A Comprehensive Look at the Fabulous EDR CrowdStrike Falcon
Updated July 23, 2024
A Comprehensive Look at the Fabulous EDR CrowdStrike Falcon
Score 9 out of 10
Vetted Review
Verified User
Software Version
Falcon Enterprise
Modules Used
- Falcon Insight
- Falcon Sandbox
- Falcon Prevent
- Falcon Intelligence
- Falcon Search Engine
Overall Satisfaction with CrowdStrike Falcon
I use CrowdStrike Falcon as the main source of monitoring threats originating from operating systems used by our servers, workstations, staff laptops and guest users machines.
Our organization being a university where thousands of students and hundreds of staff turn up daily, puts our critical assets at risk of being compromised by an insider. CrowdStrike Falcon helps us identify the source of a threat accurately, blocks the triggering file or script before it can cause damage. The AI / ML based detections are very helpful because they catch threats that other vendors may fail at. The scope of our use case is endpoint monitoring and threat management.
Our organization being a university where thousands of students and hundreds of staff turn up daily, puts our critical assets at risk of being compromised by an insider. CrowdStrike Falcon helps us identify the source of a threat accurately, blocks the triggering file or script before it can cause damage. The AI / ML based detections are very helpful because they catch threats that other vendors may fail at. The scope of our use case is endpoint monitoring and threat management.
Pros
- AI / ML based malicious activity detections
- Detection information presented clearly and concisely on dashboard
- Easy filtering of detections on hostname, detection name, severity, date, time, hash, technique etc
- traces full process chain instead of just showing the source file or script which really helps in tracing the main security concern of machine
Cons
- If some malicious app uses microsoft's signed binary like onedrive, cmd, wscript CrowdStrike would tag the microsoft binary as malicious and fails to provide the actual file that tried to execute these.
- For example if a
- malware.exe tries to run this command
- cmd /c bitsadmin
- CrowdStrike would tag cmd or bitsadmin as malicious and does not mention malware.exe at all sometimes
- There are two different dashboards (updated and deprecated) which causes confusion among my team, all must be on same page and use single dashboard.
- Support is very slow in responding to problems and depend on automated bots which really frustrates when a major issue arises.
- Made our organization more secure by ensuring threats are blocked instantly and tagged clearly for us to take action
- Increase confidence in our security after recent data leaks
- Business increased after clients were ensured their data protection and security is top notch
- We integrated Falcon with our SIEM solution temporarily
- Implemented / enforced partial information security policy through Falcon
- Detected C2 in our internal network by using Threat Actors library in crowdstrike, where they give information about most dangerous hacking groups
It was the easiest to deploy and manage, while the dashboard was also very clear and precise in terms of useful information.
Another major reason in selection CrowdStrike Falcon was its AI and ML detection capabilities which really impressed us during evaluation. Other tools analysed were not too bad either but seemed complex to operate and use.
Another major reason in selection CrowdStrike Falcon was its AI and ML detection capabilities which really impressed us during evaluation. Other tools analysed were not too bad either but seemed complex to operate and use.
Do you think CrowdStrike Falcon delivers good value for the price?
Yes
Are you happy with CrowdStrike Falcon's feature set?
Yes
Did CrowdStrike Falcon live up to sales and marketing promises?
Yes
Did implementation of CrowdStrike Falcon go as expected?
Yes
Would you buy CrowdStrike Falcon again?
Yes
Comments
Please log in to join the conversation