CrowdStrike Falcon Identity Protection

I am using CrowdStrike Falcon  for laptop, desktop, our server, and VM, including Linux, Windows server, and Linux server.

The most beneficial features of CrowdStrike Falcon  are that it is easy to install, easy to manage, lightweight, and it can stop breaches.

The impact of CrowdStrike Falcon lightweight agents on system performance and visibility is good, with only one agent required.

Speaking about the utilization of Falcon  threat graph for threat hunting, it helps my security team to predict and prevent potential breaches.

Considering that CrowdStrike Falcon is a cloud-native architecture, the elimination of on-premises infrastructure makes cybersecurity maintenance cost and complexity minimal, because we only need to install it and then monitor from the dashboard.

In Indonesia for SMB companies, the price is higher than other solutions.

For SMB organizations, the price may be higher than others, which means they have to think twice about it, but for enterprise companies, the cost is not a concern.

I have been using it for about six years and do not have any problems. The pricing is the only issue.

I have been using CrowdStrike Falcon since 2019, before the pandemic.

In terms of deployment of CrowdStrike Falcon, it is quite easy and there are no challenges with deployment.

As for stability, I would rate it around eight because last year they faced some downtime with around eight thousand computers, but it will improve.

For scalability, I would rate it a nine because they can scale efficiently with many users.

Technical support from CrowdStrike Falcon is good because usually in Indonesia we have a partner, and if the partner cannot address the issue, we discuss with CrowdStrike directly.

I would rate technical support a nine out of ten.

Positive

I used McAfee before CrowdStrike Falcon for the same use case. I switched to CrowdStrike Falcon because McAfee did not have machine learning or AI capabilities at that time.

CrowdStrike Falcon saves time and offers good value for money, especially for enterprise companies, because it can stop breaches.

I am not sure about the exact percentage of money it saves, as I have to calculate the risks, but we are satisfied because CrowdStrike Falcon has stopped breaches and prevented hackers.

I used McAfee before CrowdStrike Falcon for the same use case. I switched to CrowdStrike Falcon because McAfee did not have machine learning or AI capabilities at that time.

My rating for CrowdStrike Falcon would be eight points because there are many antivirus competitors. For those who want to use CrowdStrike Falcon, they should be mindful of the higher price compared to others.

The typical use case for CrowdStrike Falcon depends on what kind of service the customer is looking for. Most customers look for antivirus, endpoint detection and response, or possibly managed detection and response, which leads them to reach out to us.

When we speak to the customer, they usually tell us that they're looking for antivirus or endpoint detection and response, and we then introduce CrowdStrike Falcon.

CrowdStrike Falcon has many valuable features. The solution is used for multiple functions, including MDR, XDR, and CNA solution. It depends on which category you're looking for, and you have to customize the customer's equation accordingly.

CrowdStrike Falcon can be deployed both on-premise and in the cloud, and it's an on-call solution that can be deployed anywhere by simply deploying the agent on the end devices.

Certain areas of CrowdStrike Falcon have room for improvement, but it depends on the specific services being discussed. CrowdStrike offers multiple services, and most of the product comes in the Falcon service, so it's important to be specific regarding whether the discussion is about ADR, antivirus, XDR, or MDR, as it's one of the best solutions in the market.

I believe nothing can be done to make CrowdStrike Falcon a ten out of ten, as I think it's one of the best solutions in the market. However, rating it a ten overall would imply there's no scope for improvement, but to survive in the market, changes must be made every day. Every customer and solution has tendencies for improvement, which is why I'm not giving a perfect score.

I have more than two years of experience working with CrowdStrike Falcon.

I find nothing to miss in terms of stability; there are no glitches, and the solution is stable.

I would rate the scalability of CrowdStrike Falcon highly because it only depends on the customer's infrastructure and what kind of scalable environment they have. There's no scalability limitation from CrowdStrike itself, as it just requires agent deployment.

I would rate the technical support from CrowdStrike as good, actually more than good.

