CrowdStrike Falcon Review
Visit CrowdStrike Falcon

CrowdStrike Falcon Review

Star Best Training

Built from the ground up as a cloud-based platform, CrowdStrike Falcon is a newer entrant in the endpoint security space. Its threat detection engine combines machine learning, malware behavioral identifiers, and threat intelligence to catch attacks — even from new malware. CrowdStrike’s solution is priced on the high end, so read this review to gauge if the Falcon platform is right for your organization.

Quick Hits

What We Like

  • Integrated threat intelligence
  • Able to manage thousands of endpoints
  • Free trial

Could Be Better

  • Imperfect against some threats
  • Limited report options for base product
  • Pricier than similar solutions

The Blueprint Score

Determined and ranked by our resident expert based on firsthand knowledge and unbiased research.

Ease of Use 8/10
Support 8/10
Pricing 5/10
Features 7/10
7.2
out of 10

We may receive compensation from partners and advertisers whose products appear here. Compensation may impact where products are placed on our site, but editorial opinions, scores, and reviews are independent from, and never influenced by, any advertiser or partner.

CrowdStrike is one of the newer entrants in the cybersecurity space. Founded in 2011, the company was an alternative to the cumbersome IT security approach typical of its time. In a few short years, its Falcon platform garnered praise and won awards for its approach to endpoint security software.

CrowdStrike’s Falcon platform is a cloud-based security solution. This allows clients to avoid hardware and maintenance costs while preventing cyber criminals from hacking into the protection technology, which can happen with traditional on-premise antivirus solutions.

CrowdStrike takes an a la carte approach to its security offerings. This gives you the option to choose the products you need for your business. For instance, if your engineers use containers as part of their software development process, you can pick a CrowdStrike Falcon module offering visibility into container usage.

CrowdStrike’s protection technology possesses many compelling traits, but it’s not perfect. Let’s examine the platform in more detail.


Who is CrowdStrike Falcon for?

CrowdStrike’s Falcon supplies IT security for businesses of any size. It can scale to support thousands of endpoints.

Small businesses require a dedicated IT department to make use of the CrowdStrike Falcon software. Without that technical expertise, the platform is overwhelming.

Its slew of features, security insights, and managed services makes CrowdStrike Falcon best for midsize and large companies. It’s particularly useful for businesses staffed with a security operations center (SOC).

The platform provides protection for Windows, Mac, and Linux machines, including Windows servers and mobile devices. CrowdStrike also furnishes security for data centers.

CrowdStrike’s Falcon solution not only protects your data, but it also complies with regulatory requirements. It counts banks, governments, and health care organizations among its clientele.

The CrowdStrike Falcon platform provides products for different security functions built on top of the company’s threat graph and lightweight agent technology.

The Falcon platform’s architecture offers a modular design, so you can pick the solution needed for any security area. Source: CrowdStrike.com.


CrowdStrike’s Falcon features

CrowdStrike’s Falcon platform uses a combination of protection capabilities, including artificial intelligence to analyze your endpoint data, attack indicators to identify and correlate actions indicative of potential threats, and exploit mitigation to stop attacks targeting software vulnerabilities.

Its foundational component is the Falcon Prevent module, CrowdStrike’s antivirus technology. It comes packaged in all of CrowdStrike’s product bundles.

Threat protection

CrowdStrike’s Falcon Prevent is the platform’s next-generation antivirus (NGAV). Traditional antivirus software depended on file-based malware signatures to detect threats. Cybercriminals know this, and now use tactics to circumvent these detection methods.

NGAV technology addresses the need to catch today’s more sophisticated types of malware. Falcon antivirus combines machine learning, analysis of malware behavioral characteristics, and threat intelligence to accurately recognize threats and take action.

Independent testing firm AV-Comparatives assessed CrowdStrike’s success at preventing cyberattacks. Its tests evaluated CrowdStrike’s protection performance using two scenarios: against threats during internet use, such as visiting websites, and against malicious files executed on Windows computers.

These are AV-Comparatives test results from its August through September testing round:

  • Against real-world online attacks, such as websites known to harbor threats, AV-Comparatives found CrowdStrike security blocked 96.6% of the threats thrown at it. This ranks CrowdStrike below 15 competitors that blocked a higher percentage of threats.
  • Against files infected with malware, CrowdStrike blocked 99.6%. This performance placed CrowdStrike below 12 other rivals.

These test results are solid, but not stellar, particularly in contrast with competitor solutions. Protection is a critical component, so CrowdStrike Falcon’s test performance detracts from its features as a security platform.

The Falcon dashboard shows information and charts about security threats.

The Falcon dashboard highlights key security threat information. Source: CrowdStrike software.

Security management

In terms of daily security management, the Falcon platform provides tools to help you diagnose suspicious activity and identify the real threats. Its web-based management console centralizes these tools.

The console allows you to easily configure various security policies for your endpoints. You can specify different policies for servers, corporate workstations, and remote workers. CrowdStrike Falcon also lets you tune the aggressiveness of the platform’s detection and prevention settings with a few mouse clicks.

