Centralized threat visibility has improved detection speed and strengthened endpoint protection
What is our primary use case?
Our company has been using CrowdStrike Falcon for about 2 years. During that time, it has been a great help in detecting and responding to various security threats. We mainly use it for endpoint security management.
CrowdStrike Falcon is used in various ways in our company. It has been especially effective in detecting and blocking unknown malware or ransomware attacks in real time. For example, recently CrowdStrike Falcon immediately detected a phishing link that came in via an employee's email and prevented it from spreading across the entire network. It also plays a big role in monitoring the security status of remote workers' devices and consistently applying security policies.
We have had real experiences with threat detection. At one point, CrowdStrike Falcon's behavioral analysis detected activity in our system that was different from normal patterns and flagged it as suspicious. Investigation revealed that it was part of a new type of APT attack, and fortunately, we were able to block it in the early stage. In that process, I felt that CrowdStrike Falcon's behavior-based detection technology played the biggest role. It would have been difficult to detect using traditional signature-based methods.
What is most valuable?
After that incident, we strengthened our internal response process for phishing attacks. We started to immediately analyze threat information detected by CrowdStrike Falcon and set up additional automated rules to proactively block similar types of attacks. Compared to before we adopted CrowdStrike Falcon, the biggest improvement has been in visibility into security threats and response speed. In the past, we had to manually analyze logs from multiple security solutions, but now we can see all threat information at a glance and respond quickly from a single CrowdStrike Falcon console.
Thanks to CrowdStrike Falcon's cloud-based architecture, deployment and management were very lightweight. With our previous solutions, the agents were heavy and sometimes affected system performance. But we had no such issues with CrowdStrike Falcon. In terms of cost, although there was some initial investment, by consolidating multiple security tools into one and increasing operational efficiency, I feel it is definitely worth the investment in the long term.
CrowdStrike Falcon's greatest strength is its real-time threat detection and response capabilities. In particular, its detection method based on indicators of attack is very effective at blocking even unknown threats. Another big advantage is that because it uses a lightweight agent and a cloud-native approach, it provides strong security without performance degradation.
The integrated threat intelligence feature in CrowdStrike Falcon provides detailed background information on detected threats, the attacker's tactics, and correlations with other attacks, which greatly helps our analysis team quickly understand the severity of threats and respond appropriately. The user interface is intuitive, so new team members took very little time to adapt to CrowdStrike Falcon.
What needs improvement?
CrowdStrike Falcon is a very powerful tool, but at times the high initial adoption cost can be burdensome. To get the maximum benefit, as in our case where we integrate it with other security systems, a certain level of expertise is required, which is somewhat disappointing. Sometimes updates can cause unexpected issues in the system, so rigorous pre-testing is essential, and that is another point of concern.
In the future, I would like to see even smoother integration with other security tools. If more flexible pricing models or SMB-focused packages were introduced so that small and medium-sized businesses can adopt it without too much burden, I think many more organizations could benefit.
For how long have I used the solution?
I have been working in this field for about 5 years. I started as a security engineer and now I mainly handle analysis work.
What do I think about the stability of the solution?
CrowdStrike Falcon's stability is rated very highly. During the period we have used it at our company, we have not experienced any system downtime or unexpected errors caused by security-related stability issues. However, as I mentioned earlier regarding updates, we are always mindful that content configuration updates can potentially cause problems. I believe thorough pre-testing and phased rollout are essential.
What do I think about the scalability of the solution?
We also have experience with scalability. As our company grew and the number of endpoints increased, CrowdStrike Falcon scaled without any issues. Because it is cloud-based, we were able to integrate many devices in real time without installing additional hardware, and we did not notice any performance degradation. We gained confidence that we could maintain stable security even as the organization grew.
How are customer service and support?
I have experience with CrowdStrike's customer support. When we introduced CrowdStrike Falcon, we needed technical support due to integration issues with our existing systems, and the support team responded very quickly and professionally. They understood our special network configuration and provided tailored solutions, which allowed us to resolve the issue quickly. Overall, satisfaction with customer support is quite high.
I would give the customer support service an 8. The professional help was very useful, but occasionally the wait time was longer than expected.
Which solution did I use previously and why did I switch?
