CrowdStrike Falcon Overview

What is CrowdStrike Falcon?

CrowdStrike is the leader in cloud-delivered next-generation endpoint protection. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent. 

Many of the world’s largest organizations already put their trust in CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies.

Request a free trial here: https://go.crowdstrike.com/try-falcon-prevent

CrowdStrike Falcon is also known as CrowdStrike.

CrowdStrike Falcon Buyer's Guide

Download the CrowdStrike Falcon Buyer's Guide including reviews and more. Updated: July 2021

CrowdStrike Falcon Video

Pricing Advice

What users are saying about CrowdStrike Falcon pricing:
  • "The pricing and licensing are reasonable. I don't think we are getting charged more than what it is worth. It is fair, but I do not like how it is a la carte. I realize they do that so other organizations can buy and get the agent, getting it cheaper than you could otherwise. However, if you want the main core package, which has all the main features with the exception of maybe the multi-cloud protections, that can get pricier for an organization. So, you have to pick and choose what you want. I do not care for a la carte pricing."
  • "Years ago, when we bought CrowdStrike, you got everything it had. I was a little concerned when they broke this out into a la carte modules where you can buy EDR, Spotlight, etc., picking and choosing off the menu. I was a little worried that the solution would get watered down. However, I realized in my previous organization when we had the full suite that there were a bunch of features in it that we didn't have time to operationalize. So, I warmed up to it. I get the whole, "Look, you can pick and choose. Okay, everybody buys a steak, but do you want mashed potatoes, or do you want lobster mac and cheese?" So, you can pick the sides that you want, so you can buy the solution that you want and operationalize versus paying a lot of money and getting a bunch of things, but not using 60 percent of the tools in the box."
  • "The pricing and licensing are fairly good. It is definitely not a cheap product, but I have felt that it is worth the money that we spent. So, we have discussed it in the past, and were like, "Yes, it is probably pricier than some other solutions, but we also feel they really are the leader. We are very comfortable with their level of expertise. So, it's kind of worth the price that we pay.""
  • "It is an expensive product, but I think it is well worth the investment."
  • "Pricing and licensing seem to be in line with what they offer. We are a smaller organization, so pricing is important. Obviously, we would make a business case if it is something we really needed or felt that we needed. So, the pricing is in line with what we are getting from a product standpoint."
  • "Different components are additional price points. We got the components that were right for us, but other organizations may require more (or less) components to suit their needs."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Jeffrey-Anderson
Security Analyst II at a healthcare company with 10,001+ employees
Real User
Top 20
Speeds up the data collection for our phishing playbooks dramatically

What is our primary use case?

It is currently our antivirus and EDR platform that we use to export incidents to our SIEM and automation platform, SOAR. We use Demisto for our SOAR. The solution is fully deployed in our organization. We are primarily Windows. There are four major hospital sites with a couple thousand endpoints each. We probably have 600 remote workers due to COVID-19. I would probably say there are 7,000 VDIs inside of Citrix. Then, the rest are probably small clinical sites with no more than 50 to 80 people at each one. They make up the bulk of the rest, and probably 99 percent of that is Windows or… more »

Pros and Cons

  • "I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good."
  • "I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup."

What other advice do I have?

It being SaaS was of no importance to me. If I wanted the solution, then had to build an on-site server for it or not, that makes no difference to me. I know for some people who have overhead, that is where it matters. Personally, it does not at our organization. I was more interested in getting the best of breed. CrowdStrike Store is pretty interesting and always intrigues me. It typically will take you to another vendor's website for another piece of software that you would have to buy and install. So, it is one of those things like, "Oh, that is nice to know that you integrate with these…
Erik Hart
Chief Information Security Officer at a real estate/law firm with 10,001+ employees
Real User
Top 20
Gives visibility to off-network machines, improving our operational functionality

What is our primary use case?

Our main use case was looking for an endpoint solution that was able to follow our users anywhere. We have over 52,000 employees, and a majority of our people work in various places. Many employees are not in an office every day: They are at a client's sites, some work at home, some are traveling, etc. We really needed something that would give us visibility no matter where and when an employee was working.

Pros and Cons

  • "As long as the machine is connected to the Internet, and CrowdStrike is running, then it will be on and we will have visibility; no VPNing in or making some type of network connection. CrowdStrike always there and running in the background; for us, that is big. We wanted something that could give us data as long as the machines connected to the Internet and be almost invisible to the employees."
  • "I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization."

What other advice do I have?

CrowdStrike is currently across all our technology stack, servers, and workstations. When we did our proof-of-concept testing, our administrators liked that installing it was easy and did not need to reboot the system (and causing an outage). Our administrators also loved that once they did this, they didn’t have to deal with doing client upgrades once or twice a year, where you have to take servers down and reboot them. You install this once, and now you won't have to worry about this ever again. I sold this to administrators as, "You want me to make your life easier? Here is the one thing…
Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,742 professionals have used our research since 2012.
Jim McCartney
Information Security Analyst at a insurance company with 1,001-5,000 employees
Real User
Top 10
Frees us up to do more important things

What is our primary use case?

