CrowdStrike Falcon Platform
CrowdStrikeExternal reviews
377 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Crowd Strike Flacon X Threat Intelligence solution
What do you like best about the product?
Falcon X it's ease to use and powerful tool. Low false positive hit.
What do you dislike about the product?
No direct connection with web portal threat actor name and real threat actor
What problems is the product solving and how is that benefiting you?
Integration of SIEM information with intelligence information
Great Endpoint Protection with leading technology
What do you like best about the product?
Ease of deployment and analytics of console to view and consolidate informatoin.
What do you dislike about the product?
Crowdstrike does not currently have many items to dislilke. I use every module from CS the only item I found that is a little Clunky is the Event Search which requires some splunk background
What problems is the product solving and how is that benefiting you?
Complete Endpoint protection for all our Assets, including Mac, Linux, Windows that has a simple agent that provides much more than just an ordinary virus/malware or malicious activity for the endpoint. CS is providing inventory mgmt pieces as well as looks at software installed. We also have the Complete piece with Crowdstrike that provides a fully backend MSP that takes care of all our needs.
Recommendations to others considering the product:
take it for a test drive. Crowdstrike is the leading company in this area right now and nothign compares.
The best machine learning technology and the best anti malware tech
What do you like best about the product?
it has one of the most massive Deployments, grear enpoint protection
What do you dislike about the product?
vulnerability management is not that great, the small things are missing such as Ip determination etc
What problems is the product solving and how is that benefiting you?
i have delpoyed it for security solutions, and i have relaized that it has one of the best endpoint protections , extensive api's , great cloud visiblity
Recommendations to others considering the product:
go for it for the great endpoint protection and cloud visiblity and extensive api's, it has strong edr capabilities.it is highly customisable. thougj it dosnt have a lot of features it is one of the best in the markets., also the vulnerability management is not that great . however it is highly recommended
I recommend the CrowdStrike to organizations to protect their endpoint devices from cyberattacks
What do you like best about the product?
1. Dashboard Flexibility - we can get a clear picture of what's going in the network environment. Mainly, the incident and detections widgets are very important. The overall scoring of incidents will be crucial to understand how safe the network is. Additionally, the mitre tactics will be clearly displayed. The home screen search gives flexibility for the analysts to quickly check for IP/hostname/file details within seconds.
2. Incident Scoring - it will trigger with an indication of critically scoring out of 10. The incident details are, with flow-based and behavioral-based pre-analysis will be given. Each stage of flow will be represented with a full description, block action, and mitre attack mapping.
3. Detection Mechanism - mainly focuses on file-based detection, which comes with a lot of filters where we can filter will hostname, filename, mitre tactic, block action, severity, etc.
4. Event Search - All the Investigate search fields help to search each and every event.
5. Overwatch alerting - are a more important part of monitoring. The critical true positive incidents will trigger as overwatch. The probability of getting true positive incidents is very high.
6. Finally, the Support team of crowdstrike will also keeps eye on the critical things happening in our environment and notify us.
2. Incident Scoring - it will trigger with an indication of critically scoring out of 10. The incident details are, with flow-based and behavioral-based pre-analysis will be given. Each stage of flow will be represented with a full description, block action, and mitre attack mapping.
3. Detection Mechanism - mainly focuses on file-based detection, which comes with a lot of filters where we can filter will hostname, filename, mitre tactic, block action, severity, etc.
4. Event Search - All the Investigate search fields help to search each and every event.
5. Overwatch alerting - are a more important part of monitoring. The critical true positive incidents will trigger as overwatch. The probability of getting true positive incidents is very high.
6. Finally, the Support team of crowdstrike will also keeps eye on the critical things happening in our environment and notify us.
What do you dislike about the product?
1. More focused on only file-based executions.
2. Machine Learning based detections throw more false positives. Unnecessary blocking of genuine executions will sometimes impact business.
3. For Endpoints protection, it can have the best alternatives with the best features like Microsoft ATP, Zscalar.
2. Machine Learning based detections throw more false positives. Unnecessary blocking of genuine executions will sometimes impact business.
3. For Endpoints protection, it can have the best alternatives with the best features like Microsoft ATP, Zscalar.
What problems is the product solving and how is that benefiting you?
1. File-based detections is the biggest positive in Crowdstrike.
2. Overwatch alerts will be the most probably true positive incidents. It will alarm in the CS console as well as in the mail.
3. We can see what all applications installed in the user's machine.
4. Almost 65% percent of work will be done by crowdstrike itself without analyst intervention.
2. Overwatch alerts will be the most probably true positive incidents. It will alarm in the CS console as well as in the mail.
3. We can see what all applications installed in the user's machine.
4. Almost 65% percent of work will be done by crowdstrike itself without analyst intervention.
Recommendations to others considering the product:
I strongly recommend the Crowstrike to organizations to protect their endpoint devices from cyberattacks. Almost all the major incidents can be mitigated with this Endpoint protection.
It is excellent cloud based NGAV with full proof protection..!!
What do you like best about the product?
It is reaaly good in manageability and monitoring entire organization in single console with very less effort.
What do you dislike about the product?
Crowdstrike Store must be more user friendly and product needs to display with full description with use case.
What problems is the product solving and how is that benefiting you?