We used a few other solutions before adopting CrowdStrike Falcon. We evaluated traditional antivirus programs and other EDR products. The decisive reason we switched to CrowdStrike Falcon was the real-time threat detection capability and overwhelming analysis speed. In particular, CrowdStrike Falcon's behavior-based detection technology was far superior to other products, and the lightweight agent allowed us to strengthen security without worrying about system performance degradation, which was important.
How was the initial setup?
I would like to mention CrowdStrike Falcon's API extensibility. We have integrated CrowdStrike Falcon with our existing Security Information and Event Management system, that is, SIEM, so we can centrally manage and analyze security alerts. This has greatly improved the efficiency of our security operations.
The automation feature that helped the most when integrating with SIEM was the process where a critical alert in CrowdStrike Falcon automatically creates a ticket in the SIEM and sends a notification to the person in charge. This greatly reduced response delays. The difficult part of the integration process was aligning the log formats of the different systems, but thanks to the documentation and support provided by CrowdStrike, we were able to resolve it relatively smoothly.
What was our ROI?
CrowdStrike Falcon has had several positive impacts on our company. First of all, it has greatly reduced the time required to analyze and respond to security threats, allowing team members to focus on more important and strategic security tasks. By preventing actual security breaches, we were able to avoid potential business losses and raise our security level to a higher tier.
Based on our internal analysis, our average threat response time has been reduced by about 30 percent compared to before. The false positive rate, that is, the number of false alarms, has dropped significantly, while the number of valid alerts that the security team actually has to handle has decreased by more than 50 percent. This prevented unnecessary resource waste and allowed us to respond more efficiently to security threats.
We also saw effects in workforce optimization. As the false positive rate decreased and analysis efficiency increased, the security team was able to safely manage more endpoints than before with fewer people. Thanks to that, we could reassign the freed-up staff to other important tasks such as threat hunting and strengthening security policies.
What's my experience with pricing, setup cost, and licensing?
As I mentioned earlier, the initial adoption cost is somewhat high, and there is a certain level of difficulty involved in integrating it with other security systems, which is a drawback. Sometimes unexpected issues can occur after updates, so rigorous pre-testing is essential—this is another aspect I would like to see improved.
In terms of pricing, we use the enterprise bundle, and while the initial cost was somewhat high, considering the wide range of features and the security benefits, we determined that the investment was worthwhile. We contracted licenses based on the number of users, and it was nice that they could be flexibly adjusted to fit our company's size.
Which other solutions did I evaluate?
There were solutions we compared. For example, Microsoft Defender for Endpoint had the advantage of good integration with existing Microsoft environments and was cost-effective. SentinelOne, on the other hand, had excellent AI-based automation, but we felt it consumed a lot of system resources. CrowdStrike Falcon struck the best balance between performance and efficiency, and we gave it the highest score especially in its ability to detect unknown threats.
What other advice do I have?
If I were to advise other companies considering adopting CrowdStrike Falcon, I would say they should not only look at its powerful security features but also thoroughly evaluate whether it fits their current environment and threat profile. In particular, it is essential to develop a thorough integration plan with existing systems and to establish an update management process to ensure stable operations. I would also recommend actively leveraging customer support if needed. My overall review rating for CrowdStrike Falcon is 9.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Real-Time Threat Protection with Lightweight, Cloud-Native Performance
What do you like best about the product?
What I like most about Crowdstrike Falcon is its ability to detect and stop threats in real time without slowing down endpoints. Its cloud-native architecture means there’s no heavy agent to manage. The visibility it provides across the entire environment also makes investigations faster and much more accurate.
What do you dislike about the product?
One thing I dislike is that the interface can feel overwhelming at first. There’s a lot of depth, but it takes time to learn where everything is and how it’s organized. Some advanced features also require additional modules, which can make the overall cost add up quickly.
What problems is the product solving and how is that benefiting you?
Crowdstrike Falcon helps us tackle the challenge of detecting modern, fast-moving threats across a distributed environment. Its real-time monitoring and behavioral analytics allow us to catch attacks early, often before they cause any damage.
Endpoint security has improved and real-time detection and response reduce false positives
What is our primary use case?
CrowdStrike Falcon's main use case is endpoint security and threat detection, which are the primary purposes for which we are using it.
A day-to-day example of using CrowdStrike Falcon for endpoint security detection occurs when a user downloads suspicious files. The system detects this activity and triggers an alert to the administrator. CrowdStrike Falcon detects abnormal behavior of the system, and an alert is generated in a console. When I log into the console, I can see that some users are trying to access malicious files which are harmful for the organization. The security team isolates the endpoint based on this judgment. We can investigate using process trees and logs in CrowdStrike Falcon. Additionally, USB device control helps sometimes with USB blocking and data access via external storage.
