CrowdStrike Falcon delivers breadth and depth in an operator-first package
February 27, 2023
CrowdStrike Falcon delivers breadth and depth in an operator-first package
Score 9 out of 10
Vetted Review
Verified User
Software Version
Falcon Enterprise
Modules Used
- Falcon Insight
- Falcon Prevent
- Falcon Device Control
- Falcon Discover
- Falcon Intelligence
- Falcon Sandbox
Overall Satisfaction with CrowdStrike Falcon
Crowdstrike Falcon is used to provide a comprehensive suite of endpoint detection and response capabilities across the enterprise. It is the primary platform for detecting and preventing malicious content and actions on endpoints. Additionally, we leverage Crowdstrike Falcon Intelligence as a primary source of cyber threat intelligence to further enhance our cyber security program capabilities. The complementary set of modules and capabilities provides a robust set of functionality that allows us to better control and protect the enterprise.
- Detecting malicious endpoint behaviors
- Providing thorough, timely cyber threat intelligence
- Integrate effectively between modules and with other security platforms
- Event Search is built on Splunk which requires some SPL knowledge to be effective
- Detections sometimes lack important information (e.g. hash of payload vs. hash of executing application)
- Overlap between modules (e.g. Insight and Discover for login activity) aren't always presented in a unified/integrated way
- Increased endpoint telemetry to aid in detection and response to cyber incidents
- Low management overhead (self-updating, SaaS platform, etc) drastically reduced overall sustainment costs
- Threat Intelligence reporting has enabled us to keep senior leadership apprised of the cyber threat landscape (and what we're doing to defend against it)
We've replaced our traditional AV and legacy, GPO-based USB controls with Falcon Insight/NGAV and Device Control.
This gives security a much more consolidated and holistic operating view across the environment. It reduces the amount of manual correlation required to understand the overall security posture. It has also greatly reduced the amount of time and resources that go in to chasing low-quality AV alerts, freeing up resources for more impactful analysis.
The Falcon platform covering such a broad range of capabilities and challenges makes it much easier to rapidly address those challenges. Rather than a full procurement cycle, onboarding new technology, deployment overhead, new tools to learn and manage, we can typically work directly with our CrowdStrike customer success team to identify and scope the need and get something up and running in days instead of months. The breadth also helps to create an increasingly holistic view of our environment, because we can start to see all of the various pieces and aspect in one consolidated platform (instead of bouncing between 2-5 different consoles).
- Using the Network Contain capability to isolate endpoints that aren't compliant with patch requirements
- Using Real Time Response to support automation of deeper-dive forensics and analytics
Do you think CrowdStrike Falcon delivers good value for the price?
Yes
Are you happy with CrowdStrike Falcon's feature set?
Yes
Did CrowdStrike Falcon live up to sales and marketing promises?
Yes
Did implementation of CrowdStrike Falcon go as expected?
Yes
Would you buy CrowdStrike Falcon again?
Yes