Item: CrowdStrike Falcon
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

We are currently using the CrowdStrike [Falcon Endpoint Protection] on any device that is capable of running the agent in our environment. We needed a better solution than traditional AV. Falcon provides a low resource impact product while not having to rely just on signatures to detect suspicious activity.

Pros and Cons

Does not perform signature based scans that often cause resource issues
Allows for a number of incident response actions such as Real Time Response
User friendly interface which makes it easy to administer

SOAR capabilities such as immediate network containment
Price
Search for events not in the main console is difficult (based on Splunk)

Return on Investment

Minimized resource footprint, we no longer lose processing power due to scheduled scans.
Increased security posture, we no longer have to exclude directories from scanning
High confidence that it will stop any malicious software

Alternatives Considered

McAfee Endpoint Security

Crowdstrike [Falcon Endpoint Protection] blows [McAfee Endpoint Security] out of the water. At least when you compare their traditional AV to CrowdStrike. Operational and Security wise, leaps and bounds.

Products Replaced

Yes - This replaced McAfee Antivirus. McAfee was too much overhead for both computer resources and workforce resources.

Trial Experience

We used a full trial. I downloaded around 50 different pieces of malware including ransomware. It stopped every bit of malware we threw at it. That was enough to sell us, as we didn't feel our traditional AV would have detected it so quickly.

Introduction to CrowdStrike

Product Demo

Key Insights

Do you think CrowdStrike Falcon delivers good value for the price?

Yes

Are you happy with CrowdStrike Falcon's feature set?

Yes

Did CrowdStrike Falcon live up to sales and marketing promises?

Yes

Did implementation of CrowdStrike Falcon go as expected?

Yes

Would you buy CrowdStrike Falcon again?

Yes

Other Software Used

Tenable.sc (formerly SecurityCenter), Tenable.io, KnowBe4 Security Awareness Training

Likelihood to Recommend

I have no complaints regarding CrowdStrike [Falcon Endpoint Protection]. It has stopped everything we've thrown at it. It's an extremely impressive product. Air gapped systems may struggle due to no connectivity to the internet but we don't have to deal with that in our environment.

Crowdstrike, clearly the leader in EDR

Software Version

Modules Used

Overall Satisfaction with CrowdStrike Falcon Endpoint Protection