Everything you never knew you needed in a single package.
May 25, 2021

Everything you never knew you needed in a single package.

Bryan Bowie | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

Falcon Premium

Modules Used

  • Falcon Spotlight
  • Falcon Device Control
  • Falcon Firewall Management
  • Falcon Insight
  • Falcon Overwatch
  • Falcon Discover
  • Falcon Cloud Workload Protection
  • Falcon Services (Incident Response & Proactive Services)

Overall Satisfaction with CrowdStrike Falcon Endpoint Protection

CrowdStrike Falcon is used by the whole of the company. The goal was to centralize onto one platform that added more value, gave no performance degradation like traditional AV scanners, allowed true EDR data capturing capability, as well as allowing for adversarial behavior tracking. Over time CrowdStrike was able to provide host level insight that took multiple agents to perform. This gave us lighter pressure on the endpoint to capture all of the data that was needed as well as allowing cross team collaboration on business use cases and needs.
  • Endpoint Isolation - instead of hoping an adversary was blocked in time. CrowdStrike locks down the endpoint beyond using the Windows Firewall. Allowing a whitelist of IPs brings additional management of that endpoint to another level that most other tools don't have.
  • Rich Data Recording - CrowdStrike is best described as a giant tape recorder in the sky. When it lands on the box, it truly provides insight into the those that other tools could only dream of.
  • Extensive APIs - CrowdStrike understands that they are not your only security vendor, so they have API usage for everything in their platform to automate and integrate to your heart's desire.
  • Cloud Visibility - CrowdStrike's cloud monitoring capabilities are agnostic of cloud platform. No longer does one need to worry about putting all their eggs in one basket because the endpoint tool prefers one platform over another.
  • Vulnerability Management - CrowdStrike is trying really hard in this space but it is really falling short. Often times the data is off or incorrect. Reporting is lack luster, and it wasn't until recently that API usage to pull vulnerabilities was introduced.
  • The Little Things - CrowdStrike is plagued by a number of nice to haves that after a while is irritating at best. Items such as determining primary IP address for the device is selected at "random".
  • Nickel and Diming - It is one thing to have a product and sell that product and all the functions it does and providing a service for said product... its another when you nickel and dime every. new. feature. that. is. release.
  • Centralized resource management means we need less tools to do the same job.
  • EDR data is massive and has to be factored into the overall cost of the product. You are exponentially punished for more devices.
  • CS has allowed larger coverage over devices and has discovered massive pockets of no protections.
I was not part of the selection process; however after speaking with the team that did make the call, the following where the key scenarios or features that ultimately made the decision.
  1. The number one decision from the support team was the client deployment and management of agents. Other agents required multiple installations, reboots, exceptionally large footprints, etc. The less impact for the user, means easier management with less stress.
  2. Scalability to quickly add new hosts into appropriate policies in bulk and not being restricted by static groupings.
  3. There are a number of users that will need access to the CrowdStrike platform, so ensuring that only the appropriate people have access to what they need is a huge win.
  4. Alert data is great; however what brings a SOC or IR team to the next level is analytics for threats. Having the Splunk backend allows an insane number of analytical capabilities.
  5. For ease of mind for sysadmins allowing easy rollback and/or upgrade paths is a massive win. From a CS management perspective ease of administration to the white/black list keeps admins out of the console lining things up and allows them to spend the time where it is needed.
  6. Network containment was absolutely required. Other key players could perform the option but it was haphazard or relied on the Windows Firewall which is insecure. CrowdStrike performs shimming into the TCP/UDP stack allowing "true" containment.
  7. CrowdStrike was leading as a great vendor for overall threat prevention. To this day they have solidified that.
Yes - Not willing to disclose this information; however, the reasons listed are the same as the previous questions.
I was not part of the initial discovery or POC.
CrowdStrike continues to be the leader of where it is today by extending the offerings that is has. While there are a number of downfalls of the product, no one other security vendor can rightfully do what CrowdStrike does. Smaller players in the game are able to "pull a feather" here and there but there is no stopping the behemoth that is CrowdStrike. So long as CrowdStrike continues to deliver on its endpoint protection capabilities and levels up their behavioral detections, they are the best buy all day long. For those looking for a company that is clear about what they are monitoring for and how, rule logic, etc.... CrowdStrike is the exact opposite. They are a complete black box that thinks detect logic is magic and protects it all as if it was intellectual property. For some organizations they will likely not care; however, for others with established security teams, this can prove to be an irritant.

CrowdStrike Falcon Feature Ratings

Anti-Exploit Technology
10
Endpoint Detection and Response (EDR)
10
Centralized Management
8
Infection Remediation
10
Vulnerability Management
5
Malware Detection
9