One-stop solution for malware protection
Updated November 03, 2023
One-stop solution for malware protection
Score 9 out of 10
Vetted Review
Verified User
Software Version
Falcon Enterprise
Modules Used
- Falcon Complete
- Falcon Discover
- Falcon Intelligence
- Falcon Sandbox
Overall Satisfaction with CrowdStrike Falcon
CrowdStrike Falcon is used as an EDR agent and we also leverage Falcon Complete services for additional security operations assistance. Additionally, EDR logs are combined with SIEM logs to gather better insights about a security event which may or may not qualify for additional deep dive research. CrowdStrike Falcon is customizable and has a robust threat intelligence inbuilt.
Pros
- Endpoint Detection and Response
- Great communication to the security operations teams for triaging a security event
- Customizable policies which can be globally applied
- Ease of integration with SIEM
- Ability to query endpoint logs within the Falcon portal itself
Cons
- Sandbox can get better in my opinion.
- Detection of source of infection in case of lateral movements recommended
- Browser based logs/ DNS queries for getting to the root of the issue
- Prevents malware infection for known malware signatures
- AI based engine which can detect and prevent potential infections
- Affordable in comparison with the compensation a firm might owe to the customers in case of a breach
McAfee & Symantec anti-virus systems
Ease of management and better implementation of Falcon software. In addition, CrowdStrike Falcon is well integrated with other tools like SentinelOne Attivo, Splunk, Zscaler, etc which helps in better detection across multiple log sources.
EDR abilities and CrowdStrike Falcon complete have helped rememdiate a lot of security incidents from happening even before it would happen. Additional macro-based email attachments which can potentially cause issues have been timely identified and remediated to avoid any mishaps.
- Integration with SIEM
- Integration with SOAR tool
- Integration with internet proxy solution enhancing network security
- Reporting and metrics generation
- McAfee Total Protection, Symantec Advanced Threat Protection and Microsoft 365 Defender
CrowdStrike Falcon provides a single solution to complex problems along with the ability to contain a machine and remotely execute programs using admin dashboard and administrator capabilities
Do you think CrowdStrike Falcon delivers good value for the price?
Yes
Are you happy with CrowdStrike Falcon's feature set?
Yes
Did CrowdStrike Falcon live up to sales and marketing promises?
Yes
Did implementation of CrowdStrike Falcon go as expected?
Yes
Would you buy CrowdStrike Falcon again?
Yes
CrowdStrike Falcon Feature Ratings
Using CrowdStrike Falcon
100 - The people within my organization using Crowdstrike Falcons are security engineers or security analysts which use this security product for detecting any security related alarms and triaging the same. Crowdstrike portal is also used by the members of compliance team which use this tool to determine the overall compliance percentage with the security policy across the organization
75 - The people should have knowledge of security policy that needs to be applied across the organization. They also need to know the fundamentals of security which includes knowing what an endpoint detection and response (EDR) tool does and the ability to triage any alert and accurately identify the false positives. The admininstrators should be able to dive deep and add any hash/DNS entry to blocked list if needed.
- Malware detection and analysis
- Triaging of any alert
- Ability to measure the compliance within the organization
- Analysis of a file within a sandboxed environment
- Vulnerability Management
- Controlling DNS policies
- Identity protection for the end users
Comments
Please log in to join the conversation