Overview
What is CrowdStrike Falcon?
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance impact, no additional agents,…
Why CrowdStrike
Best EDR Tool
CrowdStrike Falcon: The most balanced and feature-rich XDR
Great Edr for companies
After using CrowdStrike Falcon for one year, here is what I learned…
Great all round endpoint protection solution
beyond the F1 sponsor, it's best in breed EDR
Excellent purchase not once regretted it.
We can investigate/remediate and run scripts when we suspect …
CrowdStrike Falcon Complete has been nothing short of awesome!
A Comprehensive Look at the Fabulous EDR CrowdStrike Falcon
CrowdStrike Falcon review for companies
Fantastic reduction in EDR operations
Great product, great performance, you get what you pay for (not cheap but worth it)
We were using other solution and we were forced …
The do everything endpoint protection tool
- Default endpoint protection tool on all servers and laptops.Laptops
- local firewall, and device lockdown (USB drives blocked)
- Spotlight
- …
How CrowdStrike Falcon Differs From Its Competitors
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Consolidation of Tools
- Thousand Eyes Endpoint tool was replaced using a combination of CrowdStrike Falcon and WorkSpaceOne as it was redundant.
- HaveIbeenPawned API subscription was removed as CrowdStrike Falcon Exposure …
Breadth of Solutions
- Protection endpoints from all kinds of host/network based threats.
- Keeping an eye on what applications users are installing and removing if it violates compliance.
- Discovering exposed user information on …
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Breadth of Solutions
Breadth of Solutions
Consolidation of Tools
Also if you have some host firewall management system, it can be replaced with CS firewall management
Remote connection (not interactive or RDP like) can be also be replaced, with RTR
Breadth of Solutions
Also, it ofers so many other things, that can be easily implemented (same agent... just increases costs) and are really interesting. You can start with a "basic" package and start growing from …
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Automated protection and remediation
Improved threat intelligence
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Endpoint Detection and Response (EDR) (77)9.393%
- Malware Detection (77)9.292%
- Infection Remediation (74)8.888%
- Centralized Management (78)8.585%
Reviewer Pros & Cons
Pricing
Falcon Pro
$6.99
Falcon Enterprise
$14.99
Falcon Premium
$17.99
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Endpoint Security
Endpoint security software protects enterprise connected devices from malware and cyber attacks.
- 8.8Anti-Exploit Technology(71) Ratings
In-memory and application layer attack blocking (e.g. ransomeware)
- 9.3Endpoint Detection and Response (EDR)(77) Ratings
Continuous monitoring and response to advanced internet threats by endpoint agents.
- 8.5Centralized Management(78) Ratings
Centralized management supporting multi-factor authentication, customized views, and role-based access control.
- 8.2Hybrid Deployment Support(4) Ratings
Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.
- 8.8Infection Remediation(74) Ratings
Capability to quarantine infected endpoint and terminate malicious processes.
- 8.2Vulnerability Management(57) Ratings
Vulnerability prioritization for fixes.
- 9.2Malware Detection(77) Ratings
Detection and blocking of zero-day file and fileless malware.
Product Details
- About
- Integrations
- Competitors
- Tech Details
- FAQs
What is CrowdStrike Falcon?
CrowdStrike Falcon Features
Endpoint Security Features
- Supported: Anti-Exploit Technology
- Supported: Endpoint Detection and Response (EDR)
- Supported: Centralized Management
- Supported: Infection Remediation
- Supported: Vulnerability Management
- Supported: Malware Detection
CrowdStrike Falcon Video
CrowdStrike Falcon Integrations
- Akamai Enterprise Application Access
- Cloudflare
- Attivo ThreatDefend Detection & Response Platform (a brand)
- Exabeam Fusion
- Splunk Enterprise Security (ES)
- Sumo Logic
- Swimlane
- AttackIQ Security Optimization Platform
- EclecticIQ Platform
- IntSights Cyber Intelligence, from Rapid7
- ThreatConnect SOAR (discontinued)
- Armis
- The Forescout Platform
- Claroty
- ThreatQuotient
- Panther
- Forescout
- Illusive Networks
- Netskope
- Okta
- Proofpoint
- Vectra
- zscaler
- ExtraHop
- Mimecast
- ServiceNow
- IBM Resilient Security Orchestration
- Automation and Response (SOAR)
- Arcsight Interset
- DF Labs
- LogRhythm
- Securonix
- Anomali
- Centripetal
- King & Union
- ThreatStop
- Dragos
- Medigate
CrowdStrike Falcon Competitors
CrowdStrike Falcon Technical Details
Deployment Types | On-premise, Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Windows, Linux, Mac |
Mobile Application | Apple iOS, Android |
Supported Languages | English, Japanese |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(241)Attribute Ratings
Reviews
(1-25 of 77)Why CrowdStrike
- Protects our endpoints
- Provide data that is actionable
- Comprehensive toolset
- Better looking dashboard - better graphics
- Better reporting capabilities
The reporting and dashboards could be improved to provide more clarity and ease of understanding of the metrics
Best EDR Tool
The solution is almost transparent for the users and the machines but the effectiveness against the malicious activities is on the highest levels, the false positives are also very low in according the total number of blocks against bad links, bad services and bad files.