What is most valuable?
The best features CrowdStrike Falcon offers are endpoint detection and response, cloud-native lightweight agent, AI-powered threat detection, threat hunting, and Falcon Overwatch.
The feature I use the most is endpoint detection and response, which you can call EDR. EDR makes the difference in this case because it provides real-time alerts for suspicious activity and full process tree visibility showing what ran, what spawned, and what is happening inside the LAN on the endpoint. It allows for quick investigation of endpoint logins and quick host isolation to stop the spread.
Using CrowdStrike Falcon typically leads to faster threat detection, quicker response, and better visibility across the endpoints. This means I can understand, or an administrator can understand the logs and situation, what is happening with the endpoint, and what suspicious behaviors are occurring inside the endpoints. It has reduced false positives and has a lightweight performance impact, resulting in no heavy use or heavy scans of the agent. User productivity is also increased on the endpoint side.
What needs improvement?
Regarding improvements in reports, when I try to pull a custom report, there are some mismatches, or it does not look professional. I hope CrowdStrike will improve their custom report or inbuilt report to look professional rather than appearing like just adding numbers. Based on the requirement, they should improve their custom reports.
For how long have I used the solution?
I have been using CrowdStrike Falcon for around one year.
What do I think about the stability of the solution?
CrowdStrike Falcon is very stable.
What do I think about the scalability of the solution?
The scalability of CrowdStrike Falcon is very good and very positive.
How are customer service and support?
Customer support is also appreciated as it is very good. I have raised multiple tickets with technical support, and every time I have received a good response from customer support.
Which solution did I use previously and why did I switch?
We did not use any kind of solution previously.
What was our ROI?
Before CrowdStrike Falcon, there were 40 to 50 alerts per day with many antivirus detections and time wasted validating non-issues. When we installed the CrowdStrike Falcon agent on the endpoint, there are now 10 to 15 meaningful alerts that we can work on and isolate the system. There is a 60 to 70 percent reduction in false positives, allowing us to disregard those. Additionally, higher quality behavioral detection based on pattern analysis is justified. The investigation time has been reduced from three to four hours to one to two hours, and per user, we used to take around 10 to 15 minutes, but now with the reduced false positives, we can troubleshoot or inspect users within five minutes.
What's my experience with pricing, setup cost, and licensing?
The pricing is very straightforward and negotiable. The license is thoughtful and very fruitful. The licensing is pretty simple, so it has a very good impact with the licensing, setup cost, and pricing with respect to CrowdStrike Falcon.
Money is saved because if a user is receiving spam alerts or spam emails which are damaging the organization's privacy, the number of alerts, data threatening, DLP, data extraction, and everything has been reduced. There is a big impact on the organization's security posture as well as time saved while doing troubleshooting, allowing us to monitor that alert via one single console. The positive impact is significant, and the money saved is a very good effect for the organization.
Which other solutions did I evaluate?
We have not evaluated another option before choosing CrowdStrike Falcon.
Improved endpoint visibility has reduced incident response time and strengthens threat investigations
What is our primary use case?
I have been using CrowdStrike Falcon for the past two years. My main use case for CrowdStrike Falcon is endpoint protection, threat protection, and investigating suspicious activities on endpoints in my day-to-day work.
In one case, we received an alert about suspicious PowerShell activities detected on one of the endpoints, and CrowdStrike Falcon detected the issue and generated an alert on our SIM solution as well. We started investigating that endpoint using CrowdStrike Falcon, confirming through the process tree that there was suspicious execution, and we began isolating the endpoint device to prevent further impact. That is how we used CrowdStrike Falcon for monitoring and investigating endpoint devices.
We also use CrowdStrike Falcon for endpoint activities and for responding to malware alerts, which is a significant part of our process.
What is most valuable?
CrowdStrike Falcon offers several features that stand out to me, including a feature called Process Tree visibility, where we can see the entire attack history including how it started, how it initiated the connection, how it ended, and the intentions behind that particular incident. Additionally, it has great threat intelligence data, isolation automation, detailed process visibility, a real-time threat blocking system, and behavioral threat detection that helps in responding to incidents on endpoints. These are the best features I have ever used.
