CrowdStrike Falcon Endpoint Protection
CrowdStrikeExternal reviews
361 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Realtime Response is Powerful
What do you like best about the product?
The realtime response function allows us to quickly and easily vet a given alert and take appropriate escalation action or make the decision to network-contain the host. Containment is quick, safe and easily reversed which allows time for appropriate research if needed.
What do you dislike about the product?
The Splunk backend has certain query size return limitations that make extended investigations painful.
What problems is the product solving and how is that benefiting you?
Managing an enterprise endpoint security program.
Out of the Box functionality to hit the ground running
What do you like best about the product?
As the title implies, CriwdStrike has a lot of out of features that are available out of the box (dependent on subscriptions naturally), but it did not require a lot of heavy configuration and architecture to start running. Which is great if you are part of a small team with multiple competing responsibilities, this is one thing at least you don't have to worry too much over.
CrowdStrike Ideas forum is also great as it allows customers to submit ideas for how to improve the product, and in some cases get quick turnaround from an idea posted to a message board to implementation.
CrowdStrike Ideas forum is also great as it allows customers to submit ideas for how to improve the product, and in some cases get quick turnaround from an idea posted to a message board to implementation.
What do you dislike about the product?
There was a lot of repetitive manual configuration required in some cases, especially in building Prevention Policies and Groups. It would have been nice to be able to make a template policy which could be copied and tweaked for subgroups or dev/test vs prod groups etc, instead of have to start from scratch and build what is essentially the same policy twice (minus a setting or two). This was addressed in the Ideas forum as mentioned in the "What do you like Best" field and hopefully will be added to the platform soon.
Citrix template servers can create multiple copies of themselves in the host list which have to be manually deleted creating a lot of work whenever changes to the template are made and they are rebooted, creating new spawns.
Citrix template servers can create multiple copies of themselves in the host list which have to be manually deleted creating a lot of work whenever changes to the template are made and they are rebooted, creating new spawns.
What problems is the product solving and how is that benefiting you?
Upgrading to NGAV from a hybrid signature based AV solution has cut down on processing load, workstation side.We no longer have to create exceptions for entire application folders in order to ensure the software can run without AV crashing the system anytime it scans, ensuing an overall more secure landscape on user machines.
Recommendations to others considering the product:
CrowdStrike is a great product. It lets you hit the ground running. Especially for a small team the lack of heavy config and ease of use make a huge difference in building out the environment,
Plug and play
What do you like best about the product?
CrowdStrike combines all features in one lightweight sensor with single management console without relying on third-party AVs or products.
What do you dislike about the product?
No DLP capabilities and Content threat removal
What problems is the product solving and how is that benefiting you?
Detection,Breach protection, Threat Hunting
Eye catchy product with ease of managing the endpoint
What do you like best about the product?
Investigation is easy in Crowdstrike and it will give u each detail of endpoint so u will not be missing any of the threat.
What do you dislike about the product?
So far i haven't come across of anything.
What problems is the product solving and how is that benefiting you?
Using it for threat intelligence mainly.
Crowdstrike Analyst friendly tool
What do you like best about the product?
Interface is really great, GUI gives really great details about the event and have Ease of Use for non-security folks as well.
What do you dislike about the product?
Crowdstrike support of splunk for showing historical event.
What problems is the product solving and how is that benefiting you?
Transition from Signature based detection to behaviour based detection. Compare to other other EDR tools, detection was much better.
Recommendations to others considering the product:
Organizations who doesn't employ full time 24/7 security teams, crowdstrike really provides a very competitive solution. Easy to use and maintain.
Great product, bad account rep!
What do you like best about the product?
CrowdStrike product is great. A lot of functionalities. CrowdStrike has the ability to tweak and personalize based on your environment. You need to find the balance between too many false positives vs. losing true detections.
What do you dislike about the product?
Bad experience with an Account rep. We wanted to add additional modules to the product, he was able to get a short 30 mins demo. When asked for another 30 mins schedule to understand it further, he denied it. Was supposed to have quarterly review sessions which stopped after 3 sessions.
What problems is the product solving and how is that benefiting you?
Endpoint Security, Device Control (Block USB), Firewall.
Next-gen Endpoint Protection
What do you like best about the product?
Supports Windows, Linux, Mac endpoints
Actively developed and maintained - constant updates are both pro and con
Gives great deal of intelligence about endpoint behavior
Actively developed and maintained - constant updates are both pro and con
Gives great deal of intelligence about endpoint behavior
What do you dislike about the product?