It is work with less compute power and use unwanted disk operation. The endpoint works really well in terms of other peers competition.
Compared to other Commercial Endpoint solutions Falcon has superior technology and it is hassle free
What do you like best about the product?
features like Threat actors details, network quarantine capabilities, malware execution map & Dashboard
Threat actors database.
Dashboard filtering capabilities and eliminating falsepositives with just a click.
RBAC (role based access control) features enables high security towards authentication.
Email alerts is helpful for rapid threat response to aviod potential security incident.
Intergration capabilities with ITSM tools is an added advantage.
Threat actors database.
Dashboard filtering capabilities and eliminating falsepositives with just a click.
RBAC (role based access control) features enables high security towards authentication.
Email alerts is helpful for rapid threat response to aviod potential security incident.
Intergration capabilities with ITSM tools is an added advantage.
What do you dislike about the product?
Initially, eliminating the false positives and purging them is time-consuming. Agent deployment for Windows flavored OS is easy. But for a Linux-based system, it is a tedious task.
Extracting logs or report for troubleshooting should be even more used readable. I liked the Dashboard, but Falcon can still improve a few automation to eradicate known false positives.
Main Disadvantage: Active endpoint scanning is not possible CrowdStrike only analysis the network traffice and behaviour with in the system. Falcon should introduce quick scan and full scan features to over come this disadvantage.
Duplicate alerts and related ITSM tickets are a problem with falcon, In my experience I have experienced Crowdstrike reporting multiple alerts for same issue. This results in huge number of ticket creation (If Intergrated with ITSM) or large amount of emails spamming your Inbox.
Extracting logs or report for troubleshooting should be even more used readable. I liked the Dashboard, but Falcon can still improve a few automation to eradicate known false positives.
Main Disadvantage: Active endpoint scanning is not possible CrowdStrike only analysis the network traffice and behaviour with in the system. Falcon should introduce quick scan and full scan features to over come this disadvantage.
Duplicate alerts and related ITSM tickets are a problem with falcon, In my experience I have experienced Crowdstrike reporting multiple alerts for same issue. This results in huge number of ticket creation (If Intergrated with ITSM) or large amount of emails spamming your Inbox.
What problems is the product solving and how is that benefiting you?
I have mostly been a Security Analyst. I have investigated alerts reported by Falcon. In a nutshell, we used Crowdstrike for Managing all the endpoints used for business.
Benefits- Real-time status and statistics, since using dashboard one can control the agents so in terms of incident response one can network quarantine a system (if found with malware) with just a few clicks using central Dashboard.
This feature will surely help restrict ransomware from spreading across systems.
Benefits- Real-time status and statistics, since using dashboard one can control the agents so in terms of incident response one can network quarantine a system (if found with malware) with just a few clicks using central Dashboard.
This feature will surely help restrict ransomware from spreading across systems.
Recommendations to others considering the product:
The product is futuristic and will surely add multiple automation over the period. But for Endpoint Detection and Response (EDR). I would recommend CrowdStrike as the market's Pioneer.
Its a very good experience of using CrowdStrike.
What do you like best about the product?
The User interface, detection details, crowdstrike support
What do you dislike about the product?
There is nothing specifically to be said.
What problems is the product solving and how is that benefiting you?
I supported CS support multiple times and they have resolved all my issues.
Recommendations to others considering the product:
Its very advisable to people as its a best EDR in market.
Product is very good ... but interface is bit old
What do you like best about the product?
Perfect is all manner other then support and sales team
What do you dislike about the product?
Support & sales teams are not that supportive and response
What problems is the product solving and how is that benefiting you?
Software it self is pretty much mature and works perfect performance wise
It's a great tool with detailed logs and good detection capabilities
What do you like best about the product?
EDR is the best it's great capability of alert mechanism
What do you dislike about the product?
Sometimes , Crowdstrike does not give a detailed report on registry changes
What problems is the product solving and how is that benefiting you?
All malware are safely terminated
Crowdstrike Falcon - A lightweight agent with superb EDR capabilities and easy management
What do you like best about the product?
The agent is extremely lightweight and it never takes huge resources on the system. Management is extremely easy with easy dashboard. The alerts are extremely well detailed, so any L2 system administrator can understand them and take appropriate actions starting from marking them as malicious or false positive, quarantining the alert to network containing the host. If you are still on conventional AV, switch to Crowdstrike EDR for the best secured experience. It is also one of the leaders in Gartner magic quadrant.
What do you dislike about the product?
The threat advisory part is a little hard to understand for the L2 administrators. So it can be simplified into different attacks and their hashes and ioc which can be blocked easily across the organisation. Its again not a part to dislike but still something which can be improved or modified based on my personal choice.
What problems is the product solving and how is that benefiting you?
Endpoint and host security real time device level log analysis and threat behaviour with seamless machine learning analysis. These capabilities lacked in a conventional antivirus product which was entirely dependent on virus definition signature. With crowdstrike edr, each amd every system event is being analyzed which prevents in the origin of a malicious event.
Recommendations to others considering the product:
Switch to Crowdstrike edr for seamless security and event monitoring. It is a single pane of glass to manage host security instead of depending on a range of products like threat prevention, web filter, firewall etc. which takes up unnecessary resources on system.
showing 131 - 140