We use Falcon as a cloud-based security platform.

Falcon is a cloud-based technology, so its resource usage is light. You deploy the agents to your endpoints, but the processing is done on the cloud, so your CPU utilization is only about 2 percent. Some other solutions use between 30 to 60 percent. 

CrowdStrike has some of the best threat detection capabilities you can get. It's a market leader.

Customers would benefit if CrowdStrike adopted some of SentinelOne's technologies.

I have used Falcon for two years.

I rate Crowdstrike 10 out of 10 for stability.

CrowdStrike Falcon is 100 percent scalable. I've had no issues.

I rate CrowdStrike support eight out of 10.

CrowdStrike Falcon is very expensive.

I rate CrowdStrike Falcon Cloud Security eight out of 10. If you're looking for something more advanced than traditional antivirus, I recommend CrowdStrike. It's more adaptable and stable. Falcon is one of the best solutions on the market. 

We use CrowdStrike Falcon Cloud Security to manage our clients' cloud environments. It provides us with a unified view of all their cloud configurations, across different cloud providers. This allows us to identify security weaknesses, improve their overall security posture, and ultimately limit potential attacks on their systems.

Our CrowdStrike Falcon Cloud Security deployments vary, with some clients utilizing hybrid models, but the majority leverage private clouds hosted on AWS and Azure.

The most valuable features of CrowdStrike Falcon Cloud Security are Cloud Security Posture Management and Cloud Workload Protection, offering more visibility and protection across our cloud environment.

CrowdStrike Falcon Cloud Security should function as a standalone solution, offering Cloud Security Posture Management, Cloud Infrastructure Entitlement Management, and Cloud Workload Protection capabilities without requiring integration with additional Assurance, Detection, and Response solutions. This would allow clients to implement Falcon Cloud Security independently within their systems, eliminating the need for integrations.

The CrowdStrike partner portal documentation could be improved to provide proper instructions for integrating their products. Currently, the documentation lacks step-by-step details, forcing users to seek assistance from OEM partners. Fortunately, the integration process itself is straightforward.

I have been using CrowdStrike Falcon Cloud Security for two months.

In the short time I have been using CrowdStrike Falcon Cloud Security it has been stable.

I would rate the scalability of CrowdStrike Falcon Cloud Security eight out of ten.

The technical support is good. We access through our OEM partner whenever support is required.

Positive

After finding that Palo Alto Prisma Cloud's market value seemed to be declining and customer interest in its features waned, we transitioned to CrowdStrike, because it holds a strong market presence in India.

As a CrowdStrike partner, we're currently conducting a review of the Falcon Cloud platform. Following this internal evaluation, we plan to deploy it for one of our largest clients in India, and we're actively preparing for a successful implementation.

The initial deployment is straightforward.

I would rate CrowdStrike Falcon Cloud Security seven out of ten.

CrowdStrike Falcon Cloud Security is deployed in multiple locations in multiple regions and offices in India. Each office has its own cloud systems that reside in its region.

I recommend CrowdStrike Falcon Cloud Security to others.

CrowdStrike Falcon Cloud Security offers a robust and secure solution, backed by a reliable support system to ensure your cloud environment is well-protected.

We use Falcon to protect endpoints, including the on-premise systems and cloud environment. 

CrowdStrike protects us from vulnerabilities and threats while mitigating the risk. The security integration is quite good, but we had a few issues integrating with some of our client's endpoints. They wanted us to monitor some of their medical devices, such as MRIs, in case anyone attempted to attack through them. 

It's easy to gather insights and conduct analysis about existing threats. Threat hunting enables you to track on-prem services, and the real-time response capability improves threat and risk analysis. 

The threat intelligence and user behavioral analysis could be more comprehensive. 

I have used CrowdStrike Falcon for 3 years.

I rate CrowdStrike Falcon 6 out of 10 for stability. 

I rate CrowdStrike Falcon 7 out of 10 for scalability.

I rate CrowdStrike support 8 out of 10. We've had a good experience with them. They're helpful and always respond quickly. 

Positive

I've worked with Microsoft Defender. I'm more familiar with that. 

I don't have hands-on experience with the deployment. My team deployed it. The deployment time varies, and we do it in batches. It involves many tasks, and it can take weeks. After deployment, it requires regular patching. 