Large learning curve to leverage
Large time requirement to investigate potential compromises
Large time requirement to investigate potential compromises
What problems is the product solving and how is that benefiting you?
Combined with third party monitoring, it allows a very small team to provide low effort monitoring of our systems
Strong in the major areas, needs some work in the details.
What do you like best about the product?
The level of confidence we now have knowing that our systems are protected against a whole host malicious actions as well have actionable information at fingertips is incalculable. The new features that come out are thoughtful and useful that come out with the release schedule. The release schedule itself is not overly aggressive and so far is very stable. The intelligence module is also very helpful.
What do you dislike about the product?
The 'Spotlight" feature could use some work. Currently we are unable to search multiple hosts at once, and have not found a workaround for it yet. The Spotlight search will gather all of the host information, running process data, logons ect. The clues you would need to run an investigation are found here often. It is extremely time consuming to have to run the same search, one at a time for each host, then correlate that data for comparison. I am unfamiliar with the back end of Crowdstrike so programming the ability to input a comma delineated list to search could be very difficult. Having had some some development work as well as DBA experience, I can understand that it may not be as simple as it sounds.
What problems is the product solving and how is that benefiting you?
We replaced a few endpoint agents with Crowdstrike. Specifically we replaced Carbon Black Protect and MS SCEP. We moved from a traditional AV to an EDAR solution. An internal guideline for our organization is to reduce the number of endpoint agents deployed. The system overhead has been realized by removing the Protect application.
Great EDR Product
What do you like best about the product?
The UI is helpful when performing investigations.
Some other features I like from the UI:
The Hash Search page, the Host Search page, The Detections page.
The product will generally tell you: what happened, what was the source, which hosts are affected, why this detection matters, and to make it even better - all these are mapped to the MITRE ATT&CK Matrix.
This makes things easier to communicate with other analysts to understand the lifecycle or workflow of an attack, and what we can do in the future to prevent it.
Some other features I like from the UI:
The Hash Search page, the Host Search page, The Detections page.
The product will generally tell you: what happened, what was the source, which hosts are affected, why this detection matters, and to make it even better - all these are mapped to the MITRE ATT&CK Matrix.
This makes things easier to communicate with other analysts to understand the lifecycle or workflow of an attack, and what we can do in the future to prevent it.
What do you dislike about the product?
Sometimes it's hard to tell which process spawned another process in the Timeline view.
Our team does not understand the difference between a detection and an incident.
Are incidents assigned automatically? Is an incident just multiple detections from the same host? Some insight into how it chooses to create an incident for a detection vs just a detection would be great.
Our team does not understand the difference between a detection and an incident.
Are incidents assigned automatically? Is an incident just multiple detections from the same host? Some insight into how it chooses to create an incident for a detection vs just a detection would be great.
What problems is the product solving and how is that benefiting you?
The product is great for combining next-gen AV with EDR capabilities.
The problem that we're solving with CrowdStrike Falcon: Endpoint Protection is that sometimes incidents are too noisy with the detections, and often-times analysts have to log in to multiple different dashboards or products to tell a story -- what are we seeing? Which hosts are infected? Where did the malware (for example) come from? Which processes are making network connections?
All these questions and more can be answered with the Crowdstrike console.
The problem that we're solving with CrowdStrike Falcon: Endpoint Protection is that sometimes incidents are too noisy with the detections, and often-times analysts have to log in to multiple different dashboards or products to tell a story -- what are we seeing? Which hosts are infected? Where did the malware (for example) come from? Which processes are making network connections?
All these questions and more can be answered with the Crowdstrike console.
Recommendations to others considering the product:
Check out the MITRE evaluations for EDR vendors, and Gartner Magic Quadrant.
Integral in protecting our environment in a way that removes end-user friction
What do you like best about the product?
The next-gen style endpoint protection is a game-changer and has been integral in providing high-level support with customizable threat intelligence. Not only is the protection leading the industry but the method by which the agent connects to the console and runs on the endpoint has been amazing. You can deploy on a large scale and run the agent in a way that no longer needs end-user interaction. Finally, users are protected and they don't have to think about it anymore.
What do you dislike about the product?
There's not much to dislike here. The attentiveness of, not only of the team assigned to our account but from the Overwatch team, and even the executives. They've all been fantastic.
What problems is the product solving and how is that benefiting you?
Protecting faculty endpoints and lowering the overall risk to endpoints, including servers. The benefits of peace of mind and industry-leading protection are the main benefits.
showing 141 - 150