Well-Organized EDR Portal with Easy Navigation and Detailed Detections
What do you like best about the product?
My favorite part of the EDR platform is the platform itself. The portal is very well organized. The navigation of the dashboard is easy to follow to locate the components you are actually looking for. I also like the detection page because of the great breakdown of detailed information it provides in one window.
What do you dislike about the product?
It's a bit of a double-edged sword. I like the dashboard layout and the separation of each function, but there can be information overload sometimes. The portal itself is well organized, the data being presented can be overwhelming and hard to follow though. For this reason, the home page of the dashboard can be so valuable as you can see the most significant information cleanly instead of in the mix with so much other information. This could be more of the result of me not personally being as versed in cyber-security.
What problems is the product solving and how is that benefiting you?
It serves as just that. It's an endpoint protection tool. It allows our district to confidently monitor our issued devices. Working in schools can open the door to many threats, but the platform allows for me to see what exactly is being accessed and installed. I can perform analysis and remediate issues as they arise. Gone are the days of waiting for a teacher to report issues; I can actively see what is being performed on our laptops.
AI-Driven Protection with Setup Challenges
What do you like best about the product?
I like the lightweight agent and AI-driven threat prevention the most. The intuitive dashboards make quick incident response a breeze. The lightweight Falcon agent, which takes just 40-50 MB of disk space, deploys with minimal CPU and memory usage, ensuring no slowdown on endpoints like laptops or servers. AI-driven threat prevention uses behavioral analysis to detect and block zero-day attacks and ransomware instantly, reducing manual monitoring for IT teams and enhancing security value by preventing breaches before they escalate. CrowdStrike Falcon Endpoint Protection excels at real-time threat detection and prevention with its lightweight, cloud-native agent. It's ideal for enterprises needing robust EDR and automated response without performance issues. With AI-powered threat detection and easy deployment, it's lightweight and stops advanced attacks fast. We use it with Netskope SASE and integrate it with SIEM tools for better security and advanced threat visibility, which strengthens our endpoint protection and overall security posture.
What do you dislike about the product?
High pricing can be a barrier for smaller organizations. The advanced features have a steep learning curve, requiring training for full utilization. Integration with some legacy systems may need extra effort. CrowdStrike Falcon could improve advanced features like deeper vulnerability management and automated remediation. Integration with legacy systems can be challenging—simplifying connectors and offering better compatibility would make adoption easier. The initial setup isn’t very easy—you need an expert for proper implementation. Basic steps like installing the agent are simple, but configuring policies and advanced features requires technical expertise.
What problems is the product solving and how is that benefiting you?
CrowdStrike Falcon Endpoint Protection blocks zero-day threats and ransomware, streamlines incident response, reduces breach risks without slowing devices, and excels at real-time threat detection and prevention.
Comprehensive Threat Protection with Some Performance Hiccups
What do you like best about the product?
I like that CrowdStrike Falcon Endpoint Protection Platform provides one console for all purposes. The agent is much lighter than other competitors, which I appreciate. Additionally, the platform offers advanced real-time threat protection, which is a great feature.
What do you dislike about the product?
I find high memory and CPU utilization at times. The initial setup was challenging.
What problems is the product solving and how is that benefiting you?
I use CrowdStrike Falcon Endpoint Protection for lightweight, real-time threat detection and scanning. It discovers SOAR systems and provides a unified console, offering advanced protection.
Robust Security, But Navigation Needs Improvement
What do you like best about the product?
I like that CrowdStrike Falcon Endpoint Protection Platform shows a lot of statistics and offers a variety of ways to view these statistics. It allows me to dig down into an event to find the details I need.
What do you dislike about the product?
Some of the views are convoluted, and it's difficult to navigate around the site. I find it hard to remember how I got to a specific page with a certain layout of information.
What problems is the product solving and how is that benefiting you?
CrowdStrike Falcon Endpoint Protection Platform flags potential harmful apps, malware, and behaviors on user computers, helping me manage cybersecurity and threat protection efficiently.
Easy Setup and Smooth Performance, but Room for Improvement
What do you like best about the product?
Setting up the product is very easy and straightforward. It begins working almost immediately and generally has little impact on system performance. The cloud console is also user-friendly and, in my experience, more pleasant to use than those offered by some competitors.
What do you dislike about the product?
