CrowdStrike Falcon

CrowdStrike Falcon was able identify activity for kerberoasting which is critical as most of tools are not able to identify.Also its capability to DLL sideloading/hijacking is commendable.Interactive sandbox has helped a lot for getting to see how malware works. Great real-time visibility and reaction to all the endpoints.Offers a lightweight agent.

CrowdStrike Falcon is good for a mid-large size industry where there are many engineers and analysts are working. It got many modules and a lot of data to analyze and correlate with other tools. Also, the price vs features get justified for a mid-large company. The system is also designed for users with high technical skill level as it has a steep curve. Due to its not so good ML based detection engine it is also suitable for environment with not many lab/developer activity going on as it creates a lot of noise. The policy granularity isn't as detailed as in some other competitors like Cortex XDR.
It is not so well suited for small companies with small security team as it got too many features to manage and mostly an overkill as it will only operate on a small asset-set. Plus it is not cheap. It is also not suited for companies that does large scale development and testing involving network access or File manipulation in their environment simply because the policy options aren't much granular to tune accordingly. Cortex is definitely better in that aspect.

In a scenario with endpoints located worldwide, it can assure to all, the same necessary security level in real time and the highest efficiency for servers and computers. If there are too many legacy operating systems linked to industrial machines it has weakness that need to be covered with different solutions or architectures.

CrowdStrike Falcon is a robust security suite that would do well with any company, but it is geared more towards enterprises.

The solution is relatively good as a set and forget, particularly if being operated by a small team. Similarly, the system will allow for a level of active monitoring and integrating into MSSP services; however there is a point at which the level of sophistication drops off, especially when heading down a path of automated response, etc.

not the cheapest solution but the cost saving for that extra bit of knowhow that fills the gap between our old EDR and CrowdStrike is well worth the money. we modern protection is the current cost of doing business and will hopefully pay off in the extra layer of protection.

I believe CrowdStrike Falcon is great for teams who have a small security team with no 24x7 coverage. Using their Complete add-in you are covered by the 24 hours a day 7 days a week 365 days a year. This is all with a 4 minute window to remediate issues should one occur.

It is best suited for organizations that have lot of machines and users, since CrowdStrike agent-based deployment is easy to manage and maintain.
CrowdStrike Falcon may be less appropriate for smaller organizations due to its cost, also a technical support team is required to install / remove agents from machines and monitor the dashboard for detections daily.

Incident response containment works really well, we have contained a couple of machines during incidents and it works pretty well. Also telemetry from different devices is useful. Identity protection alerting also works very well for us, we get tickets and calls from CrowdStrike Falcon when users connects from suspicious countries.

CrowdStrike Falcon can be operated with a low operational load, and we believe it can be used by various organizations. I think there are not many organizations for which he is not suitable. Instead, I think it depends on whether or not you can trust and implement this highly complete service.

It can be used in combination with your current AV solution or even as an standalone product.
It seems to work pretty well and protects you from almost everything tested.
Maybe RFM can be improved, specially with patch Tuesdays, but nothing to worry too much about.

CrowdStrike Falcon is an all in one solution - One agent, low impact

I would highly recommend CrowdStrike Falcon to any organization serious about bolstering its cybersecurity defenses. The platform's effectiveness in threat detection, proactive mitigation, and scalability make it a valuable asset in today's ever-evolving threat landscape. Despite some learning curves and integration challenges, the return on investment and the overall security enhancement justify its strong recommendation.

It is suitable for large companies with complex organizational structures that are managed by the company's own staff or by Crowdstrike. It is less suitable for small companies due to its high initial costs, especially if it is offered as a service from an MSP, since the management of MSP users is complicated and, in some cases, it cannot even be a real vision of the users that can manage each company.

CrowdStrike Falcon can be treated as a single source for endpoint protection. With additional features, CrowdStrike Falcon has a strong use case for preventing malware infection in the infrastructure security ecosystem. CrowdStrike Falcon's complete helps get the MSSP capabilities for SOC detection and incident response from a league of experts.

I have been in the industry for close to thirty years and this has been one of the best endpoint protection programs I have ever used. We feel confident as an organization that we are protected on the endpoints at all times. The Falcon Complete team is great for providing assistance whenever we need it.

Protecting Windows, Linux, and MAC Operative Systems from all kinds of threats. Not only alerting but also preventing, using behavior detection and file analysis.

It is suited to small teams who require additional backup and assistance within the security area.

I feel CrowdStrike Falcon is well suited for anybody who takes securing their systems and employees safe. They have a $1 million breach policy, which helps give peace of mind that they stand behind their product and really believe in it. This was the big determining factor for us. Not because we needed the $1 million policy but because it shows how much they are willing to invest in their products as the best on the market.

It helps in Adversary Emulation Exercise.
It helps in Red Team / Blue Team Exercise.

Threat visibility is something where it is less appropriate.

Unmatched AI capability to find security threats & seamless Customer Support

Since it is easy to deploy and use, it can be deployed and protect small and large companies immediately. best suitable for Hi-tech companies and Thin SecOps teams Falcon X threat intelligence and Threat Graph cloud-based data analytics provide the ability to detect advanced threats and analyze user and device data to spot anomalous activity.

I believe CrowdStrike could be a successful implementation in any organization, however, for any company that wants someone be on top of detections, exclusions, actions, etc. they would need a full time employee to manage the product. The price point is in line with other products and has integrations with more 3rd party SIEM, scanning and network monitoring solutions than any other vendor.

Great product for endpoint detection and response for any sized organisations. Simple configuration and installation ensures its well suited for small and medium sized organisations.

CS Falcon is suited for nearly all scenarios and deployment. The only challenge would be if devices contain protected data the need for the Gov Cloud installation would be necessary. This can split up your installation base but isn't anything that is very difficult to manage.