Skip to main content
TrustRadius
CrowdStrike Falcon

CrowdStrike Falcon

Overview

What is CrowdStrike Falcon?

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance impact, no additional agents,…

Read more
Recent Reviews
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Endpoint Detection and Response (EDR) (69)
    9.4
    94%
  • Malware Detection (69)
    9.3
    93%
  • Infection Remediation (67)
    8.9
    89%
  • Centralized Management (70)
    8.5
    85%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

Falcon Pro

$6.99

Cloud
per endpoint/month (for 5-250 endpoints, billed annually)

Falcon Enterprise

$14.99

Cloud
per endpoint/month (minimum number of endpoints applies)

Falcon Premium

$17.99

Cloud
per endpoint/month (minimum number of endpoints applies)

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.crowdstrike.com/endpoint…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Features

Endpoint Security

Endpoint security software protects enterprise connected devices from malware and cyber attacks.

8.8
Avg 8.5
Return to navigation

Product Details

What is CrowdStrike Falcon?

CrowdStrike offers cloud-delivered endpoint protection. CrowdStrike aims to revolutionize endpoint protection by unifying next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent.

The vendor states many of the world’s largest organizations use CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies.

CrowdStrike Falcon Features

Endpoint Security Features

  • Supported: Anti-Exploit Technology
  • Supported: Endpoint Detection and Response (EDR)
  • Supported: Centralized Management
  • Supported: Infection Remediation
  • Supported: Vulnerability Management
  • Supported: Malware Detection

CrowdStrike Falcon Video

CEO George Kurtz discusses challenges organizations face using legacy cybersecurity solutions & how easy, fast & effective the CrowdStrike Falcon platform is by comparison.

CrowdStrike Falcon Integrations

CrowdStrike Falcon Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac
Mobile ApplicationApple iOS, Android
Supported LanguagesEnglish, Japanese

Frequently Asked Questions

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance impact, no additional agents, hardware, scheduled scans, firewall exceptions or admin credentials.

Reviewers rate Endpoint Detection and Response (EDR) highest, with a score of 9.4.

The most common users of CrowdStrike Falcon are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(235)

Attribute Ratings

Reviews

(1-25 of 25)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Incentivized
CrowdStrike Falcon is used as an EDR agent and we also leverage Falcon Complete services for additional security operations assistance. Additionally, EDR logs are combined with SIEM logs to gather better insights about a security event which may or may not qualify for additional deep dive research. CrowdStrike Falcon is customizable and has a robust threat intelligence inbuilt.
  • Endpoint Detection and Response
  • Great communication to the security operations teams for triaging a security event
  • Customizable policies which can be globally applied
  • Ease of integration with SIEM
  • Ability to query endpoint logs within the Falcon portal itself
  • Sandbox can get better in my opinion.
  • Detection of source of infection in case of lateral movements recommended
  • Browser based logs/ DNS queries for getting to the root of the issue
CrowdStrike Falcon can be treated as a single source for endpoint protection. With additional features, CrowdStrike Falcon has a strong use case for preventing malware infection in the infrastructure security ecosystem. CrowdStrike Falcon's complete helps get the MSSP capabilities for SOC detection and incident response from a league of experts.
August 26, 2023

Great product

Score 10 out of 10
Vetted Review
ResellerIncentivized
we use the product to protect computers and servers. We have a 7x24 soc service, crowdstrike allows us to detect, investigate and respond to incidents in a few minutes.decreased and the facilities for sharing information and research have allowed the soc to reduce response times.playbooks have made it possible to respond on other platforms
  • Identifícate IOA
  • Facilita to investigate
  • Playbooks
  • Vulnerability magnament
  • Logscale
  • Xdr
the mdr service is very good, the response and remediation capabilities work very well. The growth of the platform and the new modules show the continuous innovation that the product has.It could improve the responses to support tickets.
Score 9 out of 10
Vetted Review
ResellerIncentivized
CrowdStrike Falcon is installed on all endpoints and Server VMs at our end.It helps us to stop security breaches as well as prevent all types of attacks (including malwares, ransomwares and many other such attacks)
  • It helps us to stop security breaches as well as prevent all types of attacks (including malwares, ransomwares and many other such attacks)
  • It helps in Adversary Emulation Exercise
  • it helps in Red Team / Blue Team Exercise
  • should improve threat visibility
  • its overall TCO should be reduced
  • seamless integration with solutions like SIEM
It helps in Adversary Emulation Exercise.
It helps in Red Team / Blue Team Exercise.

