CrowdStrike Falcon Platform
CrowdStrikeExternal reviews
377 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Crowdstrike Analyst friendly tool
What do you like best about the product?
Interface is really great, GUI gives really great details about the event and have Ease of Use for non-security folks as well.
What do you dislike about the product?
Crowdstrike support of splunk for showing historical event.
What problems is the product solving and how is that benefiting you?
Transition from Signature based detection to behaviour based detection. Compare to other other EDR tools, detection was much better.
Recommendations to others considering the product:
Organizations who doesn't employ full time 24/7 security teams, crowdstrike really provides a very competitive solution. Easy to use and maintain.
Great product, bad account rep!
What do you like best about the product?
CrowdStrike product is great. A lot of functionalities. CrowdStrike has the ability to tweak and personalize based on your environment. You need to find the balance between too many false positives vs. losing true detections.
What do you dislike about the product?
Bad experience with an Account rep. We wanted to add additional modules to the product, he was able to get a short 30 mins demo. When asked for another 30 mins schedule to understand it further, he denied it. Was supposed to have quarterly review sessions which stopped after 3 sessions.
What problems is the product solving and how is that benefiting you?
Endpoint Security, Device Control (Block USB), Firewall.
Next-gen Endpoint Protection
What do you like best about the product?
Supports Windows, Linux, Mac endpoints
Actively developed and maintained - constant updates are both pro and con
Gives great deal of intelligence about endpoint behavior
Actively developed and maintained - constant updates are both pro and con
Gives great deal of intelligence about endpoint behavior
What do you dislike about the product?
Large learning curve to leverage
Large time requirement to investigate potential compromises
Large time requirement to investigate potential compromises
What problems is the product solving and how is that benefiting you?
Combined with third party monitoring, it allows a very small team to provide low effort monitoring of our systems
Strong in the major areas, needs some work in the details.
What do you like best about the product?
The level of confidence we now have knowing that our systems are protected against a whole host malicious actions as well have actionable information at fingertips is incalculable. The new features that come out are thoughtful and useful that come out with the release schedule. The release schedule itself is not overly aggressive and so far is very stable. The intelligence module is also very helpful.
What do you dislike about the product?
The 'Spotlight" feature could use some work. Currently we are unable to search multiple hosts at once, and have not found a workaround for it yet. The Spotlight search will gather all of the host information, running process data, logons ect. The clues you would need to run an investigation are found here often. It is extremely time consuming to have to run the same search, one at a time for each host, then correlate that data for comparison. I am unfamiliar with the back end of Crowdstrike so programming the ability to input a comma delineated list to search could be very difficult. Having had some some development work as well as DBA experience, I can understand that it may not be as simple as it sounds.
What problems is the product solving and how is that benefiting you?
We replaced a few endpoint agents with Crowdstrike. Specifically we replaced Carbon Black Protect and MS SCEP. We moved from a traditional AV to an EDAR solution. An internal guideline for our organization is to reduce the number of endpoint agents deployed. The system overhead has been realized by removing the Protect application.
Great EDR Product
What do you like best about the product?
The UI is helpful when performing investigations.
Some other features I like from the UI:
The Hash Search page, the Host Search page, The Detections page.
The product will generally tell you: what happened, what was the source, which hosts are affected, why this detection matters, and to make it even better - all these are mapped to the MITRE ATT&CK Matrix.
This makes things easier to communicate with other analysts to understand the lifecycle or workflow of an attack, and what we can do in the future to prevent it.
Some other features I like from the UI:
The Hash Search page, the Host Search page, The Detections page.
The product will generally tell you: what happened, what was the source, which hosts are affected, why this detection matters, and to make it even better - all these are mapped to the MITRE ATT&CK Matrix.
This makes things easier to communicate with other analysts to understand the lifecycle or workflow of an attack, and what we can do in the future to prevent it.
What do you dislike about the product?
Sometimes it's hard to tell which process spawned another process in the Timeline view.
Our team does not understand the difference between a detection and an incident.
Are incidents assigned automatically? Is an incident just multiple detections from the same host? Some insight into how it chooses to create an incident for a detection vs just a detection would be great.
Our team does not understand the difference between a detection and an incident.
Are incidents assigned automatically? Is an incident just multiple detections from the same host? Some insight into how it chooses to create an incident for a detection vs just a detection would be great.
What problems is the product solving and how is that benefiting you?
The product is great for combining next-gen AV with EDR capabilities.