You can't get a fixed price for these tools. If you subscribe to something and need to deploy it to another team, the price goes up. It's the same with Microsoft Defender. I'm not responsible for the budget, but I think it's cost-effective for providing detection and response for an entire organization. 

I rate CrowdStrike Falcon Cloud Security 8 out of 10.

We use CrowdStrike Falcon Cloud Security for our client's endpoint security in the manufacturing, banking, and IT industries.   

CrowdStrike Falcon Cloud Security has helped improve our security operations. When facing signatureless attacks, CrowdStrike's EDR solution, which also incorporates SOAR capabilities, can prevent attacks in real-time. The SOAR engine detects malicious activity and suspicious file or transaction behavior on the network. Based on this detection, CrowdStrike proactively prevents these attacks. Additionally, features like Spotlight, a valuable tool for vulnerability management, provide remediation actions. Spotlight identifies the specific patches or knowledge base (KB) articles needed to mitigate these types of attacks.

To experience the full value of CrowdStrike Falcon Cloud Security, we recommend deploying the Falcon Agent on at least 500 systems and monitoring their activity for 15 days to a month. This deployment will provide comprehensive visibility into whether CrowdStrike can detect suspicious activity that might be missed by other third-party antivirus solutions and firewalls.

The CrowdStrike platform boasts a wide range of features while remaining exceptionally lightweight. Compared to traditional antivirus software, its impact on system resources is minimal. In terms of specific figures, CPU utilization typically ranges from one to two percent, while memory usage falls between 12 and 15 MB. This translates to a very small footprint on our system.

CrowdStrike utilizes signatureless technology, eliminating the need for regular signature updates on endpoint systems. It provides protection based on processes and activity behavior observed on the endpoint. The platform collects raw telemetry data from the endpoint and leverages it to proactively offer prevention and EDR capabilities. This approach offers multiple benefits, including eliminating the need for manual scans and providing broader protection against both known and unknown threats.

Due to the time zone difference, we in India experience delays in accessing immediate support for L2 and production-related issues until engineers become available in their respective time zones.

The CrowdStrike dashboard currently lacks a username field. This creates a gap for customers who manage multiple systems under a single username, making it difficult to identify individual systems based on username alone. Adding a dedicated username column to the dashboard would greatly improve its functionality in this regard.

I have been using CrowdStrike Falcon Cloud Security for five years.

I would rate the stability of CrowdStrike Falcon Cloud Security ten out of ten. We have not received any complaints from our multiple customers related to stability.

I would rate the scalability of CrowdStrike Falcon Cloud Security ten out of ten.

While there may be delays due to time zones, the technical support itself is good.

Positive

In collaboration with a security partner, we work with several other OEMs, including Symantec, McAfee, and Trend Micro.

The initial deployment is straightforward.

We utilize several third-party deployment tools for our installations, including Microsoft GPO, SCCM, and solutions offered by other market OEMs. These tools allow us to deploy the CrowdStrike Falcon Agent across all endpoints. Before deployment, we confirm the absence of any existing antivirus software. If the customer is already employing legacy antivirus solutions, we typically configure Falcon prevention policies to operate in "monitor mode." This means Falcon will monitor for threats without actively interfering with the existing antivirus. We refrain from uninstalling the legacy software until it becomes necessary. Once uninstalled, the Falcon prevention mode is switched to "aggressive mode," enabling it to function as the primary antivirus on the endpoint. This approach ensures a smooth transition while safeguarding endpoint security.

I would rate CrowdStrike Falcon Cloud Security ten out of ten.

CrowdStrike Falcon Cloud Security is deployed in multiple locations and departments.

No maintenance is required.

CrowdStrike Falcon Cloud Security offers flexible integration with various third-party security products, including SIEM and proxy solutions. This capability significantly enhances our organization's overall security posture by facilitating seamless integration with existing tools via its robust API functionality.

Many different types of data flow into our organization from various sources, each serving different purposes and reaching different departments. For security reasons, we've opted for CrowdStrike Falcon, and it has proven to be highly effective. It consistently detects and removes unwanted viruses and miscellaneous threats from our network and systems. Additionally, we've deployed it on our servers, where it continues to provide robust protection against malware.

