CrowdStrike Falcon Valuable Features
I like the herd immunity, their Falcon X version. If another organization somewhere else gets hit by a piece of malware that has not been seen before, we will get that protection in however long it takes them to analyze it and push that detection to everybody else. I find that extremely helpful.
The second most useful feature to me is the intelligence modules.
I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good.View full review »
The Prevent, EDR, and OverWatch are some of the biggest features for us. They stand out as being useful because:
- Their high efficacy rate on detecting items.
- The ability to detect malicious activity and take action with a machine that may not be on our network.
- Do remediation or automated actions, especially for things like ransomware, where it would automatically stop from running and quarantine the machine.
The introduction of CrowdStrike Overwatch service has reduced security risk. It mines through data by threat hunting. Overwatch has been able to point out things to us that were potentially risky activities going on that probably wouldn't have been detected by our old solution allowing us to take some actions and reduce some risk from that perspective.
They have been able to offer Spotlight and other modules, which is great. They take the information they have and turn it into solutions.View full review »
We primarily use the Falcon feature. It is very dependable for us. We have done multiple tests against it and thrown everything we could at it. It does seem to pick up quite a bit, if not everything, that we have tested with it. So, we rely heavily on it. Right out-of-the-box, the main Falcon component is the biggest feature that we utilize and rely on.
We are a heavy laptop environment. So, it was nice to know that our users would be protected and we would know what was going on, on the endpoint, regardless of how they were connected. That has been very valuable. This is one of the reasons why we chose to go with this solution.
The fact that this is a cloud-native solution means that we don’t need to worry about updates. They take care of all the back-end and architecture. The only updates that we need to worry about are the sensors themselves. If you set them to auto update, like we do, then you don't even have to worry about that. It definitely frees us up to do more important things. If it wasn't for them doing this, we would need at least a part-time FTE, if not a full-time, to operate and manage CrowdStrike keeping it up-to-date as well as the hygiene. We had half of an FTE assigned to our antivirus prior to CrowdStrike. Now, that is just included in our dailies. It lessens that burden so much that we don't even need a slotted requirement for that. Overall, this solution saves us at least a good 10 hours a week that we would have been using before.
Their threat dashboards are very helpful. For instance, with this zero-day that just came out from Microsoft, they already have a dashboard where you can see the assets in your environment affected or at risk. That is just an added value.View full review »
Every time that I have deployed it, it was more about Falcon Insight and its EDR protection. Then, the team in the company would be so pleased with the results that there was minimal resistance adding additional stack elements. Prior to their announcement of several new modules last Fall, we had acquired the entire stack.
Each element of the stack continues to further develop their capability and empowerment of team members. For example, CrowdStrike Falcon Spotlight was an interesting tool to assess vulnerability management, but the capability of that module alone has just continued to develop in a very favorable direction. Also, the discover tool is extremely valuable.
Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that.
As a cloud-native solution, it provides us with flexibility and always-on protection, which is critically important.View full review »
It is especially important to us that CrowdStrike Falcon is a cloud-native solution. We have a directive for cloud-first architecture at this point. Anything that is cloud-native, or has a cloud offering, will always get first billing over something that is on-prem. We are a small security team. Having the ability to have a service or application that is not wholly managed by us, but rather governed and used by us, is the ideal solution.
The flexibility comes from allowing us to do a mass push, if we need to. We would find always-on protection with pretty much any solution. However, the fact that it is in the cloud, that just makes it that much better.View full review »
They're very good at what they do. As far as the product is, in its current state, I don't have any complaints at all right now. They do a quarterly review with us, just so they can let us know how many viruses or how much malware they've stopped, etc. Those features are quite good. They also go through the portal step-by-step to describe whatever they improved or tightened up. They will explain everything clearly and in a way that a customer can understand.
They do also ask for feedback, which is nice. They'll ask things like "The last time we changed this, how was your experience?" or "Did you get a lot of false positives?" or "Did you get any complaints?" etc. That's pretty good. Not many companies do that.
The UI is simple and self-explanatory. Everything is easy to understand.