Positive

CrowdStrike Falcon can be deployed both on-premise and in the cloud, and it's an on-call solution that can be deployed anywhere by simply deploying the agent on the end devices.

The return on investment from CrowdStrike EDR depends on each company's circumstances and how they are utilizing the solution.

The price of CrowdStrike Falcon depends on which product we are discussing, as pricing can vary significantly based on the customer's profile and budget.

We are part two of CrowdStrike. The time it takes to deploy CrowdStrike Falcon depends on the customer setup.

My clients vary in size, as we can reach all types of businesses, whether small, medium, or enterprise.

Based on my experience, I would recommend CrowdStrike Falcon solutions to other people. I rate the solution an eight out of ten.

In my cybersecurity strategy, I use CrowdStrike Falcon  mainly as an EDR solution for us. Currently, we are using it as an EDR. We are also in discussion along with the CrowdStrike team where we can have a managed SOC integrated.

In the online industry, we are using CrowdStrike Falcon , specifically in online classified, which you could call e-commerce.

For threat detection, the most effective feature I find in CrowdStrike Falcon is 24/7 managed monitoring, which is basically a next-gen antivirus and next-gen endpoint detection and response. In endpoint detection and response, the best part is 24/7 365 continuous monitoring to the endpoint for identifying any suspicious activity.

CrowdStrike Falcon serves as a next-gen AV, which basically does AI-based behavioral analysis to detect and act on malware or ransomware.

The automated response capabilities in CrowdStrike Falcon handle incidents based on the behavior of the activity, performing analysis in case it finds more objectionable content. If there is blocking or breaking any of your site map or something of that sort, it is an untraditional way. If the traffic behaves suspiciously, it triggers an automated response to block it. Additionally, if it detects a file which might have an extension of MIME type of maybe a document whereas it is self-replicating, that sends a suspicious activity alert. In such cases, the detection happens automatically. Because in case it's a zero-day, many times such files automatically get put in a sandbox to extract it and see why it is identified as malware. It offers automated threat detection as well, not only automated response.

Falcon 's integration capabilities with other tools enhance my security posture because it has a very lightweight agent, and having a unified console gives us complete visibility, including endpoints, servers, containers, cloud workloads, everything.

To make CrowdStrike Falcon better for the next release, I recommend that they should have a model where it works as agentless. In terms of everything which the agent pushes to the server or to the single console, having a feature where you can have another port, which is SNMP or your network devices or OT devices, which you can specifically monitor, would be great.

I have been using CrowdStrike Falcon for more than two years now.

CrowdStrike Falcon is fairly easy to set up, according to my experience and our team's experience. Since we have a heterogeneous environment, for Windows it is very straightforward and easy, but for Linux it is a bit complex since you need to automate it. If you have a bulk force, then you have to use some CMF or something similar. Overall, it is still fairly easy.

For deployment, it takes approximately a couple of minutes.

During these two years with CrowdStrike Falcon, I certainly faced some problems, including the known CrowdStrike outage, which was quite pinching and brought many of the Windows-related services to a halt just because of one bad configuration push from CrowdStrike tracks.

Except for the incident mentioned above, I have not seen any recent issues with stability.

CrowdStrike Falcon is easy to scale for my company's needs.

I have contacted CrowdStrike for issues, and the response was poor. That particular experience was pretty bad, with people not knowing what was happening, how to mitigate, or what to do. We were in a bad situation, but after a couple of hours, their communication started flowing fine, and things gradually started improving. For that particular instance, I would rate it less than four.

Before working with CrowdStrike Falcon, I evaluated options such as Carbon Black and SentinelOne.

CrowdStrike Falcon is fairly easy to set up, according to my experience and our team's experience. Since we have a heterogeneous environment, for Windows it is very straightforward and easy, but for Linux it is a bit complex since you need to automate it. If you have a bulk force, then you have to use some CMF or something similar. Overall, it is still fairly easy.

For deployment, it takes approximately a couple of minutes.

