TrustRadius: an HG Insights company

CrowdStrike Falcon

Score9.1 out of 10

378 Reviews and Ratings

What is CrowdStrike Falcon?

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance impact, no additional agents, hardware, scheduled scans, firewall exceptions or admin credentials.

Top Performing Features

  • Endpoint Detection and Response (EDR)

    Continuous monitoring and response to advanced internet threats by endpoint agents.

    Category average: 9.1

  • Malware Detection

    Detection and blocking of zero-day file and fileless malware.

    Category average: 9.1

  • Anti-Exploit Technology

    In-memory and application layer attack blocking (e.g. ransomeware)

    Category average: 8.8

Areas for Improvement

  • Infection Remediation

    Capability to quarantine infected endpoint and terminate malicious processes.

    Category average: 8.6

  • Hybrid Deployment Support

    Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.

    Category average: 8.1

  • Vulnerability Management

    Vulnerability prioritization for fixes.

    Category average: 8.6

CrowdStrike Falcon - An Unified Endpoint Security Solution.

Use Cases and Deployment Scope

I'm a security analyst who uses CrowdStrike Falcon for day-to-day endpoint monitoring and response. There is no such problem compared to the competitors. It does its job really well. Our scope is to monitor endpoint assets, including workstations, servers, and DCs (Windows OS, Linux OS, and macOS), for any suspicious or malicious behavior or attempts.

Pros

  • Monitor Endpoint Assets for Anomalies using AI/ML.
  • Manage Threat hunting using its overwatch function.
  • Managing the asset inventory.
  • The identity protection feature detections and stop attacks that abuse user identities.
  • The Exposure Management function helps in identifying application and OS vulnerabilities before attackers exploit them.

Cons

  • The new NG-SIEM has a complex console to handle, which can be more smoother.
  • All the features look perfect and there is no room for improvement.

Return on Investment

  • It helps in reducing breach risk and production disruption cost.
  • It reduced employee bandwidth and analysis time compare to SOC operations because it takes action based on the severity.
  • It has a Presentable dashboard with executive and board driven visibility.
  • It improves Compliance and Audit posture.
  • Only negative impact is, its more costlier specially for small organizations.

Alternatives Considered

Palo Alto Networks Cortex XDR and SentinelOne Singularity

Other Software Used

IBM Security QRadar SIEM, Palo Alto Networks Cortex XDR, SentinelOne Singularity

CrowdStrike Falcon Complete you'll pay for best in class protection.

Use Cases and Deployment Scope

We are a business associate to many healthcare organizations, and rely on ingesting ePHI data for our software. We absolutley need "best in class" threat protection and mitigation to protect not only our business, but the hospitals and other healthcare entities we serve. CrowdStrike Falcon complete absolutely protects us and our clients, and provides the visibility and peace of mind into our systems we are looking for.

Pros

  • Threat protection
  • Threat Mitigation
  • Idenity protection

Cons

  • Customer Service / Tech assistance
  • Siloed functionality

Return on Investment

  • Customers have asked us directly if we use CrowdStrike
  • Learning curve has been steep, but once we had it implemented, has shown a few critical incidents that have occured and were mitigated.

Alternatives Considered

Trend Micro Cloud One - Application Security and Symantec Advanced Threat Protection

Other Software Used

Microsoft Intune, Ramp, Salesforce CMS

Meeting every EDR requirement with Falcon.

Use Cases and Deployment Scope

Falcon serves as an EDR solution and is deployed at every computing endpoint. It provides realtime detection and mitigation of threats by continuously monitoring the endpoint activity telemetry data. The AI/ML features help eradicate zero-day attacks and serve as a preventive measure to protect your organisation against every possible attack vector. Having Falcon agents running on your endpoint protects your infrastructure from threat actors and reduces/negates the risk of data exfiltration and financial loss or reputational damage.

Pros

  • Advanced Endpoint Detection and Response.
  • Next Gen Antivirus.
  • Incident Response and Forensic Readiness.

Cons

  • Limited Built-In Vulnerability Management.
  • Complex Policy Configuration and Tuning.
  • Limited Offline Protection Capabilities

Return on Investment

  • Switching to a single security platform helps businesses save significant money. For every dollar spent, companies often get back six dollars in value. These savings come from working faster and avoiding the high costs of data breaches, which are usually recouped within less than half a year.
  • Using modern security tools can cut the risk of a cyberattack by up to 85%. This approach replaces many old, separate programs with one system, saving staff thousands of hours of manual work. Over three years, the total financial benefits are nearly triple the original cost.
  • Protecting user logins pays for itself very quickly, often within 6 months. By using one specialized tool instead of several small ones, companies can save over a million dollars in long-term costs. This reduces staff workload while making the entire business much harder to hack.

Alternatives Considered

Avira Antivirus

Other Software Used

Elasticsearch, Expel, Okta

A very valuable tool for our business.

Use Cases and Deployment Scope

We use it as our main endpoint protection solution, constantly working on detection and visibility within our environment. We can monitor behaviors and respond to incidents in real time, and with it, we can reduce the risks of malware/ransomware and unauthorized access. It helps our security team every day.

Utilizo como nossa principal solução de proteção de Endpoints, sempre trabalhando na detecção e visibilidade do nosso ambiente. Conseguimos verificar comportamentos e resposta a incidentes em tempo real,. com ele conseguimos reduzir os riscos de um malware/ransomware e de acessos não autorizados. Nos ajuda em todo dia a dia do nosso time de segurança.

Pros

  • Rapid incident response
  • Event correlation and visibility
  • Threat intelligence
  • Device and user control
  • Resposta rápida a incidentes
  • Correlação de eventos e visibilidade
  • Inteligência de ameaças
  • Controle de dispositivos e usuários

Cons

  • A clearer and more objective navigation interface.
  • Greater ease in creating alerts and automations.
  • More flexible and easier-to-view reports.
  • Interface de navegação mais clara e objetiva
  • Maior facilidade na criação de alertas e automações
  • Relatórios mais flexíveis e com mais facilidade de visualização

Return on Investment

  • Improved operational efficiency of the Security team.
  • Significant reduction in security incidents.
  • Greater visibility of the environment and improved security posture for the business.
  • Melhora na eficiência operacional do time de Segurança
  • Redução significativa de incidentes de segurança
  • Maior visibilidade do ambiente e melhora na postura de segurança do negócio

Other Software Used

ManageEngine Endpoint Central, AWS CloudTrail, Azure App Service

CrowdStrike Review

Use Cases and Deployment Scope

We use CrowdStrike for our EDR solution. They have been a great partner to work with!

Pros

  • Malware Detection
  • Next Gen SIEM

Cons

  • I would like the Next Gen SIEM to have more API integrations
  • It would be nice if the Next GEN SIEM had a natural language search capabilities

Return on Investment

  • It has had a great ROI. We have not had any cyber security breaches so far

Alternatives Considered

Huntsman Next Gen SIEM SOAR (Analyst Portal), Datadog, Splunk Enterprise and Arctic Wolf Managed Detection and Response

Other Software Used

Abnormal Security, Cisco Umbrella, KnowBe4 Security Awareness Training