So far, in the past three years, they've been absolutely great. They've been more proactive than the solution we had previously was. They even introduced new products in their line and they came back and told us that they could add that product to our current solution. At first, we added them, then we decided we had sufficient resources in house to manage it ourselves and removed it. They were great about the change.
They've caught quite a lot of viruses and malware that have been sent through improper links, which is very reassuring.
They report any network isolation that has been done on certain endpoints if they detect a malicious file or malware on the device that couldn't be cleaned by automation. They isolate it or us. The end-user can contact the service desk and say, "Hey, I'm not able to surf the internet. I can't do anything, so can you help me?" or we're able to look at the endpoint and see "oh, your PC is infected, that's why you aren't allowed on." It's protecting us well.
Even though the users are somewhere else, even when they're not at headquarters, we are able to remediate everything before we put them on the network again. Those network isolations are great when we detect high threat malicious items. Those are valuable tools that we appreciate.View full review »
Chief Security Officer at a financial services firm with 201-500 employees
The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate. Essentially, they're an extension of my team and I like that. We're a small company and we only have a base of approximately 260 employees. As such, we cannot afford to hire skilled security people. So this makes sense for a smaller company like us.
There is a helpful feature to look into the vulnerability of the endpoint, which allows us to see which PCs have been patched and which ones have not. That helps my team to focus on those PCs that require their attention.View full review »
The NGAV portion is the most valuable feature. The primary reason that we went with the product was their reputation. In practice, it has been a definite step up from where we were previously.
We are using Falcon Investigate, which is their EDR tool. The EDR has made it infinitely easier to investigate into more detail on end user workstations and servers. Any sort of detection where I can go back into the EDR tool and dig down deeper into the endpoint is great. This was a function that we did not have previously.View full review »
Dy General Manager at a real estate/law firm with 501-1,000 employees
The overall user experience is good. As of today, there have been no incidents that we've had to deal with and we've been using it for years.
The solution has a very good graphical interface. It makes it easy to use. The central monitoring is excellent.
There's almost no maintenance required. It's very low if there's any at all.
The solution is an AI and ML-enabled tool for protecting our endpoints. We're still able to use Symantec as an endpoint as well.
The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed.
It is important to us that this cloud-native solution provides us with flexibility and always-on protection because we have a 100% distributed workforce, in place even before COVID. To manage 600 remotely-deployed laptops requires a cloud-managed solution.View full review »
Director of IT at a tech services company with 51-200 employees
The most valuable feature is threat remediation. We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur.
CrowdStrike takes care of all of the updates, so we don't even think about it or see it. This is great because we definitely spent a lot of time doing that kind of thing with our previous solution. Now that we haven't had to do it in four months, it's not even something we consider anymore.
We use both the endpoint and cloud workload protection and the detection and prevention it provides are excellent. It's tuned well to the fact that there can be a lot of false positives, so there's not a lot of potential issues that we're getting alerted about that aren't real. This means that when we do get alerts, we know that they're real and they're already being remediated for us.View full review »
Sr. IT Support Executive at a hospitality company with 1,001-5,000 employees
Their endpoint is pretty flawless. There is no lag on the machines at all. Even though I have a good overview of all the machines, that's pretty much the most valuable feature of CrowdStrike Falcon.
The machines are flawless. They don't have any issues. There I don't even recognize the machines which are on endpoints. Even when I go to the console to check these machines, they are working on a very good level, even though the wireless migration should detect those aspects.
The AI features are pretty good.
They've recently introduced more webinars that make remote learning of the solution very easy. For people such as myself, or even a company looking to develop their skillsets and interested in better understanding the cloud, providing good web courses is really helpful.View full review »
The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system. What does it usually do, and is it doing anything differently?
The UI is great, and the performance was great. The way it gathers and presents the information was very good and it integrates well with things with a central log aggregator, such as Splunk. You can do more big data analytics that includes security. It seems to be fully featured in all of those areas.View full review »
Service at Four-U Office Inc
The solution hasn't picked up a virus yet, so I don't know if I'm able to really discuss the most valuable aspect of the solution just yet. It's very new.
