CrowdStrike, the leader of EDRs
April 09, 2023
CrowdStrike, the leader of EDRs
Score 8 out of 10
Vetted Review
Verified User
Software Version
Falcon Enterprise
Modules Used
- XDR
- Falcon Insight
- Falcon Prevent
- Falcon Overwatch
- Falcon Complete
- Falcon Intelligence Recon
- Falcon Intelligence
- Falcon Zero Trust
Overall Satisfaction with CrowdStrike Falcon
We use CrowdStrike Falcon to analyze alerts originating in our client's environment. These are purely security alerts based on information security use cases such as identifying persistence, exploits, lateral movement, pup based attacks and a lot other categories. Falcon does a great job in identifying these and provides various ways to analyze these some of which are checking out the process tree, checking out the parsed fields on osint like hashes on vt, ips on abuse db, file names, path parent processes, child processes, etc. We also use this product to take a remote session of endpoints to triage and remediate in case of attacks.
- Remote session
- Remediation killing quarantining the process/files
- Graphical process tree
- Splunk backend searches with all details
- Various dashboards
- Suppression to weed out false positives
- Can have some AI incorporated
- Support can be introduced
- Searching the related events require splunk knowledge which can be a show stopper
- We provide cyber security services so it plays a super important role
- Identifying attacks and intimidating customers helps us to be in the good books and reputation
- Word of mouth is also great when we tell we use edr in the market which is new tech compared to siem
It removes the dependency on SIEM, a SIEM tool of whatever company is tooo slow, hard to manage, does not capture process command line details, etc. On the other hand, CrowdStrike Falcon provides response capability as well as process level logging and does not need a physical device like the one used by SIEM works on agents which are very fast all in all EDR > SIEM
A very good neat tidy setup without physical devices which need to be managed easy for installation as well
The most important aspect is the cost here because it keeps the cost in limit and we have never faced a budget issue. This budget can then be used by us to venture into other tools areas. Also, CrowdStrike helps us to triage and remediate the attacks pretty quickly. The customer is happy too when the incident is resolved with the actual details within SLA
- Remote shell
- Remediation of attack
- Suppression of rules
Pricing was less, it had better ratings as well as word of mouth in the market. Works on agent-based solution rather than remote access. Finds zero day attacks very soon recently CrowdStrike found the 3cx attack which is now a critical supply chain attack. CrowdStrike falls under the leader category.
Do you think CrowdStrike Falcon delivers good value for the price?
Yes
Are you happy with CrowdStrike Falcon's feature set?
Yes
Did CrowdStrike Falcon live up to sales and marketing promises?
Yes
Did implementation of CrowdStrike Falcon go as expected?
Yes
Would you buy CrowdStrike Falcon again?
Yes