It's been employed within our organization to detect and respond to threats in our cloud workload. Upon detection of any issues on a machine, we promptly receive notifications or can view details on the portal, confirming which machines are affected. Additionally, it offers a plethora of features such as investigative tools and deep information sandboxing, enhancing our ability to address security concerns effectively.

Cloud-native threat intelligence is invaluable to me. The information provided is easily accessible through a dedicated tab, offering a wealth of valuable insights and recommendations. This includes various implementations and suggestions for enhancing security measures. Additionally, there's the option for sandboxing, which proves useful on occasion.

Our security operations have greatly benefited from the real-time response capabilities. Upon verification, potentially harmful downloads are promptly blocked and removed automatically. We have several dialer configurations, including medium, moderated, high, and low, with automated settings deployed across most machines. For servers, I opt for a moderated configuration, considering the occasional lack of generated signatures when deploying new software.

Our results clearly show the impact on our incident response time. Whenever an incident occurs, we receive comprehensive information promptly. Sometimes, we even receive emails providing updates and recommendations on how to address the situation effectively.

The most significant benefit is how quickly malware and other malicious attacks are detected. I've extensively tested it on my machine and server by simply double-clicking various files. In many cases, the detection is immediate, preventing the file from running and displaying a message indicating that it contains malware. Additionally, when downloading files for testing purposes, especially from third-party sources, CrowdStrike Falcon often detects potential threats instantly and sometimes even removes them automatically.

The only challenge lies in token verification. Generating the token is crucial, and if it doesn't match, it causes problems. However, this issue mainly arises when new users or inexperienced administrators are involved. They may inadvertently remove the token and struggle with the installation process. Initially, there were some challenges with the portal's user-friendliness, particularly when generating reports, but these issues have since been addressed.

I have been using it for four years now.

It's highly stable with no reported issues. I would rate it ten out of ten.

It provides excellent scalability capabilities. I would rate it nine out of ten.

In my previous role at a different company, I managed Symantec Endpoint Protection hosted on local servers rather than in the cloud. We encountered issues related to the HES file and their engines, as they only added virus definitions without making significant changes to their main framework or engine.

The initial setup is straightforward, especially for experienced users who find it easy to handle. However, for newcomers with only a month or two of experience, there might be a learning curve as they familiarize themselves with the process.

Implementing the tool itself poses no issues. I've successfully created the GPO and installed it without any problems.

We've deployed it using two different methods. First, I established a Group Policy Object to deploy it, and second, we utilized Intune. Following deployment, the machines are promptly visible on the portal. However, configuring additional settings is not a one-day task; it requires understanding user requirements and preferences. The complexity of the setup depends on the level of detail and customization desired.

Initially, I deployed the solution on ten testing machines, comprising both servers and local devices. It took approximately two days to configure and fine-tune the setup before finalizing it for deployment across the organization. As the sole manager responsible for both security and system management, I oversaw the entire process. With multiple branches across different locations, totaling eighteen, efficiency was crucial. One notable advantage is the small footprint of the endpoint engine, typically ranging from forty to seventy megabytes, ensuring minimal bandwidth and resource consumption compared to other antivirus solutions. Maintenance is minimal. I typically monitor the machines to ensure they remain active. If a machine has been inactive for more than ten days, it's flagged and moved to a separate section on the portal for review.

We've observed a positive return on investment. Additionally, we utilize Microsoft Defender Endpoint with our Microsoft Elastic 365 license. Despite having multiple options, it's noteworthy that the CrowdStrike Falcon solution often detects threats before Microsoft Defender.

The pricing is reasonable, neither overly expensive nor excessively cheap, making it competitive compared to other market options. The best aspect is that there's a single price for all types of endpoints. There's no need to purchase separate licenses for servers and Windows systems.

I would recommend it, particularly for its robust reporting capabilities, which provide access to a wealth of data. Additionally, the automatic updates feature ensures that the software stays current without requiring manual intervention. This eliminates the need to manually update each machine, as the updates are deployed automatically whenever a new version is available. Overall, I would rate it nine out of ten.