Threat visibility is something where it is less appropriate.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use Crowdstrike Falcon for the below points
1. To prevent Ransomware
2. Device Control
3. Protection of Workstations and servers
4. Advanced protection for Zeroday
4. To find malicious activities on systems
  • Overwatch feature is amazing
  • Accuracy to identify True Positive
  • Powerful AL based detection method
  • RFM issue
  • Certificate Pinning, older sensor versions stops communicating
  • Sensor Duplication
Unmatched AI capability to find security threats & seamless Customer Support
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use CrowdStrike Falcon Complete to augment our IT staff. Using complete gives us the 24X7 protection we need without burdening our already time challenged staff. The combination of CrowdStrike Falcon on our endpoints and monitoring by Crowdstrike Falcon complete gives us the coverage we need.
  • Staff did a great job pointing our IT workers to areas that needed remediation.
  • CrowdStrike Falcon Endpoint consistently blocks incursions from compromised websites and prevents PUPs from installing
  • Complete Staff is very attentive and makes whitelist changes quickly which allows our staff to be productive.
  • The Dashboard can become overwhelming at times, too much information to absorb
  • Computers that may have made it out into the field without the endpoint sensor are very difficult to find
  • As with all systems that rely on machine learning false positives occurr
I am not sure there is a scenario where CrowdStrike Falcon is less appropriate, the software does a great job of showing where the problem came from and how it was stopped by the system. A report is generated letting your staff know that a problem was found and remediated. I think if you have users that are working 24X7 or multiple time zones having Complete will take care of alot of hassles. You can work with your team to decide what level of involvement you want your complete team to take they can go from just monitoring all the way up to seeing and resolving issues with your staff being notified after resolution
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use it for endpoint protection from malware and viruses on all PC's and laptops within the organization for both on premises and work from home users. The product is small footprint on the clients and is not noticed by the end users. It looks for not only known malware but also for patterns/IOCs that may indicate a zero day attack.
  • Runs on clients without causing application issues
  • matches files patterns/behaviors to look for unknown attacks
  • contains potentially infected hosts
  • The user interface is terrible
  • permit users to see licensed products in the console
  • less false positives. files such as Malwarebytes scanning modules should be known as safe
  • make it easier to create scanning exclusions that actually work
I believe CrowdStrike could be a successful implementation in any organization, however, for any company that wants someone be on top of detections, exclusions, actions, etc. they would need a full time employee to manage the product. The price point is in line with other products and has integrations with more 3rd party SIEM, scanning and network monitoring solutions than any other vendor.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Falcon to ensure we protect all our endpoint devices across the whole globally distributed organisation. We aim to utilise Falcon capabilities to prevent malware being distributed and exploited on all endpoint devices. Falcon Spotlight assists with getting visibility of the number of vulnerabilities we have on our endpoints to address by ensuring robust patch management capabilities.
  • Efficiently picking up and preventing malware threats on endpoints
  • Prompt notification capabilities on any issues
  • Ability to "set and forget" with minimal maintenance required
  • Falcon Spotlight integrations with automatic patching solution would be a good feature
  • LogScale with SIEM functionalities would be an added feature
  • Simplified one dashboard with all high-level information
Great product for endpoint detection and response for any sized organisations. Simple configuration and installation ensures its well suited for small and medium sized organisations.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Deployed CS Falcon in a higher education research environment. We needed to leverage a tool that can build a models and be on the advancement of technology due to the nature of higher education and BYOD. We installed the CS Falcon on all machines and worked with the CS team to build a Gov Cloud for research equipment that required a different set of cloud protocols.
  • Monitoring
  • Notification
  • Device Management
  • Have an executive dashboard
  • better reporting cadence
  • ability to tag devices with end user names
CS Falcon is suited for nearly all scenarios and deployment. The only challenge would be if devices contain protected data the need for the Gov Cloud installation would be necessary. This can split up your installation base but isn't anything that is very difficult to manage.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use CrowdStrike Falcon to analyze alerts originating in our client's environment. These are purely security alerts based on information security use cases such as identifying persistence, exploits, lateral movement, pup based attacks and a lot other categories. Falcon does a great job in identifying these and provides various ways to analyze these some of which are checking out the process tree, checking out the parsed fields on osint like hashes on vt, ips on abuse db, file names, path parent processes, child processes, etc. We also use this product to take a remote session of endpoints to triage and remediate in case of attacks.
  • Remote session
  • Remediation killing quarantining the process/files
  • Graphical process tree
  • Splunk backend searches with all details
  • Various dashboards
  • Suppression to weed out false positives
  • Can have some AI incorporated
  • Support can be introduced
  • Searching the related events require splunk knowledge which can be a show stopper
Very well suited in remote session scenarios which can be used to fetch files or perform other desired operations. Also suited in identifying the root cause of the attack, CrowdStrike was among the first of its competitors the EDR does its work they introduce new features regularly like fusion workflow which we use for tuning it will be great to see what they do in the future.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Crowdstrike Falcon is one of the leading NG-AV endpoint detection platforms in the market which is always up to date with the emerging threats. We use Crowdstrike Falcon to give MDR services to many of our customers. It helps to prevent, block all types of Cyber-attacks and also helps to get the detailed overview of the attack. It is very user friendly in access and management.
  • The Log analysis is very detailed and easy to use.
  • Prevent and block all type of malwares.
  • Great threat intelligence which is very up-to-date with the recent cyber attacks
  • very user friendly in access and management
  • Automated feature of detecting, taking action and closing incidents using fusion workflow.
  • The False positive alerts can be minimized
  • The UI can be made better and easy to access.
  • Customer support can be made better
It helps to detect and prevent malwares automatically which saves the response time to act. The machine learning and AI feature which helps to detect unusual behavioural based malwares which use defence evasion techniques. The fusion workflow feature which helps to automate the detection and blocking of less important files such as PUP/Adwares so the focus can be on real threats. The host logs are easy to filter and use which helps to do quick incident response.
April 06, 2023

