CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance impact, no additional agents, hardware, scheduled scans, firewall exceptions or admin credentials.
$6.99
per endpoint/month (for 5-250 endpoints, billed annually)
Darktrace
Score 8.5 out of 10
N/A
Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization. This allows it to tackle complex cyber-attacks as they happen and prevent future cyber-attacks from happening.
N/A
Pricing
CrowdStrike Falcon
Darktrace
Editions & Modules
Falcon Pro
$6.99
per endpoint/month (for 5-250 endpoints, billed annually)
Falcon Enterprise
$14.99
per endpoint/month (minimum number of endpoints applies)
Falcon Premium
$17.99
per endpoint/month (minimum number of endpoints applies)
Crowdstrike is as good or better than all the other products. Trend Micro AV/endpoint security is probably less mature, but CS and Darktrace are both excellent tools. Cylance is good too, but there has been some …
Anyone who is looking for a leader in endpoint protection should consider CrowdStrike Falcon for sure, regardless of specific use cases. Anybody who is operating on a very lean security team that doesn't have the capability to provide 24x7x365 coverage should absolutely consider Falcon Complete. I've worked with various MSSP's in the past, but Falcon Complete is one I would definitely not lose any sleep at night knowing we're in good hands.
I think if you manage a large number of mailboxes, you need a reliable solution to protect corporate email from any threat. This solution uses AI to analyze emails to check if they're safe or if it's a risk for the organization. It has a good UI (all in English), and the more you're using it, the more you get. There are a lot of metrics and indicators to help the email security admin.
Endpoint Isolation - instead of hoping an adversary was blocked in time. CrowdStrike locks down the endpoint beyond using the Windows Firewall. Allowing a whitelist of IPs brings additional management of that endpoint to another level that most other tools don't have.
Rich Data Recording - CrowdStrike is best described as a giant tape recorder in the sky. When it lands on the box, it truly provides insight into the those that other tools could only dream of.
Extensive APIs - CrowdStrike understands that they are not your only security vendor, so they have API usage for everything in their platform to automate and integrate to your heart's desire.
Cloud Visibility - CrowdStrike's cloud monitoring capabilities are agnostic of cloud platform. No longer does one need to worry about putting all their eggs in one basket because the endpoint tool prefers one platform over another.
Monitors your network for unusual behaviour; as it learns what is normal for your network, you don't need to worry too much about things that are normal for your organisation, but might be considered odd in other places, triggering as alarms. It can also detect more subtle changes such as a device accessing a server but at an unusual time.
There are a large number of models that are used to create the alerts, which can all be customised, and you can also create your own from scratch, to allow you to tailor it perfectly to your situation.
The ability to do a system-level scan like a traditional AV is missing and isn't a feature CrowdStrike is planning on implementing. Old school IT guys are going to be curious about this.
Host management and deletion are clunky and take 45 days for a machine to fall off your subscription license.
Really had a poor time of identifying devices and what the device's purpose was - a simple nmap scan did a better job. The problem is they expect you to fine-tune the results - which is exactly what you would expect - but day one it found over 2,000 servers (and I only have 112).
Really had a hard time separating network traffic into locations - I use distinct subnets for my buildings, but there was no good way to create a logical map of my traffic internally. Did not garner a sense of trust that it was seeing everything.
Sat through a few "analyst" reports - which showed me possible threats in my environment. I am already using a few open source tools, and they actually found more than the analyst reports. Also, there was no way to get the reports on your own - you had to work through their analysts to get the information.
When I receive support, it is always useful and informative. However, the support doesn't get back to me in the most timely manner. Often, by the time I hear back from support I have already resolved the issue. But for bigger issues, that need more in-depth help the support team has been incredibly valuable.
Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
Crowdstrike Falcon Endpoint protection is based on AIML enhanced technology,l. It's cloud-based so users don't need to connect to their office network to get their policy synchronization done from Server to endpoints agents. Also, the Crowdstrike Falcon agent size is small and it consumes fewer resources of the machine.
The Darktrace user interface was improved. Darktrace provides more metrics and more info to decide if an email is malicious or not in doubt case. Darktrace provides a lot of info about the email being analyzed, if there was a previous communication between both parts before for example, it's so easy to deploy.
Cut our cost and time from managing multiple platforms down to managing one platform with better insight than what we had with multiple security platforms.