As for return on investment after implementing CrowdStrike Falcon, I would say if it is protecting my environment, that itself meets my expectations so far.

CrowdStrike Falcon is pretty expensive.

I do not see a lot of advantages in CrowdStrike Falcon; however, because of one particular problem, we had to give away SentinelOne. Otherwise, all three products are quite comparable.

For those who would like to use CrowdStrike Falcon, I recommend negotiating hard on commercial terms because it is not an easy or affordable solution. From a commercial standpoint, you should negotiate hard, but technically, it is not very difficult.

CrowdStrike Falcon is a user-friendly tool.

On a scale of one to ten, I rate CrowdStrike Falcon an eight.

We are protecting our endpoints, workstations, servers, and cloud workloads. This includes effective use of antivirus and detection and response capabilities.

I am working at Arab Open University, and we are using CrowdStrike Falcon  as our security product.

The most beneficial part is the active response capability of the product. Being an EDR solution, it helps us identify attacks in real-time. The product runs in the background 24/7. The most interesting aspect is the behavior analysis functionality, which analyzes the behavior of any suspicious activity.

It identifies threats efficiently due to its built-in intelligence and AI capabilities, which has been extremely helpful for our organization.

Some features such as device control, firewall management, and file analysis are standalone products that we need to purchase separately. If these features came out of the box within the product, it would be much more beneficial for us. Other providers such as SentinelOne include these features in their base product.

We attended a CrowdStrike Falcon  event where they discussed some shallow AI features, but we cannot see these in our panel yet. We work with different solutions such as Darktrace  and SocRadar, where AI features are automatically displayed in our dashboards after release. However, for CrowdStrike Falcon, we cannot see these features.

Sometimes there are minor glitches, approximately 1% of the time. The biggest issue occurred when every computer worldwide experienced a blue screen. However, they solved the problems and introduced a new feature for channel updates. This has been much more beneficial, and while human errors can occur in any product, we cannot solely blame CrowdStrike Falcon for such incidents.

The customer service is good and efficient in terms of responding. They could improve by initiating calls for high-priority cases instead of just opening tickets. When we open a support ticket, they should call to discuss what happened and listen to our concerns.

Neutral

The setup is straightforward, and most of our integration is within the package. However, for the integration part, we need to purchase additional modules from CrowdStrike Falcon. If this functionality was included as a free standalone feature within the built-in solution, it would be more market competitive. Competitors such as SentinelOne and Microsoft Defender provide this functionality out of the box without additional charges.

We have not calculated the ROI extensively, as we typically only calculate it when there is dissatisfaction. On a scale of one to ten, the ROI would be five, which translates to approximately 60%.

I am using it for endpoint protection.

The features I appreciate the most are numerous; the overall product is very good, actually.

This is an advanced tool in terms of AI which is implemented and integrated. CrowdStrike Falcon  has a ransom detection time of less than 50 seconds. Detection and taking down violations and breaches takes a minimum time of 59 seconds. Intelligence is very good, as AI is integrated with this solution. The integration capabilities in CrowdStrike Falcon  are very good.

If tomorrow is the next release of the product, new features would be helpful, but at the moment, the product is very good. Nothing specific comes to mind about what new features they can add.

For further improvements, I can only think of one example because this is very important for us; they could reduce the price. Then it would deserve a rating of seven.

We have been using it for three to four years and have not encountered any issues.

Regarding challenges or problems with the product, I haven't noticed any current drawbacks. The challenge occurred last year in July when there was some patch update failure, which caused many issues. However, we have overcome that situation.

The stability is good.

We have been using it for three to four years and have not encountered any issues. More experience with this product might come with increased usage.

The technical support from CrowdStrike Falcon is good.

I would rate the support an eight.

Positive

The installation and deployment are straightforward. It is very good and can be integrated with the management engine.

The Return On Investment saves around 30%.

The licensing cost and setup costs are affordable.

I am a computer engineer by profession.

The maintenance is automatic.

I would rate CrowdStrike Falcon as nine overall.