The problem that we're solving with CrowdStrike Falcon: Endpoint Protection is that sometimes incidents are too noisy with the detections, and often-times analysts have to log in to multiple different dashboards or products to tell a story -- what are we seeing? Which hosts are infected? Where did the malware (for example) come from? Which processes are making network connections?
All these questions and more can be answered with the Crowdstrike console.
The problem that we're solving with CrowdStrike Falcon: Endpoint Protection is that sometimes incidents are too noisy with the detections, and often-times analysts have to log in to multiple different dashboards or products to tell a story -- what are we seeing? Which hosts are infected? Where did the malware (for example) come from? Which processes are making network connections?
All these questions and more can be answered with the Crowdstrike console.
Recommendations to others considering the product:
Check out the MITRE evaluations for EDR vendors, and Gartner Magic Quadrant.
Integral in protecting our environment in a way that removes end-user friction
What do you like best about the product?
The next-gen style endpoint protection is a game-changer and has been integral in providing high-level support with customizable threat intelligence. Not only is the protection leading the industry but the method by which the agent connects to the console and runs on the endpoint has been amazing. You can deploy on a large scale and run the agent in a way that no longer needs end-user interaction. Finally, users are protected and they don't have to think about it anymore.
What do you dislike about the product?
There's not much to dislike here. The attentiveness of, not only of the team assigned to our account but from the Overwatch team, and even the executives. They've all been fantastic.
What problems is the product solving and how is that benefiting you?
Protecting faculty endpoints and lowering the overall risk to endpoints, including servers. The benefits of peace of mind and industry-leading protection are the main benefits.
It just works!
What do you like best about the product?
It's very easy to create and alter policies and apply them to different groups.
What do you dislike about the product?
I wish Reports were easier to navigate to.
What problems is the product solving and how is that benefiting you?
We needed an effective endpoint protection solution that was easy to implement and manage.
Recommendations to others considering the product:
So much easier to use than older on-prem products.
Top Product for Next Generation Antivirus and Malware Protection
What do you like best about the product?
The user interface allows you to truly understand what was detected and why it should be a cause for concern within your organization.
What do you dislike about the product?
The only dislike was that it did not have support for obsolete operating systems. like Windows XP.
What problems is the product solving and how is that benefiting you?
We use Falcon to protect all of our endpoints and servers from malware. It has an incredibly low false-positive rate and we spend a lot less time on alerts than with our previous enterprise AV product.
Recommendations to others considering the product:
We did a bakeoff against two other competitors and CrowdStrike was hands-down better than their closest challenger.
Fast to implement, Set & forget
What do you like best about the product?
It was very easy to setup, just took a couple days to roll out for about 1500 PCs
Once it was all set and configured, it stopped a lot of malware that wouldnt have been detected by traditional AV solutions
The support is awesome
Once it was all set and configured, it stopped a lot of malware that wouldnt have been detected by traditional AV solutions
The support is awesome
What do you dislike about the product?
So, far everything has been great. It has been a good experience only
What problems is the product solving and how is that benefiting you?
Nex Gen Endpoint protection has proved better than the traditional signature-based AV solutions. The EDR is very helpful too
Exceptional Endpoint Protection
What do you like best about the product?
There are multiple facets to this question. The agent is compact, but that does not diminish the capabilities it offers. The "cloud" aspect of the tool is not for everyone but it does provide huge benefits on data collection and correlation. The platform is neat and the ability to pivot from one section to another is easy. It is all in a single one stop shop. Organizations also have a range of talent; the console presents data in such a way that even junior security analysts can handle while giving deeper capabilities to senior analysts.
What do you dislike about the product?
I personally am not a fan of the nickel and diming aspect. New offerings get slotted into whole new tables which requires a new contract. Also bummed by the "secret sauce" mindset that CS employs. Behavioral detections, signatures, etc are all locked away behind very high level descriptions which prevents architects, engineers, and senior analysts to extend the product in areas where there may be gaps. The product stands its ground due its capabilities, there is no need to lock this knowledge away.
What problems is the product solving and how is that benefiting you?
Business need is next generation endpoint protection. We are clearly realizing where static signature detections are the way of the past. Using CrowdStrike we have solved a number of security needs out of the gate from new asset identification, vulnerability management, etc. We have also extended the capabilities for general IT usage around software inventory and basic device details.
Recommendations to others considering the product:
Consider a proper bake off of the product in your environment and make sure that it meets the business need. If you have the capability to extend out for more modules, they are worth their value and give administrators and users alike the information they need to be successful. There are a few short comings so be sure to make sure they are not deal breakers for your organization. Roll out was exceptionally easy, and upkeep is easy considering other products.
showing 151 - 160