I wish more people knew about the Process Tree visibility feature because it helps to understand the full attack chain quickly, making it a very impactful feature I have ever used.
CrowdStrike Falcon has positively impacted my organization by improving endpoint security. Even if end users are doing something on their endpoints without their knowledge, such as receiving documents from vendors, the endpoints will scan attachments before delivery, and if they are malicious, it will detect them and provide notifications and alerts. It has positively impacted endpoint security and reduced the response time for incidents and alerts.
In my experience, I noticed that the Mean Time To Respond (MTTR) has reduced by around 30 to 40 percent due to faster detection and response achieved by the Falcon agents.
What needs improvement?
CrowdStrike Falcon requires experience and knowledge about tuning, as proper tuning is required. Improvement could focus on this aspect, as well as simplifying the user interface for new users and different department employees, since it sometimes generates a lot of false positives. They should concentrate on this as well.
They can work on better reporting and simplifying the interface to enhance the overall user experience.
CrowdStrike Falcon provides very good visibility into endpoint activity, including process execution and behavior. It is not only useful for the security department; it is beneficial for other departments as well. If something happens, even developers can log into CrowdStrike Falcon to check what is happening with their endpoints. Every tool should be built with this capability in mind, including CrowdStrike Falcon, which could also work on improving user interface design.
What do I think about the stability of the solution?
CrowdStrike Falcon is stable, with no major issues I have faced.
What do I think about the scalability of the solution?
CrowdStrike Falcon is highly scalable.
How are customer service and support?
The customer support is good, and I have reached out to them.
Which solution did I use previously and why did I switch?
We were previously using SentinelOne and Microsoft Defender but switched to CrowdStrike Falcon for better detection capabilities, especially for a client handling numerous attachments and endpoint activities.
What was our ROI?
I have seen a return on investment due to strong detection and faster response capabilities of CrowdStrike Falcon.
What's my experience with pricing, setup cost, and licensing?
The pricing, according to my knowledge, is subscription-based, depending on how many endpoints and modules the organization needs to use.
Which other solutions did I evaluate?
Before choosing CrowdStrike Falcon, we evaluated SentinelOne and Microsoft Defender because we needed better detection and visibility.
What other advice do I have?
My advice for others looking into using CrowdStrike Falcon is to have a clear understanding of how to properly fine-tune and monitor the system to get the full benefits. If they are good at these aspects, they can confidently purchase it and start working towards endpoint protection.
CrowdStrike Falcon is a strong solution with faster responses to endpoint-related incidents and alerts. Overall, it is a very robust solution for organizations dealing with endpoint security, and they can confidently choose CrowdStrike Falcon and make it work effectively. I would rate this product a 9 out of 10.
Advanced Threat Detection with Ease of Use
What do you like best about the product?
I use CrowdStrike Falcon Endpoint Protection Platform as a next-gen endpoint security to protect our organization against advanced cyber threats. I appreciate the endpoint security that goes beyond traditional antivirus, offering features like machine learning at the initial stage after installation, behavior-based threat detection, and a lightweight agent. The detailed process tree for any detection provides accurate investigation reports and makes it easy to understand the root cause. I also like its ability to detect zero-day attacks and unknown malware. The initial setup was easy and straightforward with support from the CrowdStrike team.
What do you dislike about the product?
I have some concerns about pricing and cost transparency with CrowdStrike Falcon Endpoint Protection Platform. Also, learning to use the advanced features isn't very easy.
What problems is the product solving and how is that benefiting you?
It protects our endpoints from modern cyber threats, providing more visibility and device control.
Lightweight enterprise security that doesn't bottleneck developer workflows
What do you like best about the product?
As an engineer, the best thing about CrowdStrike Falcon is how incredibly lightweight the single agent is. Unlike traditional antivirus software that hogs CPU resources during system scans, Falcon runs silently in the background. It doesn't interfere with my heavy workloads, local development environments, or Docker containers, yet it still provides top-tier, real-time behavioral threat detection
What do you dislike about the product?
Out of the box, the platform can generate a lot of noise. If your security team doesn't tune the policies correctly, developers can experience alert fatigue or false positives—especially when we are compiling new binaries or running custom scripts. Additionally, maintaining compatibility with cutting-edge Linux kernels can sometimes be a bit of a headache during updates
What problems is the product solving and how is that benefiting you?
