CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance impact, no additional agents, hardware, scheduled scans, firewall exceptions or admin credentials.
$6.99
per endpoint/month (for 5-250 endpoints, billed annually)
VMware Carbon Black EDR
Score 8.8 out of 10
N/A
VMware Carbon Black EDR (formerly Cb Response) is an incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements. Carbon Black EDR records and stores endpoint activity data so that security professionals can hunt threats in real time and visualize the complete attack kill chain. It leverages the VMware Carbon Black Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of…
N/A
Pricing
CrowdStrike Falcon
VMware Carbon Black EDR
Editions & Modules
Falcon Pro
$6.99
per endpoint/month (for 5-250 endpoints, billed annually)
Falcon Enterprise
$14.99
per endpoint/month (minimum number of endpoints applies)
Falcon Premium
$17.99
per endpoint/month (minimum number of endpoints applies)
Anyone who is looking for a leader in endpoint protection should consider CrowdStrike Falcon for sure, regardless of specific use cases. Anybody who is operating on a very lean security team that doesn't have the capability to provide 24x7x365 coverage should absolutely consider Falcon Complete. I've worked with various MSSP's in the past, but Falcon Complete is one I would definitely not lose any sleep at night knowing we're in good hands.
We are able to check if any phishing link was visited by the user or not. To check for the whether any file is executed on the machine or not. To check on which port connections are being made by the machine. To create custom watchlist for alert to be investigated by an analyst. To check every process executed in the machine for a specified range.
Endpoint Isolation - instead of hoping an adversary was blocked in time. CrowdStrike locks down the endpoint beyond using the Windows Firewall. Allowing a whitelist of IPs brings additional management of that endpoint to another level that most other tools don't have.
Rich Data Recording - CrowdStrike is best described as a giant tape recorder in the sky. When it lands on the box, it truly provides insight into the those that other tools could only dream of.
Extensive APIs - CrowdStrike understands that they are not your only security vendor, so they have API usage for everything in their platform to automate and integrate to your heart's desire.
Cloud Visibility - CrowdStrike's cloud monitoring capabilities are agnostic of cloud platform. No longer does one need to worry about putting all their eggs in one basket because the endpoint tool prefers one platform over another.
The ability to do a system-level scan like a traditional AV is missing and isn't a feature CrowdStrike is planning on implementing. Old school IT guys are going to be curious about this.
Host management and deletion are clunky and take 45 days for a machine to fall off your subscription license.
When I receive support, it is always useful and informative. However, the support doesn't get back to me in the most timely manner. Often, by the time I hear back from support I have already resolved the issue. But for bigger issues, that need more in-depth help the support team has been incredibly valuable.
Crowdstrike Falcon Endpoint protection is based on AIML enhanced technology,l. It's cloud-based so users don't need to connect to their office network to get their policy synchronization done from Server to endpoints agents. Also, the Crowdstrike Falcon agent size is small and it consumes fewer resources of the machine.
CB Response allows for a better view of what happened on the endpoint and provides more functionality out of the box then the FireEye Endpoint Security Product. CB Response allows you to basically have a remote connection into the CLI of an endpoint. This allows you to view the file system, run programs/scripts on the host, etc. FireEye Endpoint Security does not have this functionality.
Cut our cost and time from managing multiple platforms down to managing one platform with better insight than what we had with multiple security platforms.