Being fully cloud-based has its advantages and drawbacks. The main downside is the limited functionality available when offline, which leaves endpoint agents with few options in situations like remote work locations or while traveling on airplanes. Additionally, the device control features are not as robust as I expected, especially considering the price, which is disappointing.
What problems is the product solving and how is that benefiting you?
This product offers consistent endpoint protection along with certain features for managing device fleets.
Provides effective real-time threat detection with potential for cost optimization
What is our primary use case?
We are protecting our endpoints, workstations, servers, and cloud workloads. This includes effective use of antivirus and detection and response capabilities.
I am working at Arab Open University, and we are using CrowdStrike Falcon as our security product.
What is most valuable?
The most beneficial part is the active response capability of the product. Being an EDR solution, it helps us identify attacks in real-time. The product runs in the background 24/7. The most interesting aspect is the behavior analysis functionality, which analyzes the behavior of any suspicious activity.
It identifies threats efficiently due to its built-in intelligence and AI capabilities, which has been extremely helpful for our organization.
What needs improvement?
Some features such as device control, firewall management, and file analysis are standalone products that we need to purchase separately. If these features came out of the box within the product, it would be much more beneficial for us. Other providers such as SentinelOne include these features in their base product.
We attended a CrowdStrike Falcon event where they discussed some shallow AI features, but we cannot see these in our panel yet. We work with different solutions such as Darktrace and SocRadar, where AI features are automatically displayed in our dashboards after release. However, for CrowdStrike Falcon, we cannot see these features.
For how long have I used the solution?
We have been using the solution for almost four years.
What was my experience with deployment of the solution?
It is a straightforward plug-and-play deployment.
What do I think about the stability of the solution?
Sometimes there are minor glitches, approximately 1% of the time. The biggest issue occurred when every computer worldwide experienced a blue screen. However, they solved the problems and introduced a new feature for channel updates. This has been much more beneficial, and while human errors can occur in any product, we cannot solely blame CrowdStrike Falcon for such incidents.
How are customer service and support?
The customer service is good and efficient in terms of responding. They could improve by initiating calls for high-priority cases instead of just opening tickets. When we open a support ticket, they should call to discuss what happened and listen to our concerns.
How would you rate customer service and support?
How was the initial setup?
The setup is straightforward, and most of our integration is within the package. However, for the integration part, we need to purchase additional modules from CrowdStrike Falcon. If this functionality was included as a free standalone feature within the built-in solution, it would be more market competitive. Competitors such as SentinelOne and Microsoft Defender provide this functionality out of the box without additional charges.
What was our ROI?
We have not calculated the ROI extensively, as we typically only calculate it when there is dissatisfaction. On a scale of one to ten, the ROI would be five, which translates to approximately 60%.
What's my experience with pricing, setup cost, and licensing?
The solution is a bit expensive.
Which other solutions did I evaluate?
We are using
Darktrace as an email security solution, not as an EDR.
What other advice do I have?
I would rate CrowdStrike Falcon a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Very good experience. Next level generation.
What do you like best about the product?
Ease of deployment, high detection rates.
What do you dislike about the product?
cost. depedency, complexity for beginners.
What problems is the product solving and how is that benefiting you?
Endpoints security and ransoware protection.
Prevent privilege escalation with highest credentials but have issues with updates
What is our primary use case?
We use the solution for Windows and non-Windows infrastructure. We have Falcon clients on all our machines.
How has it helped my organization?
We integrate with CyberArk, which includes DNA reporting, particularly for identifying old and ticket-based attacks. We’ve implemented this integration to receive risk-based scoring. Our strategy focuses on preventing privilege escalation, as our last major incident, NotPetya, resulted from this vulnerability. To address this, we’ve implemented measures through CyberArk and CrowdStrike.
What is most valuable?
When we encounter phishing attacks via email, we sandbox any reported items. Whenever a suspicious email is reported, we conduct sandboxing in CrowdStrike and block emails, domains, and IPs based on the resulting threat intelligence.
The most critical aspect is preventing privilege escalation, particularly for domain admins with the highest credentials. With our integration of CyberArk, passwords are never transmitted to the endpoint. Instead, a secure RDP file is created, and Falcon is used to prevent privilege escalation attempts.
What needs improvement?
As customers, we always update our systems whenever a new release is available, with clients connecting directly to the Internet for these updates. We have an agent who manages these updates on the clients, but as an organization, we don’t have control over them. CrowdStrike should assess the impact on endpoints before releasing such updates.