- Infection remediation
- Sandboxing feature
- Broadview on detection
- Single agent and console
- Network Containment
- Interactive Sandbox
- Threat hunting
- The detection is CrowdStrike Falcon is quite accurate. Based on how we configured we do get false positives but as per my experience it barely missed anything that is confirmed malicious. The way it understands the context of an artifact and classifies it being benign or malicious is brilliant.
- CrowdStrike Falcon Real-Time-Response console is very powerful and usable too. It doesn't feel much different whether the endpoint that is being remote-accessed is using Mac, Linux, or Windows. It is quite resilient to spotty connections too.
- The agents installed on the machines are quite silent and can be set to unobtrusive both in terms of computation and notifications to user.
- The interoperability with other AVs or EDRs is amazing too. I have seen many instances where it worked together so well without contradicting that it was hard to remember the existence of the second EDR. It only fired up when the second EDR tried to access some sensitive locations.
- The UI although a little complicated got many things right. It handles large amount of asset information quite comfortably. Doesn't lag or freeze the browser for a regular computer too.
- CrowdStrike Falcon keeps on changing the UI of the Falcon Management Console quite frequently. It is very hard to create instructional documents as they get deprecated that fast.
- They lack some basic AV features like running an On-Demand Scan for anything other than some Windows versions.
- The alerts especially the Machine Learning ones sometime give too much information to investigate and doesn't point out what in particular is suspicious. It causes us to waste time looking up hundreds of DNS, IP, etc to find the culprit
- They don't have a manual way of quarantining a file which is again basic.
- The behavior-based rule creation got a sharp learning curve as it is based on Logscale/Humio query language. Need a good query builder.
It is not so well suited for small companies with small security team as it got too many features to manage and mostly an overkill as it will only operate on a small asset-set. Plus it is not cheap. It is also not suited for companies that does large scale development and testing involving network access or File manipulation in their environment simply because the policy options aren't much granular to tune accordingly. Cortex is definitely better in that aspect.
Great Edr for companies
- Centralized efficient management
- Infection remediation
- Malware detection
- Cloud native architecture
- Limited coverage to endpoints
- Legacy os support is very limited
- Linux machines support is limited
- Compliance Audit
- End user security
- Data protection
- The user interface can be challenging to navigate from time to time until you get the hang of it.
Great all round endpoint protection solution
- Detecting suspect activity at the endpoint
- Stopping potentially damaging network activity by isolating an endpoint
- Tracing activity throughout the network to assist with investigation and remediation
- Limitations in ability to make detailed rulesets to address edge cases
- False positives continue to be an issue
- Can be noisy leading to alert fatigue
beyond the F1 sponsor, it's best in breed EDR
- better intrusion detection of external devices
- better dash board
- provides suggested best practices for people to follow
- the granularity of role permissions
Excellent purchase not once regretted it.
We can investigate/remediate and run scripts when we suspect any anomalies on the network. Using event search we are able to analyse events and devices on the network. We have an easy way of finding EOL devices through the asset dashboard. I can analyse user accounts and ensure that there are no strange accounts with passwords over the set period.
- Event Search
- Searching for unmanaged assets
- Tagging for easier searching
- Providing details on devices such as recently connected users and previously connected networks.
- UI is cumbersome at times
- Dashboard occasionally takes a while to load
- Support is somewhat delayed
- Stopping malicious activity.
- Provides great visibility into events.
- Works as an extension of our IT team.
- In dashboard filtering for all records, without needing to export.
Our organization being a university where thousands of students and hundreds of staff turn up daily, puts our critical assets at risk of being compromised by an insider. CrowdStrike Falcon helps us identify the source of a threat accurately, blocks the triggering file or script before it can cause damage. The AI / ML based detections are very helpful because they catch threats that other vendors may fail at. The scope of our use case is endpoint monitoring and threat management.
- AI / ML based malicious activity detections
- Detection information presented clearly and concisely on dashboard
- Easy filtering of detections on hostname, detection name, severity, date, time, hash, technique etc
- traces full process chain instead of just showing the source file or script which really helps in tracing the main security concern of machine
- If some malicious app uses microsoft's signed binary like onedrive, cmd, wscript CrowdStrike would tag the microsoft binary as malicious and fails to provide the actual file that tried to execute these.
