its behavioral detection handles new threats well, and it runs quietly, leaving our team unbothered by slow machines.

What do you like best about the product?

The single-agent architecture actually lives up to the marketing buzz coming from an environment that was bogged down by clunky legacy av suites rolling out the falcon sensor via SCCM was incredibly straightforward. our end-users don't even notice it running because it barely touches local system resources there are no heavy local signature updates choking up machine memory at 9 AM.

From an incident response perspective, the great graph visualization makes life significantly easier during a triage. being able to trace a malicious process execution tree from a stray script back to its origin down to the exact command-line arguments saves us a massive amount id investigation time the behavioral detection tuning handle zero-days without throwing an un

What do you dislike about the product?

The tool is incredibly capable but the platform's modular structure can be a bit overwhelming during budget planning as getting advanced capabilities like hyper-granular identity telemetry or specialized USB controls means adding specific modules that said it does allow you to build a highly customized security stack rather than paying for a bloated all-in-one suite you don't fully use.

One the administrative side the management console has a sharp learning curve for tier-1 analysts the UI is exceptionally logic it takes some dedicated hands -on-time to confidently map out policy exclusions without feeling a bit intimidated by the sheer number of prevent toggles

What problems is the product solving and how is that benefiting you?

We were struggling with massive blind spots on our remote endpoints, especially with developers spinning up unmanaged local VMs and accidentally exposing sensitive internal data falcon gave our security team immediate real-time visibility across our entire distributed workforce without requiring our users to be consistently tunneled through a corporate VPN.

By moving away from static signature defenses to falcon's behavioral indicators of attack (IOAs), we've drastically cut down mean time to detect (MTTD). It successfully caught a lateral movement attempt involving a compromised service account that traditional tools would have glossed over it effectively consolidated three different legacy security utilities down into one console, which cleared a tin of technical overhead from our day-to-day operations queue.

What do you like best about the product?

I appreciate that CrowdStrike Falcon Endpoint Protection Platform is lightweight, unlike legacy antivirus software that heavily taxed our systems. The lightweight design doesn't lock up our machines, as it runs quietly in the background. I also value the automatic blocking feature, which keeps my mind at ease, knowing it handles threats without intervention. I find the ability to isolate a computer from the network a handy feature for isolating issues quickly. One of the standout features is the extensive visual process tree, which streamlines alerts by showing a clear attack chain. It has changed how I handle investigations by providing precise sequences of events, like spotting if a user opened a phishing link that triggered a hidden script. This feature is a lifesaver for my team, making our daily tasks less cumbersome by eliminating guesswork and providing fast answers to executive queries. Also, it gives us a complete history of events in less than two minutes, letting us address concerns promptly and find the root cause of issues efficiently.

What do you dislike about the product?

I find the interface fields scattered. Over the years, as new modules have been added, it feels like they made it scattered. I think they need a simple mode toggle or workspace customization for general IT administrators who don't need to see all the dense, advanced features. Another issue is with update trust. Ever since a massive, global update glitch, managing and tracking which endpoints missed an update can be clunky. They should offer more granular control over updates and clearer alerts when a sensor update fails to apply. Also, they should consider lowering the cost. Finally, I think adding a junior analytics alert feature could help, so that lower-level team members can access what they need.

What problems is the product solving and how is that benefiting you?

I use CrowdStrike Falcon Endpoint Protection Platform to protect company laptops and servers from malware and ransomware. It runs quietly in the background, and I check alerts if any user downloads something sketchy.

What do you like best about the product?

Its lightweight agent, real-time threat detection, and cloud-native architecture provide excellent visibility into endpoints. It helps identify and stop advanced threats quickly, and it’s also easy to deploy and manage.

What do you dislike about the product?

Some advanced features take time to learn for new users, especially for smaller IT teams that don’t have dedicated security expertise.

What problems is the product solving and how is that benefiting you?

It helps us solve challenges related to endpoint security, threat detection, and incident response across our organization.

What do you like best about the product?

I like that the number of false positive alerts is very low and the detections are very accurate. I also appreciate getting PowerShell access to investigate and take action, as well as the ability to run Python scripts. Investigating the machine's event history is straightforward. The detection and response capabilities are much better than what I was used to with our previous product. The setup was also easy.