I am a cybersecurity analyst, responsible for conducting log and user activity analysis, managing and escalating support tickets, and overseeing performance monitoring, phishing analysis, and incident response for the company's systems. We use CrowdStrike Falcon Cloud Security as our primary security tool.

We implemented CrowdStrike Falcon Cloud Security as our EDR, to instantly mitigate any potential threats to our IT infrastructure.

Every month, CrowdStrike provides us with training on new features and how to use them effectively. This helps my team and me improve our security skills.

The immediate mitigation of potential threats and instant alerts are valuable. 

CrowdStrike Falcon Cloud Security is expensive.

I have been using CrowdStrike Falcon Cloud Security for over three years.

I have not experienced stability issues in the time I have been using CrowdStrike Falcon Cloud Security.

I would rate the scalability of CrowdStrike Falcon Cloud Security a nine out of ten.

I have contacted technical support many times and they are always quick to respond and resolve my issues.

Positive

Previously, we relied on IBM QRadar for our security needs. However, we transitioned to CrowdStrike Falcon Cloud Security to achieve greater security capabilities and cost efficiency.

We used an integrator for the implementation.

As EDR solutions represent organizations' last line of defense against intrusions, CrowdStrike Falcon Cloud Security has been a worthwhile investment.

CrowdStrike Falcon Cloud Security is pricy.

I would rate CrowdStrike Falcon Cloud Security a nine out of ten.

I recommend CrowdStrike Falcon Cloud Security as a robust and effective EDR solution. 

CrowdStrike Falcon serves as our go-to tool for endpoint detection and response. We often leverage scripts to implement actions such as blocking and isolating specific machines. These scripts help us pinpoint and flag machines within the system that require investigation. Our focus involves delving into logs, scrutinizing identities, and ensuring a secure cloud posture through effective cloud posture management.

The primary focus lies in the swift and effective response to potential threats. CrowdStrike's Remote Threat Response feature allows remote access to machines under investigation, provided they are online. This capability significantly aids in expediting the investigative process. Additionally, the tool supports threat hunting within the Falcon framework. An aspect worth noting is the tool's proficiency in making correlations within internal data, including both machine and user logs.

The RTR feature stands out as particularly valuable to me due to its capability to log into machines. Whether it's a Linux machine, allowing me to execute native Linux commands, or a Windows machine, where I can use PowerShell commands, it empowers me to seamlessly proceed with my investigations. This flexibility is a key factor that enhances the overall effectiveness of my work.

I tend to focus more on the forensic aspects, believing there's potential for additional improvements in that area. I've noted that CrowdStrike recently introduced a new feature in their latest update, aimed at enhancing forensic capabilities. Incorporating threat intelligence into the system would be a valuable addition.

I have been working with it for two months.

The stability of the platform has been consistently reliable, with no instances of downtime or issues encountered during installations. The process has been remarkably smooth, and I have not encountered any problems so far.

The scalability is quite impressive. With thousands of endpoints in our environment, we can effortlessly deploy additional agents on any new endpoint integrated into our system.

Regarding technical support, the response time typically takes a few hours. The speed of response may be influenced by the specific licensing arrangements in place. I would rate it seven out of ten.

Neutral

In my previous role, we predominantly relied on Azure solutions. Microsoft Advanced Threat Protection, encompassing Defender for Endpoint, Sentinel for Identity, and Security for Cloud Apps, constituted the core components of our security arsenal.

The deployment spans various locations and departments, encompassing all our endpoints. This includes multiple nationwide locations and extends to different continents. Maintenance is not a significant requirement. While we do make occasional updates to rules, our Security Management service takes care of this aspect. Updates, including new rules, are automatically implemented during the update process. Duplicative rules are removed in the course of these updates. Although we have some custom rules, the entire process is managed as part of a service, ensuring seamless and well-controlled cycles.

I have a stronger inclination towards Microsoft ATP. However, since joining this company just three months ago, CrowdStrike Falcon has become a part of my toolkit.

The user interface designs are highly user-friendly with some interesting settings. I would wholeheartedly recommend it to anyone not specifically seeking a source solution but rather a comprehensive Security Orchestration, Automation, and Response platform. The flexibility it offers to analysts is noteworthy, especially when utilizing the RTR feature. This allows seamless remote access to computers, where analysts can execute commands natively without disrupting user activities. It provides a valuable capability for conducting investigations discreetly and efficiently. Overall, I would rate it eight out of ten.