It's not costly, and it's not constantly running, it's only looking for suspicious items when it starts to take action. There's nothing constantly scanning your device, so it's not slowing anything down in that respect. That's what I liked about it the most.
It's not your traditional antivirus that just sits there constantly scanning your computer for Trojans and malware, etc. This doesn't take any action until it sees something actually going on.
The initial setup is very simple.View full review »
Senior Cyber Security Analyst with 1,001-5,000 employees
The most valuable feature is the indicator of compromise, which shows you what file was either quarantined or removed. It shows you the malicious files in question, as well as the exact time, the machine, the endpoint, and the host IP address. Everything you need to know is right there in a single dashboard.View full review »
Director - IT Security Operations at a manufacturing company with 10,001+ employees
CrowdStrike endpoint detection and response (EDR) is excellent. It blocks the bad stuff without user interaction, allowing us to stay in business. For example, one of our service providers has been down for five days now with ransomware. Also, four of our partners have been down over the past two months with cyberattacks, and we can't do business with our partners.
Director Of Information Technology at a financial services firm with 11-50 employees
Falcon Protect looks at processes and issues in real-time.View full review »
The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint.View full review »
Director Of Information Technology at a financial services firm with 11-50 employees
I like that it's cloud-based instead of on-premise.View full review »
Chief Information Security Officer at a hospitality company with 5,001-10,000 employees
The most valuable feature is that we don't need to re-image machines as much as we had to.View full review »
President and CEO at a tech services company with 51-200 employees
The detection and response have been excellent overall. We've had no ransomware attacks.
We found the initial setup to be straightforward.
The solution is stable.
Scalability hasn't been an issue for us.View full review »
The threat intelligence on offer is the solution's most valuable aspect.
The solution is very stable.
The solution can scale easily.
The pricing is very competitive.View full review »
We rely on our environmental security and we haven't had any infections so that's valuable for us. It means we haven't lost any time due to the system being down from ransomware or anything like that, so it's quite positive.
Sr Network Administrator at a construction company with 501-1,000 employees
It seems to do a pretty good job of protecting the host. Gives good insights when it has a detection. It's pretty incredible.View full review »
Technical Architect at a consultancy with 10,001+ employees
At this point what is most valuable is the interface, which is easy to navigate.View full review »
Head Of Infrastructure at a insurance company with 201-500 employees
The detection is very reliable. Also, OverWatch is a great feature.View full review »
I like the detection rates of mobile threats.
The policies allow us to define the level of protection.
The dashboards are good, as well as user management.View full review »
Consultant at a computer software company with 51-200 employees
I like the Overwatch feature the most.
Its performance is brilliant. It is a good, lightweight agent. I've seen it do really good things on the endpoints, and there is no problem with its performance.View full review »
Head of IT Department at a pharma/biotech company with 10,001+ employees
The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment.
I am very happy with CrowdStrike Falcon because it does not use a lot of resources in the endpoint, it's a lightweight solution. It provides good protection and it is very effective. Additionally, it is easy to integrate, has great features, good capabilities, and the users have a positive experience.View full review »
Especialista em SeguranÃ§a da InformaÃ§Ã£o - DFIR at a financial services firm with 501-1,000 employees
The most valuable feature of CrowdStrike Falcon is its accuracy. That's very important for me. False-positive are very bad for everyone. As we are a financial institution, it's even worse. I like Falcon because it's very accurate.
The integration is very good. We have had no problem integrating the on-premise version with the cloud. We have an environment on-premise and an environment in the cloud. The integration with CrowdStrike is really very easy.View full review »
Information Security Officer at a financial services firm with 51-200 employees
CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM.View full review »
Analista de segurança de TI at a tech services company with 1-10 employees
I have found the connection to search the hosts for detections very useful in CrowdStrike Falcon.View full review »
Security Analyst at a computer software company with 10,001+ employees
Cyberattack detection is very good. We use it for detecting different vulnerabilities, such as ransomware, virus, and malware. It is a good product today when compared to Symantec that we used previously.View full review »