Our organization still uses Infoblox, and my role is a little bit different now. I am conducting the POC of new solutions, which we have to deploy in our infrastructure. I evaluate the new products, and then if we purchase them, we deploy them.
External reviews
340 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Improvements needed in threat prevention and support, yet effective real-time response offers visibility
What is our primary use case?
What is most valuable?
EDR is effective in CrowdStrike. Real-time response (RTR) is a feature of EDR. CrowdStrike provides a lot of visibility in their tool. CrowdStrike is from the EDR point of view. It is a good tool, and we have rolled it out in our infrastructure.
What needs improvement?
The KDR solution is immature. They do not have much preemption in ITDR. Threat prevention should be their first priority, and false positive reductions are needed. They should improve their support as well. Response resolution time is too high.
For how long have I used the solution?
I have a little bit of experience with Infoblox. I do not have too much experience with it. Recently, we deployed CrowdStrike, media, and SVR. We purchased CrowdStrike around one and a half years ago, and now we have completely rolled it out in our infrastructure.
How are customer service and support?
Response resolution time is too high.
How would you rate customer service and support?
Neutral
How was the initial setup?
Implementation was comprehensive. It took around seven to eight months.
What about the implementation team?
Overall, seven to eight people from different teams were involved.
Which other solutions did I evaluate?
SentinelOne and Palo Alto were looked into.
What other advice do I have?
Support is an area that needs attention. Overall, EDR is fine. ITDR is not mature, and other tools are also not mature. If we talk about SIEM and cloud security, those are also not mature. I would rate it five out of ten.
Detects anomalies and helps with fast threat identification and response
What is our primary use case?
We are using it for endpoint protection, as well as for cloud security coverage. It includes monitoring all our critical servers and endpoint devices. We also design workflows for anomaly behavior detection using machine learning techniques for anything malicious or abnormal. We monitor everything suspicious. We either design the workflows or use CrowdStrike to monitor any new detections and anomaly behaviors, as well as do vulnerability management.
How has it helped my organization?
The best benefit of CrowdStrike Falcon is 99% MITRE coverage. It detects suspicious or undetected activities on the system and provides protection for zero-day vulnerabilities. If there is a sudden rise in CPU consumption or abnormal storage use, it helps us by creating a ticket, allowing us to investigate any abnormal behavior present. We can look into the machine and investigate. It reduces the false negatives common with other technologies.
The real-time response helps with MTTR. We achieve faster detection and response times.
It helped prevent breaches. In the past, there was abnormal consumption of RAM along with CPU on a server. It also started communicating with other subnets. CrowdStrike Falcon triggered an alert. We did our investigation and found that we had ransomware. We successfully mitigated it.
What is most valuable?
The machine learning behavior for anomaly detection is a valuable feature. It helps identify any suspicious or unusual activities within the system.
Furthermore, it has impressive MITRE coverage.
What needs improvement?
Deployment in cloud environments is challenging. Another concern is CrowdStrike's GUI. It changes annually, making it hard to work and find options. After a year, options change or integrate with something else, which is challenging for me as it requires relearning. It is time-consuming.
For how long have I used the solution?
I started working on CrowdStrike in 2018.
What do I think about the stability of the solution?
We are following N-1 versions across our environment, which is stable. Due to our requirements, we never switch to the N version; we always stick to N-1 and never face anything abnormal while using it.
What do I think about the scalability of the solution?
It has proven to be a good technology for me. It has adequate coverage and is easy to deploy. Its scalability is good.
It is deployed across the globe.
How are customer service and support?
I would rate them a seven out of ten. They take a lot of time to come back to us.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have used SentinelOne as well. SentinelOne was similar but had major challenges with workflow implementation. Workflow implementation is far easier in CrowdStrike compared to SentinelOne.
How was the initial setup?
We have it in the on-premises environment and cloud environments. For endpoint hosts, it is very easy, but in the cloud environment, there are challenges, especially if we have AWS technologies with Lambda functions, which are serverless.
My implementation strategy was simple. I segregated servers based on criticality, then network, and finally OS level. Anything critical was based on my CMDB asset configuration. Following criticality was the network, determining internal versus public-facing. The last segmentation was on OS configuration. These three categorizations were primarily used in deploying agents across our environment.
In terms of maintenance, there are patches or version upgrades.
What about the implementation team?
We had a group of five people, which was enough to manage this.
What was our ROI?
