External reviews
External reviews are not included in the AWS star rating for the product.
Eye catchy product with ease of managing the endpoint
What do you like best about the product?
Investigation is easy in Crowdstrike and it will give u each detail of endpoint so u will not be missing any of the threat.
What do you dislike about the product?
So far i haven't come across of anything.
What problems is the product solving and how is that benefiting you?
Using it for threat intelligence mainly.
- Leave a Comment |
- Mark review as helpful
Crowdstrike Analyst friendly tool
What do you like best about the product?
Interface is really great, GUI gives really great details about the event and have Ease of Use for non-security folks as well.
What do you dislike about the product?
Crowdstrike support of splunk for showing historical event.
What problems is the product solving and how is that benefiting you?
Transition from Signature based detection to behaviour based detection. Compare to other other EDR tools, detection was much better.
Recommendations to others considering the product:
Organizations who doesn't employ full time 24/7 security teams, crowdstrike really provides a very competitive solution. Easy to use and maintain.
Does the job, doesn't kill your endpoint.
What do you like best about the product?
Crowdstrike is lightweight in performance impact, but a heavyweight in protection. The amount of detail that it can pull off of the endpoint, determine actions that are being taken, and the ability to completely isolate the endpoint is unmatched. Once the product is installed, which is super easy, it auto-updates and becomes maintenance-free. On top of that, you can add functionality and not have to install another agent - local Firewall management, device lockdown, vulnerability detection\review (Spotlight). The icing on the cake is using the Falcon Complete service - they do all of the work for you.
What do you dislike about the product?
I wish the Mac features stayed up to date with the Windows and now LInux features. We have 20% of our end users with Macs. While the main Crowdstrike Falcon product works well, we do not get support for Firewall, Device Lockdown, or Spotlight.
What problems is the product solving and how is that benefiting you?
Previously, we had another endpoint protection tool. It did a great job, but working for an engineering company - almost all users would complain about the performance impact to their endpoint. Everyone knew it was there. During our POC testing, we pushed this out to several engineer endpoints and after a week they called to ask us when we were going to push it to them. They did not even notice that it was there and we were already throwing test files at it.
Recommendations to others considering the product:
The easiest answer is "test it". Work on a POC, get it running on a few devices and then throw test files at it. Compare it with your current or other contenders. Review what the user experience is, what the admin or operations team experience is. You will not be disappointed. Very simple to stand up a POC.
Great product, bad account rep!
What do you like best about the product?
CrowdStrike product is great. A lot of functionalities. CrowdStrike has the ability to tweak and personalize based on your environment. You need to find the balance between too many false positives vs. losing true detections.
What do you dislike about the product?
Bad experience with an Account rep. We wanted to add additional modules to the product, he was able to get a short 30 mins demo. When asked for another 30 mins schedule to understand it further, he denied it. Was supposed to have quarterly review sessions which stopped after 3 sessions.
What problems is the product solving and how is that benefiting you?
Endpoint Security, Device Control (Block USB), Firewall.
Next-gen Endpoint Protection
What do you like best about the product?
Supports Windows, Linux, Mac endpoints
Actively developed and maintained - constant updates are both pro and con
Gives great deal of intelligence about endpoint behavior
Actively developed and maintained - constant updates are both pro and con
Gives great deal of intelligence about endpoint behavior
What do you dislike about the product?
Large learning curve to leverage
Large time requirement to investigate potential compromises
Large time requirement to investigate potential compromises
What problems is the product solving and how is that benefiting you?
Combined with third party monitoring, it allows a very small team to provide low effort monitoring of our systems
Strong in the major areas, needs some work in the details.
What do you like best about the product?
The level of confidence we now have knowing that our systems are protected against a whole host malicious actions as well have actionable information at fingertips is incalculable. The new features that come out are thoughtful and useful that come out with the release schedule. The release schedule itself is not overly aggressive and so far is very stable. The intelligence module is also very helpful.
What do you dislike about the product?
The 'Spotlight" feature could use some work. Currently we are unable to search multiple hosts at once, and have not found a workaround for it yet. The Spotlight search will gather all of the host information, running process data, logons ect. The clues you would need to run an investigation are found here often. It is extremely time consuming to have to run the same search, one at a time for each host, then correlate that data for comparison. I am unfamiliar with the back end of Crowdstrike so programming the ability to input a comma delineated list to search could be very difficult. Having had some some development work as well as DBA experience, I can understand that it may not be as simple as it sounds.
