CrowdStrike Falcon is used for incident response.

It is very easy to hunt a threat in the organization. It keeps logs, making it very easy to investigate any kind of incident using CrowdStrike by looking at the processes that are running on a machine. There's more visibility over the endpoint through CrowdStrike.

The ability to remote into other devices for investigation and the way it presents a graphical representation of the detection, like the parent-child process, are valuable features.

The new interface, the UI, seems a bit messy. The previous one was quite clear. It might be because of my adaptation to it. That's what I see as needing improvement.

I have been using CrowdStrike Falcon for more than three years, around three and a half years.

It is quite stable. I would rate it eight or nine out of ten.

I would rate customer service and support a ten. I am very satisfied with the support.

Positive

I have used antiviruses like Symantec before. Compared to all of that, I found CrowdStrike quite striking. Even compared to Defender, I find CrowdStrike more appealing.

On the terms of investigating, I find it's quite easy to investigate an event and have a broader look at the event using CrowdStrike. I would rate the time saved around eight, nine, or even ten out of ten. Compared to Defender, it makes it faster to investigate.

I think the pricing is quite reasonable with the services they provide.

For an incident investigator, it's quite easy to use, and it provides great visibility over the processes.

I'd rate the solution ten out of ten.

It gives an overview and insights into my AD accounts. It shows if any identity, like an AD user, is compromised, has a weak password, or is logging in from an unusual system. Any anomalies.

I like the insights and detailed view of my AD structure. How protected it is, or is there any loophole or an area that needs more protection. 

Another feature I like is that it gives insights into all my domain controllers and ADCs. The configuration is also really easy.

The real-time monitoring feature is good. For example, a user account is hacked. It alerts me that it's been hacked and prompts me to look into it or have the user change their password. I can then log in to my AD, change the password, or notify the user that their account has been compromised and ask them to change their password.

AI capabilities of CrowdStrike are also good. 

When I use Identity Protection, I want the full stack, like going for XDR. If anything happens, like a laptop being compromised using a password, it gives me the entire attack flow. For example, the attack came from a particular user, like an IT admin. If their identity is hacked and they log into multiple systems, and those systems are affected, we can see those details and provide good support or recovery for customers and partners.

I'm concerned about the recent issue in July 2024. It involved a faulty content configuration update. What if another update causes the same problem again?

I have been using it for two years.

Stability, I would rate it as a seven out of ten. There are a few instances where our customers have complained about the digital signatures it uses. Sometimes, even if you create a policy, it still tends to block it. A few applications get flagged as malicious even though the customer trusts them. Even if you create an exception rule, it might still block it after a few weeks. Also, there's the recent issue we faced with CrowdStrike and Windows. So, based on that, I'd give it a seven out of ten.

There is room for improvement. They need to conduct more thorough R&D before releasing updates. I think they didn't do that this time, but it was just a one-time issue. However, what if it happens again? That's a concern.

Scalability-wise, I would give it a ten out of ten. It's simple because it's a SaaS solution. For example, this month, I have 50 users. Next month, I have 50 additional users. I just need to buy more licenses and add those systems to CrowdStrike. If I need to put them in certain groups with specific policies, that's easy too.

We work with all types of businesses, including small, medium, and enterprise businesses. Scalability is simple. I don't even need to install it on my laptop. One more good thing is that it offers an XDR view where I can add other components, like the email security solution Proofpoint. I can integrate it, so I'll get my emails and everything will be in a single pane of glass.  

We have a Technical Account Manager (TAM). We can directly call them and raise a ticket. Initially, it was a six or even a five because we had to send an email, and it would take three to four days for them to reply. Now, with the TAM, we can get issues resolved faster.

Positive

I have experience with CrowdStrike, apart from their Cloud Security offering, which is on GCP. I've worked with CrowdStrike Identity Protection, Device Control, Device Control, EDR, XDR - basically everything except their cloud solution.

The initial setup is straightforward. I don't need to install an agent in my AD, and I can get alerts from my read-only domain controller, which is also good.

I would rate my experience with the initial setup a ten out of ten, with ten being easy and one being difficult. 

It's not required to deploy on-premises. It's a SaaS solution. I just need to download the agent and install it on each of my devices, whether they're VMs or my laptop. 

One more good thing is that I don't need to be in my office network for it to keep protecting me. I can take the system home, and it will still be protected.

The deployment itself takes about a day to install everything if it's user-based. But for CrowdStrike to learn what to block and what not to block in your specific environment, it will take easily about two weeks. There will be some applications that it might consider a threat because it's a next-gen AV that uses AI. 

So, some applications the customer uses might be flagged. I can whitelist them or create a policy to allow them. That's also a very good feature of CrowdStrike. 

So, for the initial setup takes two weeks. For it to get to know your environment and work smoothly, just to install agents and set up the dashboard, policies, and all that, it takes about one day.

It offers seamless integration with the existing security infrastructure. We haven't faced any challenges because our customers use CrowdStrike only for endpoint and server security. They haven't gone to the XDR level yet. However, many other OEMs I've spoken to, like Zerto, have said that the CrowdStrike and Zerto integration is very seamless. So, if anything happens on my server end, I'll know when it happened and what the issue is from CrowdStrike. Or, for example a ransomware attack happens, I can restore from my Zerto application.

The benefit I've seen is their backend, which powers the EDR, XDR, and NGAV. It's really good because it can detect anything due to the wide range of customers they have. 