Our organization now seeks AI-based stock monitoring to prioritize thousands of alerts generated across various platforms. The AI integration is still in its early stages, so we would like to see Falcon develop tools that can integrate with multiple platforms and help identify the highest-priority alerts.
For how long have I used the solution?
I have been using CrowdStrike Falcon Threat Intelligence since 2017. We are using the latest version of the solution.
What do I think about the stability of the solution?
I rate the solution’s stability a nine out of ten.
What do I think about the scalability of the solution?
The integration part is very good. CrowdStrike collaborates with most security vendors, so it's very easy to get one platform for our risk factors across the enterprise.
40 thousand devices are using this solution. We get many alerts from Falcon, sometimes from end users and sometimes from Internet-facing servers.
I rate the solution's scalability a nine out of ten.
How are customer service and support?
We struggle to get specialized resources from CrowdStrike in a few cases.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
CrowdStrike Falcon Black is an on-premise solution that was very complicated, so we faced performance issues. The main reason for the switch is the performance issues reported by multiple application owners.
How was the initial setup?
Initially, we faced many challenges because we had to open ports from each of our subnets to Falcon, as it’s a SaaS solution. Each client needs to communicate with Falcon servers for threat intelligence. Due to the complexity of our network, we had to carefully consider all security aspects when opening the external communication ports to Falcon.
It took 25 to 30 days to deploy it completely.
We began with our Tier 0 servers, which had the most critical and highest privileges. After securing those, we moved on to Tier 1 and Tier 2 as we continued deployment. Our approach was to first address the highest risk factors across the enterprise and then gradually move on to securing endpoints like user desktops and laptops.
I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.
What about the implementation team?
We took professional services from CrowdStrike, so it was done in-house with only two people: one from the execution team and one from the cybersecurity team.
What was our ROI?
When we track the annual priority cases, especially the security incidents, we have made many improvements. That is ROI in terms of tracking security incidents.
What's my experience with pricing, setup cost, and licensing?
I rate the product’s pricing a six out of ten, where one is cheap and ten is expensive.
What other advice do I have?
Most customer requirements focus on email security, so we’ve implemented Mimecast. CrowdStrike Falcon integrates with Mimecast, allowing us to provide advanced security beyond Office 365’s capabilities. With DMARC in place, Falcon helps us identify domains that pose a risk to the organization.
I advise you to look for customer feedback, and then they should also look for Gartner and other industry leaders so you get the ranking.
Overall, I rate the solution a seven out of ten.
Helps protect against malware and the maintenance is straightforward, but there are a lot of false positives
What is our primary use case?
Our organization relies on CrowdStrike, a standalone endpoint security solution, to safeguard our bare-metal machines. CrowdStrike continuously monitors for threats on all endpoints. If it detects any suspicious activity, such as malware or malicious processes, it immediately alerts us for investigation.
What is most valuable?
The malware protection is the most valuable feature of CrowdStrike Falcon.
What needs improvement?
The current database schema presents challenges and has potential for improvement.
The technical support response time can be improved.
There are a lot of false positives reported.
For how long have I used the solution?
I have been using CrowdStrike Falcon for almost four years.
What do I think about the stability of the solution?
CrowdStrike Falcon is stable.
What do I think about the scalability of the solution?
CrowdStrike Falcon is scalable.
How are customer service and support?
The technical support is good but the response time can be improved.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously used VMware Carbon Black Endpoint. CrowdStrike Falcon is more of an EDR solution.
What other advice do I have?
I would rate CrowdStrike Falcon a seven out of ten.
The maintenance is straightforward.
CrowdStrike Falcon is deployed independently in our environment and we have 30 users.
While CrowdStrike Falcon offers valuable security tools for larger organizations with extensive infrastructure, its complexity might not be ideal for smaller businesses with limited IT resources.
great for detection of PUP and malware and minor issue.
What do you like best about the product?
OOTB the product is great for detection and prevention of mallwares and PUP. Comes with a lot of dashboards as well.
What do you dislike about the product?
Still missing some customation of specfic features and its hard to forward logs to 3rd party solution.
a lof of changes are occring which makes pages changed thier name quite frequently
What problems is the product solving and how is that benefiting you?
allows great visibility into endpoints with ability to response live to alerts.