At a Web3 company, we need to secure a distributed engineering team handling highly sensitive infrastructure and digital assets. CrowdStrike gives our security operations centralized visibility into every machine. It benefits us by ensuring strict compliance and protecting against advanced ransomware without severely degrading our daily developer machine performance
Comprehensive Endpoint Protection with Real-Time, AI-Powered Threat Detection
What do you like best about the product?
CrowdStrike Falcon provides comprehensive endpoint protection with advanced threat detection capabilities. The real-time monitoring and AI-powered analysis help identify and respond to threats quickly. The cloud-native architecture makes deployment and management straightforward across our organization.
What do you dislike about the product?
The pricing can be on the higher side for smaller organizations. Some advanced features require additional training to fully utilize. Occasionally, false positives can create extra work for the security team to investigate.
What problems is the product solving and how is that benefiting you?
CrowdStrike Falcon is solving our endpoint security challenges by providing real-time threat detection and response capabilities. It helps prevent ransomware attacks and other malware from compromising our systems. The platform benefits us by reducing the time to detect and respond to security incidents, minimizing potential damage and downtime.
Exceptional Prevention and Seamless Integration
What do you like best about the product?
I find the standout feature of CrowdStrike Falcon Endpoint Protection Platform to be its blazing-fast threat detection powered by cloud AI, which consistently outperformed our old tools. Beyond the cloud AI, I also appreciate Falcon's managed threat hunting and seamless integrations. The 24/7 expert threat detection is excellent at uncovering stealthy threats that our team might miss. Additionally, its lightweight agent and AI prevention have fixed our performance issues from old antivirus software. The initial setup was straightforward, even with our large scale, taking about 2-3 weeks for over 10,000 endpoints. Overall, I rate Falcon a solid 9 out of 10 because of its exceptional prevention, scalability, and unmatched value.
What do you dislike about the product?
While Falcon excels overall in my firm, some tweaks can make it better like alert tuning challenges when there is a flood of alerts. If there is a custom rule to configure those, that would be great. Some OOTB policies for software dev workflows would be a cherry on top. Role-based dashboard customization which powers different dashboards for devs and full forensics for hunters.
What problems is the product solving and how is that benefiting you?
CrowdStrike Falcon tackles endpoint security headaches from ransomware threats to compliance demands, offering fast threat detection with cloud AI, 24/7 expert threat hunting, and seamless integration.
Robust Security with Excellent Visibility
What do you like best about the product?
I like CrowdStrike Falcon's lightweight, cloud-native design and strong threat detection. It runs quietly in the background without slowing down systems but is extremely effective at catching known and unknown threats, including fileless attacks. The real-time visibility and detailed threat intelligence make investigations easier, and the console is intuitive once you get used to it. It provides a high level of confidence in endpoint protection without adding operational complexity. The initial setup was easy, requiring only the installation of a lightweight agent, and endpoints were protected almost immediately. The cloud-based console meant there was no on-prem infrastructure to manage, and most default policies worked well out of the box, allowing the team to get up and running quickly. I also appreciate its excellent integration with SIEM tools, identity platforms, and ticketing systems to streamline monitoring, investigations, and incident response workflows. Switching from a traditional antivirus solution to CrowdStrike Falcon gave us better visibility, faster detection, and stronger protection against modern threats.
What do you dislike about the product?
Reporting and alert tuning can feel complex for new users, and advanced features are costly. Offline protection and granular policy customization could be improved. Reporting and alert tuning have a steep learning curve and need better templates. Advanced features are expensive and would benefit from more flexible pricing.
What problems is the product solving and how is that benefiting you?
I use CrowdStrike Falcon for real-time threat detection, prevention, and response. It solves the challenge of detecting advanced threats and gives clear endpoint visibility. It reduces response time, eliminates on-prem infrastructure, and simplifies threat investigation with centralized insights.
Cloud-Native, Real-Time EDR with Fast Threat Detection and Lightweight Performance
What do you like best about the product?
CrowdStrike falcon is its cloud native architecture with real time EDR which provides fast threat detection automated response and lightweight endpoint performance without slowing down devices.
What do you dislike about the product?
CrowdStrike falcon is its high cost for small business and they heavy.
What problems is the product solving and how is that benefiting you?
CrowdStrike falcon solves malware ransomware and advanced threat detection problems benefiting users by providing real-time endpoint protection rapid incident response and improved overall security posture.
