CrowdStrike Falcon vs Darktrace

What users are saying about

Score 9.2 out of 10

Based on 85 reviews and ratings

Get Started Free

Score 7.9 out of 10

Based on 30 reviews and ratings

Likelihood to Recommend

CrowdStrike continues to be the leader of where it is today by extending the offerings that is has. While there are a number of downfalls of the product, no one other security vendor can rightfully do what CrowdStrike does. Smaller players in the game are able to "pull a feather" here and there but there is no stopping the behemoth that is CrowdStrike. So long as CrowdStrike continues to deliver on its endpoint protection capabilities and levels up their behavioral detections, they are the best buy all day long. For those looking for a company that is clear about what they are monitoring for and how, rule logic, etc.... CrowdStrike is the exact opposite. They are a complete black box that thinks detect logic is magic and protects it all as if it was intellectual property. For some organizations they will likely not care; however, for others with established security teams, this can prove to be an irritant.

Read full review

Bryan Bowie

Principal Incident Responder (Sr.)

VerizonSecurity & Investigations, 10,001+ employees

View all 29 answers on this topic

Darktrace would be well suited to any environment really; the only constraint would be the budget. The cost scales on the number of devices to be monitored by the product, so it can be quite expensive in larger environments. Any company that would benefit from having 24/7 monitoring of their network would find that this product would suit that need perfectly. It can also create a number of reports, which is useful if you have any requirement to present periodic figures and statistics for your network. There are also additional features available and in development such as Antigena, which can be configured to allow potential threats to be automatically mitigated; it can block connections to a certain address, using certain ports, or it can enforce "normal behaviour" where it will only allow a machine to communicate in a way that Darktrace has observed before and considers normal. This has huge benefits particularly for 24/7 organisations where you don't have the ability to have someone monitoring the network personally at all times, as it could stop a malware outbreak in its tracks.

Read full review

Verified User

Engineer in Information Technology

Aviation & Aerospace Company, 501-1000 employees

View all 6 answers on this topic

Feature Rating Comparison

CrowdStrike Falcon

Darktrace

Anti-Exploit Technology

Endpoint Detection and Response (EDR)

Centralized Management

Hybrid Deployment Support

Infection Remediation

Vulnerability Management

Malware Detection

Pros

Ransomware protection. We ran a ransomware simulation with obfuscated executables to hide malware signatures and CrowdStrike found and stopped 15 out of 15.
Malware/adware detection. Packaged adware in official installers are instantly blocked without interfering with the install of the primary application.

Read full review

Randy Munroe

Information Security Analyst

Randall-ReillyMarketing and Advertising, 201-500 employees

View all 29 answers on this topic

It did an ok job of analyzing and collecting data. It used a span (mirrored) port and then using its own algorithm developed flow records.
It did an ok job of segmenting traffic into networks - not always correctly, but ok.
It tried to identify devices by type - once again, it did ok, but not that great.

Read full review

Matthew Frederickson

Director of Information Technology

Council Rock School DistrictEducation Management, 1001-5000 employees

View all 6 answers on this topic

Cons

We get false positive detections when we run an email signature script for our users. These false positives can be a distraction. We've implemented a whitelist for those behaviors, but had some difficulty in figuring out how to configure CrowdStrike to recognize these executions since the file name and hash were always different (the executing file was firstname_lastname.exe, and that was too Vague to whitelist.

Read full review

Mark Sauer

Director of Information Technology

TransPakPackage/Freight Delivery, 1001-5000 employees

View all 29 answers on this topic

False positives. Darktrace uses "AI" to create its alerts for "unusual" or "malicious" activity. It is very common to see an alert for completely benign and normal device behavior - PC tries to print for the first time in a while, for example.
Antigena actions. To some extent, this is a continuation of the previous point. Darktrace can break the network connectivity of the suspected device automatically. The excessive number of false positives makes administrators reluctant to use this feature, though. Also, the default Antigena actions are not relevant to real-world problems as I saw them in my experience with Darktrace.

Read full review

Verified User

Professional in Information Technology

Primary/Secondary Education Company, 1001-5000 employees

View all 6 answers on this topic

Support Rating

CrowdStrike Falcon 8.8

Based on 13 answers

When I receive support, it is always useful and informative. However, the support doesn't get back to me in the most timely manner. Often, by the time I hear back from support I have already resolved the issue. But for bigger issues, that need more in-depth help the support team has been incredibly valuable.

Read full review

Verified User

Analyst in Information Technology

Telecommunications Company, 1001-5000 employees

View all 13 answers on this topic

Darktrace 9.5

Based on 4 answers

Any time I have had any issue with Darktrace, I've been able to contact an engineer through their support desk, and I have always had a very speedy response. Even when the issue has been caused by something outside of the Darktrace devices, they have still been very keen to try to help and identify what the problem was. The customer portal also has a large number of videos and guides that you can use to educate yourself on the product

Read full review

Verified User

Engineer in Information Technology

Aviation & Aerospace Company, 501-1000 employees

View all 4 answers on this topic

Alternatives Considered

[Because of] its cloud-based architecture, complete set of features, LDAP integration and massive deployment options. The open integration with another security solution and it's almost native with all Windows flavors including Windows Server. Its Incident Response Team is a one-and-only kind of solution that makes CrowdStrike a really different competitor and a natural leader in cybersecurity market.

Read full review

Victor Rivera

Senior Information Technology Manager

Grupo VinteConstruction, 1001-5000 employees

View all 29 answers on this topic

We did NOT select Darktrace. OSSIM/AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.

Read full review

Matthew Frederickson

Director of Information Technology

Council Rock School DistrictEducation Management, 1001-5000 employees

View all 6 answers on this topic

Return on Investment

CrowdStrike has cut our security costs.
Has given us more insight into our end points.
It has helped with our older PC's CPU usage.
Cut our cost and time from managing multiple platforms down to managing one platform with better insight than what we had with multiple security platforms.

Read full review

Verified User

C-Level Executive in Information Technology

Security & Investigations Company, 1-10 employees

View all 29 answers on this topic

One big positive is how it helps us with the security assessments that clients have done on us. They are looking to see if we know how we might have unusual/malicious traffic running on the network.
If you have a small network and only need 1 appliance, it can be a good ROI and peace of mind.
You could go down a hole in trying to spend time looking at all of your traffic with this software. You need to focus only on what it is showing as potential bad traffic.

Read full review

Verified User

Technician in Information Technology

Law Practice Company, 201-500 employees

View all 6 answers on this topic

Pricing Details

General

Free Trial

Yes

Free/Freemium Version

—

Premium Consulting/Integration Services

Yes

Entry-level set up fee?

CrowdStrike Falcon Editions & Modules

Edition

Falcon Pro	$6.99¹
Falcon Enterprise	$14.99²
Falcon Premium	$17.99²

per endpoint/month (for 5-250 endpoints, billed annually)
per endpoint/month (minimum number of endpoints applies)

Additional Pricing Details

—

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

Darktrace Editions & Modules

—

Additional Pricing Details

—

Rating Summary

CrowdStrike Falcon

Darktrace

CrowdStrike Falcon

Darktrace

CrowdStrike Falcon vs Darktrace