CrowdStrike Falcon vs. Microsoft Defender for Endpoint

Anyone who is looking for a leader in endpoint protection should consider CrowdStrike Falcon for sure, regardless of specific use cases. Anybody who is operating on a very lean security team that doesn't have the capability to provide 24x7x365 coverage should absolutely consider Falcon Complete. I've worked with various MSSP's in the past, but Falcon Complete is one I would definitely not lose any sleep at night knowing we're in good hands.

Small or large organizations will benefit from using MDE. They need to provide a way to buy MDE as a standalone add-on product not only make it a bundled feature in Microsoft 365 E5. I wish it had the ability to deploy updates to 3rd party apps when the vulnerability scanner discovers a vulnerability. Currently, I have to use a 3rd party tool to address this gap.

• Endpoint Isolation - instead of hoping an adversary was blocked in time. CrowdStrike locks down the endpoint beyond using the Windows Firewall. Allowing a whitelist of IPs brings additional management of that endpoint to another level that most other tools don't have.
• Rich Data Recording - CrowdStrike is best described as a giant tape recorder in the sky. When it lands on the box, it truly provides insight into the those that other tools could only dream of.
• Extensive APIs - CrowdStrike understands that they are not your only security vendor, so they have API usage for everything in their platform to automate and integrate to your heart's desire.
• Cloud Visibility - CrowdStrike's cloud monitoring capabilities are agnostic of cloud platform. No longer does one need to worry about putting all their eggs in one basket because the endpoint tool prefers one platform over another.

• It is great at proactively monitoring threats across the network. It works seamlessly with the client to monitor individual user computers, and it has a good real-time scanning engine.
• On the client side, Windows Defender doesn't require a whole lot of system resources to run, nor will it create unnessary slowdowns of a computer, even while scanning for threats

• The ability to do a system-level scan like a traditional AV is missing and isn't a feature CrowdStrike is planning on implementing. Old school IT guys are going to be curious about this.
• Host management and deletion are clunky and take 45 days for a machine to fall off your subscription license.

• Virus detection rates are below competitors.
• Too many notifications that end up bothering.
• Do not ask every time if you should send reports to Microsoft.

When I receive support, it is always useful and informative. However, the support doesn't get back to me in the most timely manner. Often, by the time I hear back from support I have already resolved the issue. But for bigger issues, that need more in-depth help the support team has been incredibly valuable.

Every time I've had a question or a problem, I was able to get it addressed quickly. Microsoft has a huge database for ATP support, and it has contained 90% of what I have looked for. It was a lifesaver during initial setup.

Crowdstrike Falcon Endpoint protection is based on AIML enhanced technology,l. It's cloud-based so users don't need to connect to their office network to get their policy synchronization done from Server to endpoints agents. Also, the Crowdstrike Falcon agent size is small and it consumes fewer resources of the machine.

Defender works better for my org. This may depend on your ecosystem, however for me, Defender is a clear winner. I like Defender's ability to utilize multiple sensors and data points to detect possible breaches. I like the built-in EDR functionality. I do not need to purchase a separate EDR software anymore. I really like the vulnerability management. it has enabled our SOC team to view multiple security-related sensors from a single portal.

• CrowdStrike has cut our security costs.
• Has given us more insight into our end points.
• It has helped with our older PC's CPU usage.
• Cut our cost and time from managing multiple platforms down to managing one platform with better insight than what we had with multiple security platforms.

• There is definitely a piece of mind provided when you know that your system will not get compromised because of malware and viruses.
• The fact that I don't have to spend money in the first place means that I can spend money on other more important things that do require it.