We use it for our endpoint detection and response on our devices for both endpoints and servers. It has replaced our traditional antivirus. We are strictly using it now to do all our antivirus duties. We are primarily a Windows environment, 95 percent Windows. Then, we have a little bit of Linux and Macs in there as well.

Pros and Cons

  • "The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
  • "It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful."

What other advice do I have?

Do it. It is a great product. I seriously think it is worth considering. We have been completely happy with the solution that we have been running on for years now and have never regretted our decision. I highly recommend it. We plan on possibly looking into the added features that they offer to see if there is something there that can increase our incident response or add value to our business. It is our primary EDR, so we are using it 100 percent for that and plan on using it for other avenues. We found Discover can help us with the inventory for applications. So, I am looking for other…
Michael Getz
Enterprise Cybersecurity Architect at Swagelok Company
Real User
Top 20
With the real-time response piece, I can connect to an endpoint as long as it's on the Internet

What is our primary use case?

The product is inherently cloud-based.

Pros and Cons

  • "Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that."
  • "A year and a half ago or more, if you put in a support request by email, then it wasn't timely addressed. It could be a day to three days before you received a response, which was a bit frustrating. There was a lot of customer feedback around this issue, which has been greatly refined."

What other advice do I have?

Take advantage of the opportunity by CrowdStrike to network with other customers in a similar company size and industry to see how well the product could benefit you as a potential customer before committing. We have a very minimalistic cloud infrastructure footprint or container footprint at this point in time. That is likely to take off in full swing in the next year or so. We have many legacy applications running on legacy operating systems, which I am working very aggressively to get out of our environment. When that starts to take flight, we will definitely have more of a need for a cloud…
NormanCyman
IT Security Analyst at U.S. Venture, Inc.
Real User
Top 20
Allows us to be more involved with how the business is being run from a security, risk, and compliance standpoint

What is our primary use case?

The initial use case was for CrowdStrike to be a replacement for McAfee. We wanted to come up with something that was a lot more adaptive to emerging world threats and not just strictly signature-based. We wanted something focused a lot more on heuristic analysis and pattern analysis first, e.g., isn't just sheer signature. Additional use cases are workstation servers and as much as we can do in our OT environment.

Pros and Cons

  • "From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool."
  • "I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool."

What other advice do I have?

Make sure you know what the policies do. There are a lot of good and bad things that you can do with too strict or too loose of a policy governing workstations or servers. We have evaluated the CrowdStrike Horizon module. We are not there yet. Our environment has not changed drastically since our last review of it. So, we have not felt the need to revisit it since then. It is important to not solely rely on one product, especially one that has a good or bad name, such as McAfee. Because there was a lot of, "Oh no, we got an antivirus. We're fine." It helps to make sure you always have an…
Mark Krishnan
Associate Director - Infrastructure Engineering at AFT
Real User
Top 20
Great protection, excellent customer service, and an easy to understand UI

What is our primary use case?

We primarily use the solution as advanced threat protection. It is used to protect all endpoints, servers, etc.

Pros and Cons

  • "The UI is simple and self-explanatory. Everything is easy to understand."
  • "Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about"

What other advice do I have?

We're just customers. We don't have a business relationship with the company. I'm not sure which version of the solution we're using. The last time I checked, it was version 5.6. It is up-to-date, however. I get a report every so often saying, we've updated the sensors, or current version, etc. It's an auto-update and it does that. Whenever it's missing something or it couldn't reach an endpoint, the company will send me a report of that, saying these endpoints are not updated because we couldn't detect it on the network any longer. The only advice I would say to others considering the…
AT
Chief Security Officer at a financial services firm with 201-500 employees
Real User
Top 20
Protects employees wherever they are and offers visibility into what machines need patching, but the deployment process needs improvement

What is our primary use case?

We have several use cases including threat management, EDR, AV, and a SOC with 24x7 monitoring.

Pros and Cons

  • "The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate."
  • "If we have a dashboard capability to uninstall agents, I think that would be great."

What other advice do I have?

My advice for anybody who is considering CrowdStrike is definitely to start with a PoC, and then definitely to subscribe to OverWatch. I think that OverWatch is the main benefit to it. The biggest lesson that I have learned from CrowdStrike is about the different threats that are out there. They have a nice dashboard with information about threats, and you can read it and learn from it. I would rate this solution a seven out of ten.
Adam Shusterman
Cyber Security Engineer at a legal firm with 501-1,000 employees
Real User
Top 20
The cloud-based management console is easy to maintain and takes a load off our hands

What is our primary use case?

We are using it primarily for NGAV, but we also use their EDR product and Falcon OverWatch. Most of our internal stuff is still on-prem. We do use SaaS for vendor products, but our internal environment is still mostly on-prem.

Pros and Cons

  • "It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."
  • "There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it."

What other advice do I have?

Take the time you need in the beginning to fully build out all the groups and prevention policies that you will need. It may take a bit longer during the initial setup, but it is worth it in the long run because it makes maintenance down the line much easier than having to build new groups or prevention policies as they come up. Definitely take the time needed in the beginning. Then, later down the road all you have to do is check some boxes, as opposed to building out brand new groups and prevention policies, which can take awhile. In the beginning, there will be a bunch of false positives as…
See 18 more CrowdStrike Falcon Reviews