CrowdStrike Falcon vs. OpenText EnCase Endpoint Security

Crowdstrike is a unified platform for monitoring endpoint devices, whether they're workstations, servers, cloud-native machines, or even mobile devices. It uses AI/ML to monitor anomalies and suspicious behavior, including zero-day attacks. It is suitable for large organizations but may be costlier or less appropriate for smaller organizations, those who want an on-prem EDR setup, and those who need custom scanning based on compliance requirements.

Incentivized

It is more suited to environments that have a large internal user base since there will be more incidents that require forensic analysis. It will be less suited for environments that have a small internal user base due to the fact that there would be fewer incidents that require forensic analysis, but it really depends on the industry that a small internal user base is a part of.

Incentivized

• The Log analysis is very detailed and easy to use.
• Prevent and block all type of malwares.
• Great threat intelligence which is very up-to-date with the recent cyber attacks
• very user friendly in access and management
• Automated feature of detecting, taking action and closing incidents using fusion workflow.

Incentivized

• Functionality meets minimal requirements, since it performs forensic investigations as advertised.

Incentivized

• Support - we are often tasked with running down problems rather than being directed by support.
• The sales staff we have dealt with are not very responsive or timely.
• I believe this is a product built for installations of 300 users or more.

Incentivized

• Their UI definitely needs to be more user-friendly, right now it is very cumbersome to run and view investigations.
• Authentication mechanism should be a simple username/password, not certificate-based which is difficult to manage.
• Needs better support documentation for the product, it is difficult to find solutions to issues that we run into.

Incentivized

Crowdstrike has a large suite of tools built for helping the engineers triage and respond to security event whenever identified. The ability to customize the security policies and implement more granular policies to different devices based on the functionality is unmatched. Crowdstrike provides so much of ability in a decent budget which ascertains the value for money or ROI.

Incentivized

I think it is a complete and very trustful XDR platform, with very few False Positives. It is very well supported by highly skilled professionals on all levels: from pre-sales engineers, Customer Account Managers and support engineers.

Incentivized

Any time we need to engage the Crowdstrike Falcon Complete Team, their response is switch, thorough, and they are sure to not close out any request until the customer confirms that they have provided an acceptable resolution. If I ever need anything from the account team related to the product, I also get a response from them within minutes typically to address my question. Top notch customer service!

Incentivized

Because support is non-existent whenever you have a functionality issue using the product. Also since the UI is so cumbersome to use we could use as much support as possible. Whenever we ask for support we are told to take the training which costs us more money. I believe that support should be easily accessible and affordable for the client

Incentivized

There is limited amount of learning that can be completed in an in-person training available. In my opinion, the self-paced learning provided by Falcon portal is more useful over in-person training. The support from Falcon is great and useful to overcome difficulties, if any.

Incentivized

The training provided by Crowdstrike Falcon is complete in terms of the depth of technical knowledge and teaches the users about going through with the platform. There are lots of jargons for different tools that Crowdstrike Falcon has and this training teaches them all which helps in managing the platform better. Plus, the regular knowledge checks are also very helpful for the end user.

Incentivized

Read the documentation

Incentivized

It was just a legacy AV program onboarded during initial setup days. As the org. As it expanded, its threat landscape also grew, and we needed a next-gen solution to protect against evolving threat vectors. Falcon EDR was the one that solved all these in a single place.

Incentivized

The other forensic tool that is a direct competitor to EnCase and wasn't listed above is the Forensic Toolkit or FTK. I believe that FTK is a better tool overall simply because it is easier to manage and use when it comes to investigations. Unfortunately, I wasn't part of the decision process and EnCase was the tool selected, otherwise, I would have recommended FTK.

Incentivized

• CrowdStrike Falcon's proactive threat mitigation has significantly reduced the risk of successful cyber attacks, resulting in tangible savings related to potential data breaches or system compromises.
• The cloud-native architecture and automated features have improved operational efficiency.
• The platform's real-time visibility and threat hunting capabilities have drastically improved incident response times.

Incentivized

• One negative impact would be that since the UI is cumbersome to use we would need to spend more money on training which is not always feasible.
• Another negative impact would be that since there is not much support available this slows down investigations due to finding out how to troubleshoot and fix functionality issues.
• One positive impact would be that since it meets minimal requirements when it comes to forensic analysis it gives us visibility on any malicious activity occurring on a user's endpoint.

Incentivized