Item: CrowdStrike Falcon
Rating: 10
Author: Randy Munroe

Use Cases and Deployment Scope

CrowdStrike Falcon Pro is installed on all enterprise machines, virtual and physical. We even have it installed on our private cloud servers used for web hosting. CrowdStrike is part of our layered defense strategy to mitigate breaches, ransomware and other types of malware. The ability to run on Windows, Mac, and Linux is a huge advantage that we couldn't find in every solution.

Pros and Cons

Ransomware protection. We ran a ransomware simulation with obfuscated executables to hide malware signatures and CrowdStrike found and stopped 15 out of 15.
Malware/adware detection. Packaged adware in official installers are instantly blocked without interfering with the install of the primary application.

The ability to do a system-level scan like a traditional AV is missing and isn't a feature CrowdStrike is planning on implementing. Old school IT guys are going to be curious about this.
Host management and deletion are clunky and take 45 days for a machine to fall off your subscription license.

Return on Investment

While costing twice as much as our previous solution, our detection capability has at least tripled, and remediation is automated. This has saved us all time while detecting threats better.
Endpoint detections have gone up but have caused our firewall detections to go down overall. CrowdStrike is catching an attack earlier in the kill chain overall.

Alternatives Considered

Symantec Endpoint Protection and Cisco Advanced Malware Protection (AMP) for Endpoints

1. It had the best ransomware protection built into the base version of the software. This was our primary focus, with some companies in town being hit by ransomware every other week.
2. Better overall detection and response capability.
3. Central management is 100% cloud-based, and it makes it easy to get into a detection from anywhere and get it resolved.

Support Rating

Support is generally pretty fast and gets right to the issue. We haven't had to use them much, fortunately, but the issues and questions we've had are usually answered quickly. The customer success manager/account manager you're assigned will also follow up with you on a regular cadence to ensure you're getting the most out of the subscription. There's not a whole lot of room to improve, other than the general confusion about what is/what is not covered in custom packages you're subscribed to. The initial purchase took much longer because of a package name changes and realignments of different modules into those packages.

Key Insights

Do you think CrowdStrike Falcon delivers good value for the price?

Yes

Are you happy with CrowdStrike Falcon's feature set?

Yes

Did CrowdStrike Falcon live up to sales and marketing promises?

Yes

Did implementation of CrowdStrike Falcon go as expected?

Yes

Would you buy CrowdStrike Falcon again?

Yes

Other Software Used

Elasticsearch, AlienVault OSSIM, Veeam ONE

Likelihood to Recommend

There aren't many scenarios where I wouldn't recommend CrowdStrike. You'll have the ability to create protection policies for different parts of your environment so that sensitive machines have as much protection as possible, and low-risk machines aren't overly locked down. The only reason I can't see someone choosing CrowdStrike is over a matter of budget. It's not the most expensive, nor is it the cheapest.

CrowdStrike Falcon Endpoint Protection: The Cadillac of Exploit and Ransomware Protection

Software Version

Modules Used

Overall Satisfaction with CrowdStrike Falcon Endpoint Protection