It is worth the money.
What's my experience with pricing, setup cost, and licensing?
It is expensive compared to SentinelOne, but as the market leader, it is worth it.
What other advice do I have?
I would rate CrowdStrike Falcon an eight out of ten. They have some challenges with the cloud environment, which is a major drawback, especially with the serverless aspect. Their GUI also causes issues with regular changes.
If anyone has worked with CrowdStrike, they would promote it. However, cloud security presents challenges. Moving from physical to cloud environments is difficult. I have raised 7-8 tickets to resolve cloud issues, especially with AWS.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Enables direct remote investigations with comprehensive analysis features
What is our primary use case?
I am currently using CrowdStrike Falcon as an EDR, which is integrated with SIEM. We also work in a real-time environment with the product. As a Falconist, I perform investigation actions on it. There are three different kinds of alerts I deal with: one based purely on IOCs, another process-oriented IOA, and those based on machine learning alerts. This is what I work on, and it is actually a good tool. It has multiple features, including real-time connection to the RTR environment, allowing direct remote host connection through CrowdStrike. I have multiple options like host search and event search, enabling me to do everything I need. It's a comprehensive package. It's a challenging tool to explore, but once accustomed to it, it is quite excellent.
What is most valuable?
Obviously, when checking in the SIEM, not all logs are available. In CrowdStrike, unlike SIEM, actions are clearly defined. For example, a regular AV like Symantec might indicate a file was quarantined or failed to quarantine, but in CrowdStrike, I can verify the action. As an incident response analyst, I can use CrowdStrike to perform actions like directly wiping a file from a host if given access. I can investigate by accessing the customer's host based on the RTR environment and utilize host search to know details for the past seven days, including logins, processes, file installations, malicious processes, and network connections. Event search also allows for detailed investigations, showing accessed files and remote installations.
What needs improvement?
In CrowdStrike, with the variety of security tools available, learning the different query languages can be challenging. I use KQL queries with Sentinel and AQL with QRadar, and CrowdStrike's query language is different as well. This requires constant learning for security analysts. Simplifying the querying process, such as using double quote queries or directly obtaining logs based on IP addresses or usernames, would be beneficial. The event search tab in CrowdStrike is complex, though the host search is more straightforward and gets details from the past week. The querying system, similar to Splunk, could be made more user-friendly.
For how long have I used the solution?
I have been using it for the past two years.
What do I think about the stability of the solution?
The stability is always great. I have never seen instability in the CrowdStrike tool.
What do I think about the scalability of the solution?
When it comes to scalability, it is entirely based on premium models according to demand. Our log retention is low, but paying more increases it. Scalability is moderate, based on the charges paid to the CrowdStrike product service team. Offering good services, like better log retention at a lower price, would be excellent.
How are customer service and support?
The CrowdStrike team is very efficient; I would rate them ten out of ten. They respond quickly when it comes to providing services.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have worked on Symantec ATP, advanced threat protection, but it is a legacy product. Many companies have moved away from Symantec, and they use legacy antivirus solutions. The integration with Symantec ATP was tough, and event or host searches were based entirely on raw logs.
How was the initial setup?
The current setup is easy, but it could be more natural and make drill-down searches simpler. With advancements in AI, integration could streamline responses further, but there is still room for making the process easier.
What about the implementation team?
The integration task should be done by engineers. I'm interested in the process and have learned something about integration, but we have not fully explored all integration aspects.
What other advice do I have?
CrowdStrike is a great solution. It's a hands-on tool. I have not seen other EDRs like it. Compared to Carbon Black, which is much more difficult with a different UI, CrowdStrike allows direct, detailed investigation with a PID generated for each process. It offers unique abilities not seen in other EDRs. Overall product rating: nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Smarter, Faster Protection with CrowdStrike.
What do you like best about the product?
What I like best about CrowdStrike Falcon is how lightweight it is. It keeps our devices secure without slowing them down, and I barely notice it's even running.
What do you dislike about the product?
One thing I don’t love about CrowdStrike Falcon is that it can be a bit pricey compared to other options. But, we do get solid protection for the cost.
What problems is the product solving and how is that benefiting you?
CrowdStrike Falcon is solving the headache of keeping our devices safe from new threats. It runs in the background, stays up-to-date, and just works no fuss and no interruptions.
Good performance and protection during any malware are detected during any implementation.
What do you like best about the product?