We use it for EDR as well as cloud security posture management. We also use file integrity and vulnerability management.

By implementing CrowdStrike Falcon Cloud Security, we wanted a 360-degree view of the security landscape of our enterprise. We wanted the complete view in one single dashboard, and our requirement was almost met with this solution.

We gained a lot of control and visibility into our cloud infrastructure using CrowdStrike Falcon Cloud Security. Within 30 days of deployment, we started seeing its value.

Cloud security posture management (CSPM) is most valuable.

There should be cloud storage scanning. We would like to have cloud storage vulnerability and threat management on any cloud storage.

I have been using this solution for three years.

It is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

In terms of our environment, we have multiple sites, multiple delivery centers, and multiple clouds. CrowdStrike Falcon Cloud Security is covering all aspects.

We had McAfee, and we replaced McAfee with CrowdStrike because of the features such as EDR. We got multiple security features from a single vendor.

It is deployed on the public cloud. We use AWS and Azure.

Its initial setup was straightforward. Its implementation took about 15 days.

We did the agent installation on a test bed or less critical devices. We monitored the performance, and we monitored the data coming into CrowdStrike from those deployments. Once we were satisfied, we followed a phased approach. Phase by phase, we covered all our resources under the CrowdStrike umbrella.

We implemented it in-house. We had two senior engineers involved.

In terms of maintenance, it does not require any maintenance from our side.

It is worth the money.

Its price is moderate.

I would recommend trying its features, evaluating it, and seeing if it fits your requirements. Only then proceed with the purchase. 

I would rate CrowdStrike Falcon Cloud Security a ten out of ten. It is good.

We took this solution just for security purposes. We do not want someone to attack us, get into our environment, and get sensitive customer data.

It is good for security. We have a Palo Alto firewall, and we implemented CrowdStrike as an add-on feature. 

Cloud security is one valuable feature. Spotlight is the other one. There is also vulnerability management and a couple of more features.

The console and the customer service are quite bad. We paid a big amount of dollars to them to implement it. We paid them for premium support. 

It gets the work done, but the main problem with the solution is that if you remediate anything, it takes 45 days for you to get any of the features displayed on the dashboard. This is the real weakness of CrowdStrike. Their customer support is also not ready to help with it. If you remediate any cloud vulnerability that they are giving you, such as removing a host from your organization, it takes around 45 days for them to remove it from their console.

It has been around a year since I onboarded it in my company and have been using it.

It is stable.

It is scalable, but it depends on the organization's structure and how vast the environment is. Our environment is not that big, so scalability is okay. It is just that you need to deploy the sensors on the hosts.

I would rate their support a five out of ten because they do not respond. We have taken premium support with them. If we raise a case with them, it takes around two to three days to get a call scheduled with them. Even the TAM that we have got from them cannot help. If you go for any service from Google, Microsoft, or Amazon AWS, their TAM is always ready to help you with your queries, but in the case of CrowdStrike, the TAM says that you need to raise a support case, and they will help you out.

Neutral

I was not there in the organization at the time, so I do not know about it.

I lead a team of 18 people. I get it deployed on all of the EC2 instances through them.

Its initial setup was straightforward. It is very easy to use. 

For the whole organization, it took two weeks because we needed the downtime as well to deploy it in the production environment. 

In terms of maintenance, it does not require any maintenance from our side. 

There was some consulting from the CrowdStrike team. They did help us to implement it.

Overall, five or six people were assigned to deploy the solution. They were infra-support engineers. It was deployed across multiple locations.

I am not the one who handled the pricing. A different team worked on it, but it is pretty expensive.

We did our research and after that, we implemented CrowdStrike. Secureworks was there. There were some different players that gave us the quotation, but in terms of the features and the price, CrowdStrike was good. 

CrowdStrike offered us Spotlight, vulnerability management, and cloud solution management. There are different blades to it. We implemented it, and now it supports our environment. It is good.

To those evaluating this solution, I would say that it depends on their needs. If they need this product, they can go ahead and take it. It is straightforward, and it gets the job done.

I would rate it a seven out of ten.