Our most trusted endpoint protection tool for threat detection and response
March 08, 2023

Our most trusted endpoint protection tool for threat detection and response

Fotis Mastakas | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Software Version

Other

Modules Used

  • XDR
  • Falcon Insight
  • Falcon Prevent
  • Falcon Device Control
  • Falcon Horizon
  • Falcon Overwatch
  • Falcon Discover
  • Falcon Zero Trust
  • Identity Protection

Overall Satisfaction with CrowdStrike Falcon

CS Falcon is our primary tool of choice for endpoint protection. It has a small footprint and impact while being highly intelligent and very well supported.
With the majority of our users working in hybrid mode we needed a strong security control that could provide top-class protection with the minimum amount of False Positives (and, of course, of True Positives).
Falcon provides full visibility on processes, communication flows and all sorts of activities that are happening on the endpoints. It works smoothly with other tools that we have co-deployed, like DLP, DNS protection, SWG/CASB, App monitoring and Control.
Recently we added to our arsenal the Identity Protection and the Cloud Protection modules, driven by the business needs to reduce the number of vendors, tools and dashboards while achieving maximum protection and synergy/consolidation.
We believe that as a company, Crowdstrike sits on top of the range of security vendors that we work with, has the right vision and keeps delivering excellence.
We are quite happy with their Customer Success Management and Support Services and look forward to trialling their new functions: LogsScale and External Surface Risk Management.


Pros

  • Endpoint Security
  • Threat Detection, Protection, Reporting
  • Malware Analysis
  • Continuous fast delivery of new features and improvements
  • Customer awareness, learning and support
  • Device Control
  • Identity Protection

Cons

  • Identity Protection - plenty of small improvements which have been suggested by our side. Long list to mention them here. If needed I can forward you the email/presentation sent for the occassion to the Production team.
  • They recognised our contribution / remarks , by providing a discount on the initial offer, which we were happy to accept.
  • Our company went through an MnA with another pharmaceutical. Both companies had Crowdstrike EDR installed on endpoints, but on different Tenants.
  • Unfortunately there was not an official technical solution for migrating the endpoints to a unique tenant. We had to Uninstall the existing agent from the acquired company and then Reinstall it again, which was laborious and time-consuming. I wish they had a solution for such cases :-)
  • Attack Surface Management (demoed recently) doesn't seem to be fully matured yet, but they definitively are on a good path.
  • Falcon is our basic and most reliant security control.
  • Comparing the ROI with regard to other tools that we have deployed in our environgment (or use as SaaS services) right now: like Umbrella DNS Advantage, Netskope CASB/SWG, Illumio Microsegmentation, Splunk Enterprise, Okta IDM, Duo MFA, CarbonBlack App control, Delinea PAM & Password Vault, Qualys VMDR, DMARCIAN, Cyberhaven DLP, Palo Alto NGFW, Proofpoint Protection, Tripwire Enterprise
  • I would definitively put CS on top of the list, based on the benefit/protection we receive from it, in comparison to anything else (cost is accounted for as well).
  • Highly reliable and light-weighted
  • Not very costly initially, but if you add more specific modules the cost adds up :-)
We recently eliminated the use of Microsoft ATA for Identity monitoring and protection by replacing it with Crowdstrike Identity Protection.
Unfortunately, we are not there yet, as the leadership is not up to speed with our (engineering's team) vision for consolidation and simplification.

But we are closely observing the suitability of CS modules for:
- Endpoint DLP (replace Cyberhaven),
- Vulnerability Management (replace Qualys),
- Log aggregation and analysis (replace Splunk)
- Attack Surface protection and Threat Intelligence (replace RiskSense and Digital Shadows, which I forgot to mention in my previous reference to our security arsenal)
Our goal as a security team is to REDUCE the risk from CyberSecurity threats AND minimise the impact of potential breaches.
We have been lucky to have a decent security budget and headcount, but also efficient in exploiting the security arsenal that we are provided with.
As long as I have been with the company (2yrs), there have been no breaches or high-profile security incidents.
  • Use it for remediating issues with other Security tools, via the RTR functionality.
  • Use the Discover / Asset & Software Inventory module to spot devices with missing security tools.
  • Perform Zero Trust Assessment to compare security posture for Windows 11 vs Windows 10 devices.

Do you think CrowdStrike Falcon delivers good value for the price?

Yes

Are you happy with CrowdStrike Falcon's feature set?

Yes

Did CrowdStrike Falcon live up to sales and marketing promises?

Yes

Did implementation of CrowdStrike Falcon go as expected?

Yes

Would you buy CrowdStrike Falcon again?

Yes

Well-suited for advanced and more mature environments, with dedicated personnel and well-versed in Threat and Incident Response.
The learning curb is a bit steep, but if time can be dedicated to attending Workshops and Learning modules on Crowdstrike University, then 3-6 months is a realistic timeframe to yield expected outcomes.
Clear blueprints for product rollout are provided to customers based on your specific environment.

CrowdStrike Falcon Feature Ratings

Anti-Exploit Technology
9
Endpoint Detection and Response (EDR)
10
Centralized Management
9
Infection Remediation
9
Vulnerability Management
Not Rated
Malware Detection
10

Using CrowdStrike Falcon

ProsCons
Like to use
Technical support not required
Well integrated
Consistent
Feel confident using
Slow to learn
Lots to learn
  • Dashboards and Reports
  • Threat Intelligence
  • Support and Resources
  • Threat Hunting
  • Grasping all the different policies and their configuration:
  • Prevention vs Response vs Firewall vs USB device vs Sensor Update.
  • RTR (Remote Threat Response)
I think it is a complete and very trustful XDR platform, with very few False Positives.

It is very well supported by highly skilled professionals on all levels: from pre-sales engineers, Customer Account Managers and support engineers.

Comments

More Reviews of CrowdStrike Falcon