What do you dislike about the product?

In CrowdStrike, drive/volume references are shown as device paths rather than Windows drive letters (volume# instead of C: or E:). It would be better if they were changed to Windows style letters.

What problems is the product solving and how is that benefiting you?

I use CrowdStrike Falcon Endpoint Protection Platform for threat hunting, incident investigation, and response. It provides low false positive alerts and accurate detections. I get PowerShell access for investigation, can run Python scripts, and perform event history investigations. Detection, response, and taking action are much improved.

What do you like best about the product?

I use CrowdStrike Falcon Endpoint Protection Platform as our primary enterprise endpoint security solution and I really appreciate its incredibly lightweight agent. It provides top-tier, real-time security and behavioral threat detection without hogging system resources or slowing down user machines. I really enjoy the network isolation feature as it works flawlessly, allowing me to instantly disconnect a compromised device from the network with one click while still maintaining my remote connection to fix it. I also found the initial setup to be incredibly easy since it is 100% cloud-native, requiring minimal effort and allowing me to deploy the lightweight agent across all company devices without needing a single reboot. The platform integrates seamlessly with our Microsoft Azure infrastructure and our centralized SIEM system, which aids in consolidated security logging and rapid incident response. I would rate it a solid 10 out of 10 for its flawless cloud management and zero impact on PC performance, making it the ultimate endpoint protection for any enterprise.

What do you dislike about the product?

The centralized cloud dashboard can feel overwhelming because the user interface has a steep learning curve with too many sub menus. Also, the advanced threat hunting queries (Falcon Insight) require deep specialized knowledge, so making the query syntax more intuitive would be a great improvement for daily operations.

What problems is the product solving and how is that benefiting you?

I use CrowdStrike Falcon to monitor, detect, and isolate malware in real-time, stopping ransomware before it spreads and managing security with AI-driven analysis. Its lightweight agent prevents system slowdowns, and network isolation lets me contain threats instantly, safeguarding our infrastructure from breaches.

What do you like best about the product?

I like CrowdStrike Falcon Endpoint Protection Platform for its real-time threat detection and cloud-based visibility. It's fast and lightweight, and the automated response features really reduce the need for manual intervention. The platform helps me quickly identify suspicious activity before it escalates into a serious incident. The cloud-based visibility is valuable because I can monitor everything from a single dashboard, which is very easy to manage. The automated response saves time by containing or isolating threats instantly.

What do you dislike about the product?

It can sometimes be a bit complex to configure at the very beginning, especially for fine-tuning policies. Also, the alert volume can feel high without good filtering, so it takes some time to adjust.

What problems is the product solving and how is that benefiting you?

I use CrowdStrike Falcon Endpoint Protection Platform to protect against malware, ransomware, and cyber threats. It prevents advanced threats, reduces breach risks, provides real-time visibility, identifies suspicious activity quickly, and saves time with automated threat response.

What do you like best about the product?

I like CrowdStrike Falcon Endpoint Protection Platform for its strong threat detection and lightweight agent. The cloud-based management console is easy to use and the platform provides excellent visibility into endpoint activity. It allows our team to respond to security incidents quickly and efficiently. The initial setup was easy and efficient, with the lightweight agent deploying quickly and minimal effort required for configuration. I would highly recommend it due to its ease of management, cloud-native architecture, and its ability to help organizations respond to threats quickly.

What do you dislike about the product?

CrowdStrike Falcon works very well overall, there are few areas that could be improved. The pricing can be relatively high for smaller organizations, especially when additional modules are required. Some advanced features require time to learn and alert tuning is sometimes needed to reduce noise. More flexible reporting and dashboard customization would also be welcome improvements

What problems is the product solving and how is that benefiting you?

I use CrowdStrike Falcon Endpoint Protection Platform for malware prevention, ransomware defense, and threat detection. It offers real-time endpoint visibility and speeds up incident response, improving our security posture and reducing risks and admin efforts.

What do you like best about the product?

I like the fact that it protects and combines all the defence secuirty tools into one. it basically does most of the stuff

What do you dislike about the product?

licenses are limited not all of us in the team have the licenses due to the badget

What problems is the product solving and how is that benefiting you?

AI-driven behavioral analysis combined with real-time threat intelligence helps detect suspicious activity.