Our most trusted endpoint protection tool for threat detection and response
March 08, 2023
Our most trusted endpoint protection tool for threat detection and response
Score 10 out of 10
Vetted Review
Verified User
Software Version
Other
Modules Used
- XDR
- Falcon Insight
- Falcon Prevent
- Falcon Device Control
- Falcon Horizon
- Falcon Overwatch
- Falcon Discover
- Falcon Zero Trust
- Identity Protection
Overall Satisfaction with CrowdStrike Falcon
CS Falcon is our primary tool of choice for endpoint protection. It has a small footprint and impact while being highly intelligent and very well supported.
With the majority of our users working in hybrid mode we needed a strong security control that could provide top-class protection with the minimum amount of False Positives (and, of course, of True Positives).
Falcon provides full visibility on processes, communication flows and all sorts of activities that are happening on the endpoints. It works smoothly with other tools that we have co-deployed, like DLP, DNS protection, SWG/CASB, App monitoring and Control.
Recently we added to our arsenal the Identity Protection and the Cloud Protection modules, driven by the business needs to reduce the number of vendors, tools and dashboards while achieving maximum protection and synergy/consolidation.
We believe that as a company, Crowdstrike sits on top of the range of security vendors that we work with, has the right vision and keeps delivering excellence.
We are quite happy with their Customer Success Management and Support Services and look forward to trialling their new functions: LogsScale and External Surface Risk Management.
With the majority of our users working in hybrid mode we needed a strong security control that could provide top-class protection with the minimum amount of False Positives (and, of course, of True Positives).
Falcon provides full visibility on processes, communication flows and all sorts of activities that are happening on the endpoints. It works smoothly with other tools that we have co-deployed, like DLP, DNS protection, SWG/CASB, App monitoring and Control.
Recently we added to our arsenal the Identity Protection and the Cloud Protection modules, driven by the business needs to reduce the number of vendors, tools and dashboards while achieving maximum protection and synergy/consolidation.
We believe that as a company, Crowdstrike sits on top of the range of security vendors that we work with, has the right vision and keeps delivering excellence.
We are quite happy with their Customer Success Management and Support Services and look forward to trialling their new functions: LogsScale and External Surface Risk Management.
- Endpoint Security
- Threat Detection, Protection, Reporting
- Malware Analysis
- Continuous fast delivery of new features and improvements
- Customer awareness, learning and support
- Device Control
- Identity Protection
- Identity Protection - plenty of small improvements which have been suggested by our side. Long list to mention them here. If needed I can forward you the email/presentation sent for the occassion to the Production team.
- They recognised our contribution / remarks , by providing a discount on the initial offer, which we were happy to accept.
- Our company went through an MnA with another pharmaceutical. Both companies had Crowdstrike EDR installed on endpoints, but on different Tenants.
- Unfortunately there was not an official technical solution for migrating the endpoints to a unique tenant. We had to Uninstall the existing agent from the acquired company and then Reinstall it again, which was laborious and time-consuming. I wish they had a solution for such cases :-)
- Attack Surface Management (demoed recently) doesn't seem to be fully matured yet, but they definitively are on a good path.
- Falcon is our basic and most reliant security control.
- Comparing the ROI with regard to other tools that we have deployed in our environgment (or use as SaaS services) right now: like Umbrella DNS Advantage, Netskope CASB/SWG, Illumio Microsegmentation, Splunk Enterprise, Okta IDM, Duo MFA, CarbonBlack App control, Delinea PAM & Password Vault, Qualys VMDR, DMARCIAN, Cyberhaven DLP, Palo Alto NGFW, Proofpoint Protection, Tripwire Enterprise
- I would definitively put CS on top of the list, based on the benefit/protection we receive from it, in comparison to anything else (cost is accounted for as well).
- Highly reliable and light-weighted
- Not very costly initially, but if you add more specific modules the cost adds up :-)
We recently eliminated the use of Microsoft ATA for Identity monitoring and protection by replacing it with Crowdstrike Identity Protection.
Unfortunately, we are not there yet, as the leadership is not up to speed with our (engineering's team) vision for consolidation and simplification.
But we are closely observing the suitability of CS modules for:
- Endpoint DLP (replace Cyberhaven),
- Vulnerability Management (replace Qualys),
- Log aggregation and analysis (replace Splunk)
- Attack Surface protection and Threat Intelligence (replace RiskSense and Digital Shadows, which I forgot to mention in my previous reference to our security arsenal)
But we are closely observing the suitability of CS modules for:
- Endpoint DLP (replace Cyberhaven),
- Vulnerability Management (replace Qualys),
- Log aggregation and analysis (replace Splunk)
- Attack Surface protection and Threat Intelligence (replace RiskSense and Digital Shadows, which I forgot to mention in my previous reference to our security arsenal)
Our goal as a security team is to REDUCE the risk from CyberSecurity threats AND minimise the impact of potential breaches.
We have been lucky to have a decent security budget and headcount, but also efficient in exploiting the security arsenal that we are provided with.
As long as I have been with the company (2yrs), there have been no breaches or high-profile security incidents.
We have been lucky to have a decent security budget and headcount, but also efficient in exploiting the security arsenal that we are provided with.
As long as I have been with the company (2yrs), there have been no breaches or high-profile security incidents.
- Use it for remediating issues with other Security tools, via the RTR functionality.
- Use the Discover / Asset & Software Inventory module to spot devices with missing security tools.
- Perform Zero Trust Assessment to compare security posture for Windows 11 vs Windows 10 devices.
Do you think CrowdStrike Falcon delivers good value for the price?
Yes
Are you happy with CrowdStrike Falcon's feature set?
Yes
Did CrowdStrike Falcon live up to sales and marketing promises?
Yes
Did implementation of CrowdStrike Falcon go as expected?
Yes
Would you buy CrowdStrike Falcon again?
Yes
CrowdStrike Falcon Feature Ratings
Using CrowdStrike Falcon
| Pros | Cons |
|---|---|
Like to use Technical support not required Well integrated Consistent Feel confident using | Slow to learn Lots to learn |
- Dashboards and Reports
- Threat Intelligence
- Support and Resources
- Threat Hunting
- Grasping all the different policies and their configuration:
- Prevention vs Response vs Firewall vs USB device vs Sensor Update.
- RTR (Remote Threat Response)