For example, one customer has a vulnerability because of a zero-day attack. All the other customers will benefit because it propagates to the cloud and analyzes if other customers are on the same version of the drivers or any other Windows patch. If they are, it will tell us that there's an issue and provide remediation steps. Many of our customers find this very helpful. It's called the CrowdStrike community.

I would rate it a seven out of ten, where one is cheap, and ten is expensive because it's a bit on the costlier side. Compared to Symantec or Trend Micro, CrowdStrike is more expensive.

Overall, I would rate the product an eight out of ten because of one recent issue that happened. 

I'm concerned about the recent issue that happened. What if another update causes the same problem again? Is it really as good as it seems? Even our customers have given very good feedback, they get more insights into what's happening, what they should do, and what remediation steps to take. So, in that way, it's very good.

I would recommend it, especially if you're going for endpoint security. I'd definitely recommend CrowdStrike first because it's more mature than SentinelOne and other EDR solutions in the APAC region.

We use the solution for end-user devices.

The reporting console is phenomenal, and I can get a lot of data out of it. The reporting capabilities are much better than anything I've used before. With CrowdStrike Falcon, we can track machines much better.

One of the things that we built and used quite regularly is a remote wipe capability within CrowdStrike Falcon. The solution should have included remote wipe capability out of the box.

If we have a compromised or stolen machine, we can quarantine it within the CrowdStrike console. However, it doesn't include a feature that enables you to remotely wipe that machine via the console. We had to build that in separately.

I have been using CrowdStrike Falcon for two years.

We haven’t faced any issues with the solution’s stability.

The solution's scalability has been amazing. We started by deploying it to 30 users, and over three months, we expanded to 5,000 users with no issues.

For technical support, I open a ticket with the MSP, and they deal with it. Our MSP is excellent at resolving support tickets.

We previously used Symantec Endpoint Protection. We switched to CrowdStrike Falcon because it was a new vendor with new technology.

The solution's initial setup was very easy because we did an SCCM push for deployment.

Our MSP did a lot of the deployment work for us. The solution was deployed by a small team in three months. It took four of us to deploy the tool to 5,000 users.

The solution's pricing is great for us.

It took us about three months to adjust to the new client and switch from a file-level scanner to an AI-based CrowdStrike scanner to see where we felt the differences. CrowdStrike Falcon is deployed on the cloud in our organization. From an end-user perspective, the solution does not require any maintenance after deployment.

New users should be prepared for unexpected alerts. CrowdStrike Falcon views things very differently than many conventional antivirus tools.

Overall, I rate the solution a nine out of ten.

Our primary use case for the product is to enhance our threat intelligence capabilities. We use it to ensure comprehensive security coverage.

The solution has significantly improved our threat detection capabilities. It has helped us identify and respond to potential threats more effectively, contributing to our security posture. There have been no notable drawbacks; the solution meets our needs and complies with local regulations.

The product's most valuable features include its global reach and extensive threat data. Its wide exposure helps gather diverse threat intelligence, crucial for effective security management.

Enhancements in reporting and forensic analysis could benefit the product. CrowdStrike could publish detailed threat reports and analyses more consistently than other providers.

I have been using CrowdStrike Falcon Threat Intelligence since early 2016.

I rate the platform's stability an eight. 

The platform is very scalable. It can effectively accommodate growing security needs, which is crucial for organizations with evolving threat landscapes.

Customer service and support vary based on the level of service. Premium support is excellent, but standard support can be less responsive.

Neutral

We previously used a different solution. We switched to CrowdStrike due to its comprehensive threat intelligence capabilities and global reach, which we found to be more effective for our needs.

The initial setup was straightforward, with the installation taking less than two hours. However, fine-tuning alerts and configuring rules required additional time and effort.

The implementation was carried out in-house.

The product has helped us detect threats that might have gone unnoticed, contributing to overall security.

The product is expensive. 

We evaluated several other options before choosing CrowdStrike. Our decision was based on the product's effectiveness and ability to meet our security requirements.

Overall, it is a robust solution that meets our security needs. However, potential users should know the cost implications and ensure the product meets their requirements.

I rate it an eight. 

We use the solution for endpoint security. We use the tool to ensure the endpoints are protected from abnormal activities, people don't run different scripts, and people don't compromise endpoints and use them to get into the network.

The solution's most valuable feature is that it is robust and can detect almost every malicious activity that occurs within the endpoint.

I would like a centralized deployment where I could roll out or push it to all endpoints.

I have been using CrowdStrike Falcon Surface for two years.

CrowdStrike Falcon Surface is a very stable solution.

CrowdStrike Falcon Surface is a very scalable solution. A lot of customers are using CrowdStrike Falcon Surface. One of our customers for the solution has 12,000 endpoints.

The solution's technical support is handled centrally by CrowdStrike, and the support was also good and knowledgeable.

I didn't deploy the solution, but I supported customers that use it. I think it took them up to six months to deploy the CrowdStrike Falcon Surface.

The solution somehow doesn't allow intrusion and minimizes fraud or cyber-attacks. Within the time we're using it, CrowdStrike Falcon Surface detected a lot of intrusion from malicious individuals. It was able to prevent a lot of insider threats where people internally will want to run some malicious scripts within the environment.

It detects those malicious attacks quickly, and we can prevent them. It minimized a lot of cyber and fraud-related activities that could have cost the bank a lot of money.

CrowdStrike Falcon Surface is a cloud-based solution. In light of the recent global IT outage that affected CrowdStrike, they should do proper change management.

Overall, I rate the solution a nine out of ten.