EDR as it should be

Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use CrowdStrike Falcon as our EDR solution across our servers and client machines, about 200 endpoints in total.
  • We have very few false positives
  • We are alerted with a script runs, such as a powershell commands
  • It blocks rogue software from running
  • it looks for patterns such as items that spread
  • More customizable dashboards for each admin user
The client installed on the endpoints is small and non-intrusive. It monitors user endpoint behavior really well and is good at eliminating the false positives we've had with other software in the past. We spent very little time having to tweak this software to avoid all the noise. So far, it has caught and quarantined anything it found.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
CS Falcon is our primary tool of choice for endpoint protection. It has a small footprint and impact while being highly intelligent and very well supported.
With the majority of our users working in hybrid mode we needed a strong security control that could provide top-class protection with the minimum amount of False Positives (and, of course, of True Positives).
Falcon provides full visibility on processes, communication flows and all sorts of activities that are happening on the endpoints. It works smoothly with other tools that we have co-deployed, like DLP, DNS protection, SWG/CASB, App monitoring and Control.
Recently we added to our arsenal the Identity Protection and the Cloud Protection modules, driven by the business needs to reduce the number of vendors, tools and dashboards while achieving maximum protection and synergy/consolidation.
We believe that as a company, Crowdstrike sits on top of the range of security vendors that we work with, has the right vision and keeps delivering excellence.
We are quite happy with their Customer Success Management and Support Services and look forward to trialling their new functions: LogsScale and External Surface Risk Management.