What problems is the product solving and how is that benefiting you?
We replaced a few endpoint agents with Crowdstrike. Specifically we replaced Carbon Black Protect and MS SCEP. We moved from a traditional AV to an EDAR solution. An internal guideline for our organization is to reduce the number of endpoint agents deployed. The system overhead has been realized by removing the Protect application.
Falcon delivers where others have missed
What do you like best about the product?
Alerts generated in as close to real time as possible
Powerful tools that pick up on what traditional hash based protection misses
Ability to quarantine a device
Real Time Response allows you to connect to the device via command line tools
Powerful tools that pick up on what traditional hash based protection misses
Ability to quarantine a device
Real Time Response allows you to connect to the device via command line tools
What do you dislike about the product?
Currently, the biggest feature that I feel is missing in not having the ability to complete an On Demand scan
What problems is the product solving and how is that benefiting you?
This tool has saved our company from multiple Ransomware attacks.
Recommendations to others considering the product:
Crowdstrike has saved our company from numerous attacks where other traditional AV protection has failed. It is a powerful tool that delivers on what they claim that they do.
Great EDR Product
What do you like best about the product?
The UI is helpful when performing investigations.
Some other features I like from the UI:
The Hash Search page, the Host Search page, The Detections page.
The product will generally tell you: what happened, what was the source, which hosts are affected, why this detection matters, and to make it even better - all these are mapped to the MITRE ATT&CK Matrix.
This makes things easier to communicate with other analysts to understand the lifecycle or workflow of an attack, and what we can do in the future to prevent it.
Some other features I like from the UI:
The Hash Search page, the Host Search page, The Detections page.
The product will generally tell you: what happened, what was the source, which hosts are affected, why this detection matters, and to make it even better - all these are mapped to the MITRE ATT&CK Matrix.
This makes things easier to communicate with other analysts to understand the lifecycle or workflow of an attack, and what we can do in the future to prevent it.
What do you dislike about the product?
Sometimes it's hard to tell which process spawned another process in the Timeline view.
Our team does not understand the difference between a detection and an incident.
Are incidents assigned automatically? Is an incident just multiple detections from the same host? Some insight into how it chooses to create an incident for a detection vs just a detection would be great.
Our team does not understand the difference between a detection and an incident.
Are incidents assigned automatically? Is an incident just multiple detections from the same host? Some insight into how it chooses to create an incident for a detection vs just a detection would be great.
What problems is the product solving and how is that benefiting you?
The product is great for combining next-gen AV with EDR capabilities.
The problem that we're solving with CrowdStrike Falcon: Endpoint Protection is that sometimes incidents are too noisy with the detections, and often-times analysts have to log in to multiple different dashboards or products to tell a story -- what are we seeing? Which hosts are infected? Where did the malware (for example) come from? Which processes are making network connections?
All these questions and more can be answered with the Crowdstrike console.
The problem that we're solving with CrowdStrike Falcon: Endpoint Protection is that sometimes incidents are too noisy with the detections, and often-times analysts have to log in to multiple different dashboards or products to tell a story -- what are we seeing? Which hosts are infected? Where did the malware (for example) come from? Which processes are making network connections?
All these questions and more can be answered with the Crowdstrike console.
Recommendations to others considering the product:
Check out the MITRE evaluations for EDR vendors, and Gartner Magic Quadrant.
Fantastic EDR and MSSP
What do you like best about the product?
Constant availability of detection and remediation. Thorough monitoring and behavioral analysis
What do you dislike about the product?
Price can be intimidating for smaller organizations.
What problems is the product solving and how is that benefiting you?
We were able to free up a significant amount of our IT group's time dealing with endpoint detection and remediation, and also gain secondary benefits like enhanced network visibility and vulnerability assessments.
Peace of mind knowing I have a trusted Endpoint solution to protect the office PCs
What do you like best about the product?
Off the bat I was pleasantly surprised at CrowdStrike's support, they have been fast and efficient to get back with any issues I've had. Very easy to manage as a small IT team
What do you dislike about the product?
The dash board use to be clunky and cluttered but has since been cleaned up. Made a lot of it very user friendly.
What problems is the product solving and how is that benefiting you?
Out biggest problem was having such a small IT team that we could not always monitor every PC efficiently. CrowdStrike has made it very possible recently by allows us to setup notifications for any activity.
Recommendations to others considering the product:
Highly recommended for any company but particularly a company that doesn't have someone dedicated to cyber security.
showing 211 - 220