Easy for useage and implementation. Strength that I like most during sensor stuck, we require token from console, we can retrieve the token and execute on command prompt. If any system is stuck with an old version and if we are not able to uninstall it, then the team guides us in other ways within the guidelines is good support we are getting. If we knowingly or unknowingly install other third-party applications, if it harmful this antivirus detects and gives some information that this application is harmful. It has good features and performs smoothly.
What do you dislike about the product?
During the uninstallation of CrowdStrike we are facing some issues, on the host management console maintenance token is not accepted when the host is disconnected. Again, we need to go to the CS API console and then execute the commands to get the specified token then it is getting uninstalled. Mostly on server time taking to uninstall and upgrade the sensor.
What problems is the product solving and how is that benefiting you?
I am glad to have this CrowdStrike application in my organization. I have been working on this application since 1.5years, seen many operations on endpoint systems through the policy it is installed. As we work on detections and incidents on priority to close and navigation totally understandable to work exact category. We have multiple servers in multiple locations across India that are communicating with CS that are working it and fine, if facing any issues will TAC with Falcon team address and they will provide good support to us until we fix the issue. Overall, a good experience, recommended application with circle members.
Leaders on what they do
What do you like best about the product?
Very good FP ratio. Support is great. Very easy to use
What do you dislike about the product?
Sometimes it tends to work as a black box
What problems is the product solving and how is that benefiting you?
it works great to have all your devices protected and with a very low ratio of FPs
one of the best endpoint protection
What do you like best about the product?
the ability to auto remediate and quarantine malwares not only based on signatures but also based on behaviour of the files and websites with the help of AI/ML that is deep learning capabilities. this will protect us fom zero day attacks too which is very essential
What do you dislike about the product?
Dashboard and analytics could have been much more appealing for the analysts.
What problems is the product solving and how is that benefiting you?
It helps me in proactive threat hunting basically to detetct and response to the endpoints which are malware infected in a quicker manner without disturbing the user since all the activies can be run in the background.
Best EDR Platform
What do you like best about the product?
Works quickly, detects almost everything, gives a good indication of the network status and security level in the organization
What do you dislike about the product?
Lots of screens to manage, hard to reach every feature, need to understand computers at a high level to work with the control panel
What problems is the product solving and how is that benefiting you?
Helps identify and maintain remote workstations while external vendors are working on them
CrowdStrike: Best NextGen Endpoint Security
What do you like best about the product?
This is NextGen Antivirus/EPP. It operates on the basis of AI and ML, distinguishing it from other EPP Platforms.
It is straightforward to install and has a file size of less than 150mb.
It supports Windows, Linux distributions, MAC, and even Android.
Customer service is really responsive and helpfull.
It is straightforward to install and has a file size of less than 150mb.
It supports Windows, Linux distributions, MAC, and even Android.
Customer service is really responsive and helpfull.
What do you dislike about the product?
It sometimes generates false positive alerts because it is built on AI-ML and works on process behaviour.
What problems is the product solving and how is that benefiting you?
CrowdStrike Falcon Endpoint Protection Platform is a unified console for endpoint protection and endpoint management.
It provides various features like,
1. Securing and managing endpoint devices like Computers, Laptops, Servers, Cloud Environments and Mobile devices as well.
2. It also feature like Next-Gen SIEM, to monitor logs of files and processes.
3. The Cloud Security protects cloud server, containers and images too. Supoorts AWS, Azure and GCP too.
4. CS Falcon platform provides various features like Identity Protection, Exposure Management, FileVantage, Data Protection (DLP) and muc more...
Overall, this is unfied console for all your endpoint protection and managing needs.
It provides various features like,
1. Securing and managing endpoint devices like Computers, Laptops, Servers, Cloud Environments and Mobile devices as well.
2. It also feature like Next-Gen SIEM, to monitor logs of files and processes.
3. The Cloud Security protects cloud server, containers and images too. Supoorts AWS, Azure and GCP too.
4. CS Falcon platform provides various features like Identity Protection, Exposure Management, FileVantage, Data Protection (DLP) and muc more...
Overall, this is unfied console for all your endpoint protection and managing needs.
Very good experience. Next level generation.
What do you like best about the product?
Ease of deployment, high detection rates.
What do you dislike about the product?
cost. depedency, complexity for beginners.
What problems is the product solving and how is that benefiting you?
Endpoints security and ransoware protection.
showing 21 - 30