  • Endpoint Security
  • Threat Detection, Protection, Reporting
  • Malware Analysis
  • Continuous fast delivery of new features and improvements
  • Customer awareness, learning and support
  • Device Control
  • Identity Protection
  • Identity Protection - plenty of small improvements which have been suggested by our side. Long list to mention them here. If needed I can forward you the email/presentation sent for the occassion to the Production team.
  • They recognised our contribution / remarks , by providing a discount on the initial offer, which we were happy to accept.
  • Our company went through an MnA with another pharmaceutical. Both companies had Crowdstrike EDR installed on endpoints, but on different Tenants.
  • Unfortunately there was not an official technical solution for migrating the endpoints to a unique tenant. We had to Uninstall the existing agent from the acquired company and then Reinstall it again, which was laborious and time-consuming. I wish they had a solution for such cases :-)
  • Attack Surface Management (demoed recently) doesn't seem to be fully matured yet, but they definitively are on a good path.
Well-suited for advanced and more mature environments, with dedicated personnel and well-versed in Threat and Incident Response.
The learning curb is a bit steep, but if time can be dedicated to attending Workshops and Learning modules on Crowdstrike University, then 3-6 months is a realistic timeframe to yield expected outcomes.
Clear blueprints for product rollout are provided to customers based on your specific environment.

Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use CrowdStrike as our endpoint protection and server protection, anti-virus, and malware product. We also leverage the firewall and USB device restrictions for our endpoint systems. We use it on both our Windows and Mac endpoints and on our Windows server infrastructure.
  • Firewall rules and policy that are cloud-managed is great to ensure devices are in compliance.
  • Low engineering time spent after implementation, we don't have to babysit the product. It just works.
  • Low amount of false positives.
  • I would like an option to be able to scan files/folders. I understand, however, that this isn't really the way the product is designed and that it is designed around actively running processes. But it would be great to have a way to scan incoming media before loading it on our systems.
I would like to see a way to be able to scan files/folders. We regularly receive data from opposing sides and it would be excellent to be able to scan all the files within production to check for anything before giving our users access to the data. Currently, we have to use another product for this use case. We like that we don't have to put a ton of time into the platform after deployment. We're able to set up policies to auto-update definitions and the client without us needing to touch it. We don't regularly get false positives that require us to take action to allow a user to keep working.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
One of the leaders in endpoint protection. Crowdstrike has helped detect several threat actors initial tactics which arrived via phishing campaigns. Having the solution enabled in the Prevention mode has blocked several active attempts. Mostly, Ransomware and Keyloggers.
  • Threat Intelligence
  • Prevention Controls
  • Ability To Search For Logs
  • With respect to API reporting capabilities
  • Device control
It fits the budget of mid to large size companies. Easy to deploy and administer the solution.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We had a need for a leading endpoint protection platform with EDR capabilities to protect against modern threats. Further, we had a need to have 24x7x365 coverage with subject matter experts working around the clock. Because we, as many security teams are, running very lean there was a requirement to have a fully managed solution to help ensure our alignment with best practices but to also have eyes on our environment at all times.
  • Protection against modern threats.
  • Elimination of false positives.
  • Very well-managed solution, the complete team is great to work with!
  • Device control capabilities (USB device control) are easy to implement.
  • The UI while very comprehensive is a bit cluttered.
  • Could be a little more intuitive to set up device groups.
  • A little clearer definition of what is available to admins in the complete offering would be nice.