- For example if a
- malware.exe tries to run this command
- cmd /c bitsadmin
- CrowdStrike would tag cmd or bitsadmin as malicious and does not mention malware.exe at all sometimes
- There are two different dashboards (updated and deprecated) which causes confusion among my team, all must be on same page and use single dashboard.
- Support is very slow in responding to problems and depend on automated bots which really frustrates when a major issue arises.
CrowdStrike Falcon may be less appropriate for smaller organizations due to its cost, also a technical support team is required to install / remove agents from machines and monitor the dashboard for detections daily.
CrowdStrike Falcon review for companies
- Network segmentation for host and servers using the firewall.
- USB block by the sensor.
- IDP alerts from our domain and different identities
- Support response.
- Sensor stability, sometimes the sensor fails on computers
- Improve menus
Fantastic reduction in EDR operations
- Prompt response
- Reliable follow up
- High detection ability
- Enhancement of Japanese language
- Screen configuration that requires no screen transitions as much as possible
Great product, great performance, you get what you pay for (not cheap but worth it)
We were using other solution and we were forced to change it really quick.
The process has been really simple, and for the moment we are really happy with how it works and how it performs.
It can be used both on computers and servers, and it supports quite good both Windows & Linux
- Protection against all kind of malware
- Performance
- Real Time Response
- Custom IOC Management
- Notifications to end users
- Tray Icon
It seems to work pretty well and protects you from almost everything tested.
Maybe RFM can be improved, specially with patch Tuesdays, but nothing to worry too much about.
The do everything endpoint protection tool
- Default endpoint protection tool on all servers and laptops.Laptops
- local firewall, and device lockdown (USB drives blocked)
- Spotlight
- vulnerabilities
- Identity Protection - lateral movement, service account protection, insider threat
- Threat Intel / Sandbox
- EDR
- Threat Intel
- USB blocking
- Complete team - triage and escalation
- Better reporting
Strengthening cyber defenses with CrowdStrike Falcon
- CrowdStrike Falcon's next-gen endpoint protection consistently outperforms traditional solutions.
- The cloud-native architecture ensures seamless scalability and real-time updates, eliminating the need for manual interventions.
- CrowdStrike Falcon's threat intelligence and hunting capabilities are unparalleled.
- The advanced features may pose a learning curve for users unfamiliar with modern cybersecurity tools.
- A more transparent pricing model could assist in budget planning.
- Expanding compatibility with a broader range of security solutions would be advantageous.
Crowdstrike at its best, with small gaps.
- Known malware detection.
- Software detection with malicious behavior.
- Identification of processes with anomalous behavior.
- User management in cases where the service is provided as an MSP.
- Clarity in console menus.
- Integration with third-party EPP.
Very useful and easy to use security tool
- prevention
- vulnerability management
- sensor is very small
- Client tray
- On demand Scans
CrowdStrike Falcon Review
- Detects suspicious activity
- Shows exact location and processes involved in suspicious activity
- Isolate computers with suspicious activity
- Setting up on MacOS was more complicated than expected (as kernel extensions were being phased out)
- Remediation is not always as automated as some other systems (e.g. Malware Bytes)
One-stop solution for malware protection
- Endpoint Detection and Response
- Great communication to the security operations teams for triaging a security event
- Customizable policies which can be globally applied
- Ease of integration with SIEM
- Ability to query endpoint logs within the Falcon portal itself
- Sandbox can get better in my opinion.
- Detection of source of infection in case of lateral movements recommended
- Browser based logs/ DNS queries for getting to the root of the issue
Crowdstrike Falcon - Best in the Business.
- MFA Everywhere to protect our systems from remote login connections.
- Realtime endpoint protection that is updated regularly without intervention from our system administration team.
- 24 x 7 x 365 monitoring of the system to provide protection at all times.
- Walkthroughs of new features when added to the console.
- Better instructions on how and where to add or change policies for various tools.
CrowdStrike real review.
- Malware detection.
- Bad behaviour detection.
- Support on old Operatives Systems.
CrowdStrike Security made easy.
- MDR
- Vulnerability assessment.
- Identity Protection.
- Easier to use interface.
- Log management.
- Investigations
- Protection of end points.
- Protection of user identities.
- Providing quick response to any identified security issues.
- CrowdStrike can be on the more expensive side of end point and identity management, but it's worth it.
Great product
- Identifícate IOA
- Facilita to investigate
- Playbooks
- Vulnerability magnament
- Logscale
- Xdr
- It helps us to stop security breaches as well as prevent all types of attacks (including malwares, ransomwares and many other such attacks)
- It helps in Adversary Emulation Exercise
- it helps in Red Team / Blue Team Exercise
- should improve threat visibility
- its overall TCO should be reduced
- seamless integration with solutions like SIEM
It helps in Red Team / Blue Team Exercise.
Threat visibility is something where it is less appropriate.