Anyone who is looking for a leader in endpoint protection should consider CrowdStrike Falcon for sure, regardless of specific use cases. Anybody who is operating on a very lean security team that doesn't have the capability to provide 24x7x365 coverage should absolutely consider Falcon Complete. I've worked with various MSSP's in the past, but Falcon Complete is one I would definitely not lose any sleep at night knowing we're in good hands.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We have utilized Crowdstrike Falcon for just over a year enterprise-wide across our server and VDI infrastructure with great success. This replaced an older signature-based solution. In the 1st few weeks we have seen an approx. 17% increase in detections. Support has been great through the implementation and initial tightening of rules and removing false positives. Highly recommend CrowdStrike and their managed support.
  • Initial detection through their various proprietary methodologies.
  • The graphical display of the malware and the potential impact chain is fantastic.
  • We realize sensor updating is necessary, but they seem to be very frequent.
  • It is not a cheap solution.
CrowdStrike scales nicely for small to large organizations with ease. Its real-time detection works well and provides great insight into the particular threat triggered. Quick and easy sensor deployment via various methods makes installation relatively easy for most companies. It incorporates white/blacklisting features, exploits and malware detection, as well as IOA behavioral protection.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
It is a replacement for other endpoint solution. It solves the ransomware issue with a modern protection approach with integrated AI, also with it's cloud based agent the protection is always updated. It has been used by the whole organization. It addresses the endpoint protection ready to integrate with the most complete cybersecurity ecosystem.
  • Massive Deployment.
  • Online Endpoint Protection.
  • Zero Day Attacks Protection.
  • Less intrusive desktop notifications.
  • Agentless protection.
  • Less expensive protection bundles.
It's a great solution with a massive deployment scenario with a lot of endpoints, and where the time is an issue and you need to be protected ASAP - thanks to its cloud-based architecture you will be up and running in almost 10 minutes (literally). There are no signatures, further refinements, or additional hardware and servers required. An always or almost always offline [scenario] is not well-suited for Falcon Pro.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
I've been working with CrowdStrike for the last 2 years, and it has been a UNIQUE and learning experience. The portfolio that they offer to support and fit with our business needs it's just amazing. It's our GLOBAL-approved solution, and we have implemented it across the globe in complex environments with minimum to low business disruptions. It has helped the IR team with visibility and lowers the time for remediation.
  • Detections Management
  • Compatibility with other Software
  • Lightweight Sensor
  • Device Control
  • Legacy OS Support
  • Integration with AD
  • User Roles Management
It will help you with visibility and less time to resolve, it will also focus the analysts' time on where they need to put the efforts. It cannot be perfect, it has areas for improvements, [I feel] it will not fit in your legacy environments as well as isolated networks or air-gapped devices
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We are using it across our entire organization as our primary end-point protection product. Our last product was beginning to fail and cause serious issues with unneeded blocks as well as performance issues with time-critical systems. We were highly interested in the EDR aspects not involved in traditional anti-malware functions as well as the intelligence functions by CrowdStrike Falcon Endpoint Protection.
  • Provides actionable detection data.
  • Lightweight and forgiving agent. We've had zero failures when deploying the agent across our organization.
  • The searches in the Discovery module are extremely useful for reporting purposes. For us, it satisfies a lot of HiTrust requirements.
  • Some search speeds are pretty slow. Having to wait a long time for results.
  • Sometimes [ I feel] the data being presented in detection is not obvious as to why it is being considered malicious.
As an EDR product, it performs extremely well. The EDR product realm is still growing so it stands to reason that there should be more competition to drive prices down. I do feel that CrowdStrike Falcon Endpoint Protection support of Linux is getting much better and I have little trouble getting it installed.
June 03, 2021

Don't call it AV!

Score 10 out of 10
Vetted Review
Verified User
Incentivized
CrowdStrike Falcon is used as an advanced AV and EDR solution. It is used across all departments to address security controls.
  • Malware detection
  • Lightweight agent
  • Easy installation
  • Visibility into all modules
  • VDI provisioning
AV solutions are usually cumbersome and difficult to maintain. CrowdStrike EDR capabilities feel nothing like a traditional AV product. It is intuitive and scales very well.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use CrowdStrike Falcon Endpoint Protection across our whole organization as our primary endpoint AV product. It gives us the unprecedented ability to see all actions taken by a user or malicious actor in order to determine the root cause of an incident. With the ability to quickly isolate a machine from the network we can keep minor issues from becoming larger ones.
  • Phenomenal EDR capability
  • Lightweight and easy to deploy sensor
  • Impressive machine learning and IOA based detections
  • Lots of add-on features add up the cost
  • Requires some training to fully utilize
  • Requires some false positive tuning initially
Early on in our deployment, we had a ransomware outbreak introduced by a third-party vendor. Even with the CrowdStrike Falcon Endpoint Protection sensor not deployed to old ICS machines and running (in a technically unsupported configuration) alongside another product, it was able to provide a herd immunity of sorts and drastically limit the ransomware's movement. The EDR capabilities of the sensor were an enormous help in tracking down the source of the infection while we were able to use the network containment feature to isolate infected machines as soon as they were seen. It was very impressive and helped us get back to normal in a week with minimal loss of productivity.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
CrowdStrike is used across the entire organization for all of our endpoint protection needs. In addition, we have recently deployed the firewall protection module. While it doesn't have the needed firewall feature for FQDN rules, we know that this feature will be coming in the near future. In all, CrowdStrike has been a great product and one that I would highly recommend.
  • Endpoint Protection
  • Indication of Compromise Investigations
  • Central Administration
  • Firewall needs to have FQDN rules
CrowdStrike is a great product and company and I would highly recommend it. The technical support has been fantastic and we have worked with them weekly to understand how best to protect the company from the onboarding phase through full deployment. The process was quick, but we wanted to be cautious. Our technical team was able to provide the details we needed to ensure that we didn't cause any disruptions to critical business processes.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We're using Falcon Endpoint Protection across the organization, on user workstations (both on premises and remote) as well as Windows and Linux servers. It helps us prevent threats as well as provide intel to investigate threats.
  • It's strong with its EDR capabilities. It's able to collect very useful information for an investigation.
  • Very lightweight agent doesn't interfere with user activities.
  • Customizable to get the amount of alerts that can be investigated without getting overwhelming.
  • CrowdStrike University doesn't have a lot of content, it can be completed in a few hours.
Falcon Endpoint Protection has proven to be a very complete and robust solution. It's great for mixed environments where devices are scattered across different sites, to include remote users. It supports all the operating systems being used across the organization which is another plus. With our previous endpoint protection solution, investigation typically required access to the affected endpoint. With CrowdStrike Falcon Endpoint Protection, all the intelligence is collected and accessible from the console. The amount of information is very vast and makes for very complete threat investigations. Lastly, the user interface is very refined, and polished, which makes navigating the console very straightforward.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
It is used within the wholesale division on all the servers and desktops. It is used as a next-generation endpoint detection and response tool. We intend to catch any behavioral anomalies posed by advanced malware that may be missed by signature-based AV. It's a ransomware detection and prevention tool.
  • Behavioral Detection
  • Ransomware Prevention
  • Always on Cloud connectivity for new pattern detections
  • Low maintenance
  • High network bandwidth usage occasionally
  • Infrequent false positives
It's a good augmentation tool for malware protection. The detection rate and success are pretty high. Able to catch almost 90% anomalies. The cloud updates make it simple to manage and update the policies. The agent/client footprint is small on the endpoints and takes fewer resources. It can be seen utilizing network bandwidth though due to the continuous data reading from the endpoints.
Mark Sauer | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Crowdstrike (CS) is deployed globally to all workstations and a dozen critical servers. Crowdstrike is our only application for endpoint protection/security. We went with Crowdstrike specifically to address a rash of Ransomware we experienced back in 2016. Since installing, our problems completely disappeared.
  • Detects and automatically blocks dangerous behavior on endpoints that could be indicative of malicious activity, like executing programs from the deleted items folder, executing a SSH command in silent mode from different places in the OS, etc.
  • Monitors endpoints continuously for known malware, evaluates dangerous behaviors and blocks execution based on risk tolerance settings, uses AI to draw correlations on multiple attack vectors, and has a human malware hunting element to detect known or newly detected attack vectors.
  • Is easy to deploy across a large organization and manage centrally by as few as 1 person part time.
  • This was the fastest and easiest implementation of an enterprise grade security system I have ever done. I pushed software to the endpoints on a Friday afternoon, and was complete by Noon on Monday, as each workstation came online, the installer completed, and we were protected.
  • We get false positive detections when we run an email signature script for our users. These false positives can be a distraction. We've implemented a whitelist for those behaviors, but had some difficulty in figuring out how to configure CrowdStrike to recognize these executions since the file name and hash were always different (the executing file was firstname_lastname.exe, and that was too Vague to whitelist.
It simply works. I do get alerts, but I know Crowdstrike is blocking the behavior or malware, so I don't lose any sleep. Since installing CS, we have not had a single security incident. Nice to focus on other value add tasks than remediating malware or Ransomeware.
Return to navigation