The console’s dashboard summarizes threat detections. You simply click on the detections to drill into details of each issue.

When examining suspicious activity, CrowdStrike’s process tree is a particularly useful feature. It breaks down the attack chain in a visual format to deliver a clear picture of an attack.

The process tree provides insights such as the threat severity and the actions taken to remediate the issue. From the same screen, you can quickly choose to update your security profile to block a flagged file from running on your IT network in the future, or if it’s a false positive, to add it to your whitelist of acceptable items.

CrowdStrike Falcon furnishes some reporting, but the extent depends on the products you’ve purchased. Some products, such as Falcon Discover for IT asset management and related tasks, contain extensive reports and analytics, but the base Falcon Prevent product offers little by comparison.

The CrowdStrike Falcon interface shows a diagram of the attack chain.

See a visual breakdown of every attack chain. Source: CrowdStrike software.

Threat intelligence

The heart of the platform is the CrowdStrike Threat Graph. It collects and analyzes one trillion events per week and enriches that data with threat intelligence, a repository of security threat information, to predict and prevent malicious activity in real time.

Falcon incorporates threat intelligence in a number of ways. Along with its use in CrowdStrike’s detection technology, your dashboard lists the latest information on new and evolving threats to keep your SOC team up-to-date.

When Falcon Prevent identifies malware, it provides a link to additional details about the attack, including known information about the cybercriminals. This delivers additional context, such as the attack’s use of software vulnerabilities, to help your IT team ensure your systems are properly patched and updated.

You can build on this by adopting CrowdStrike products such as the company’s Falcon X module, which adds deeper threat intelligence features to your Falcon Prevent NGAV. You can also move up from the Falcon Pro starter package to Falcon Enterprise, which includes threat-hunting capabilities.

Detailed information about each security threat is shown within the CrowdStrike Falcon console.

Threat intelligence is readily available in the Falcon console. Source: CrowdStrike software.


CrowdStrike’s Falcon ease of use

CrowdStrike incorporates ease of use throughout the application. It begins with the initial installation.

The CrowdStrike Falcon sensor is a lightweight software security agent easily installed on endpoints. It requires no configuration, making setup simple. This sensor updates automatically, so you and your users don’t need to take action. It can even protect endpoints when a device is offline.

If you’re replacing existing endpoint security, CrowdStrike Falcon makes migration a breeze. Simply install CrowdStrike’s solution using a security policy set to detection mode only, which ensures no conflict with the existing security software. Then uninstall the old security system and update your policy to the configuration needed to properly protect your endpoints.

CrowdStrike Falcon’s search feature lets you quickly find specific events. Its user interface presents a set of filters at the top so you can simply click a filter to drill down to the relevant endpoints, making it simple to manage thousands of devices.

The CrowdStrike Falcon platform is straightforward for veteran IT personnel. If you don’t have an IT team or a technical background, CrowdStrike’s Falcon solution is too complex to implement. Use the wrong configuration, such as leaving CrowdStrike Falcon in detection only mode, and it won’t properly protect your endpoints.

The CrowdStrike Falcon security policy page shows the platform’s available security settings.

Easily tune CrowdStrike Falcon’s security aggressiveness with a few clicks. Source: CrowdStrike software.


CrowdStrike’s Falcon pricing

CrowdStrike pricing starts at $8.99/month for each endpoint. This subscription gives you access to CrowdStrike’s Falcon Prevent module.

CrowdStrike’s starting price point means your annual cost is over $100 per endpoint, which is substantially higher than most competitor pricing. Rival solutions typically charge half that amount or less for introductory products, although features vary quite a bit across platforms.

To ensure CrowdStrike Falcon is right for your needs, try the software before you buy through CrowdStrike’s 15-day free trial. You must go through a vetting process after sign-up, so there’s a 24-hour wait before you get to use the trial.

CrowdStrike pricing is broken out into four packages.

CrowdStrike groups products into pricing tiers. Source: CrowdStrike.com.


CrowdStrike’s Falcon support

CrowdStrike products come with a standard support option. This includes the option to contact CrowdStrike by email, as well as an online self-service portal. Phone and chat help are available during business hours, and 24-hour support is accessible for emergencies.

The online portal is a wealth of information. CrowdStrike makes extensive use of videos, and its how-to articles are clear and easy to follow. You feel like you’ve got a trainer beside you, helping you learn the platform.

CrowdStrike offers additional, more robust support options for an added cost. Depending on the tier of support you opt for, your organization can receive an onboarding training webinar, prioritized service, and even on-site help.

CrowdStrike’s support is grouped into different tiers of service.

CrowdStrike offers various support options. Source: CrowdStrike.com.


Benefits of CrowdStrike Falcon

IT groups will appreciate CrowdStrike Falcon’s flexible, extensible, and straightforward functionality. SOC teams will relish its threat-hunting capabilities.

CrowdStrike Falcon provides many details about suspicious activity, enabling your IT team to unpack incidents and evaluate whether a threat is present. The level of granularity delivered is impressive, yet CrowdStrike works to keep the information clear and concise. You don’t feel as though you’re being hit by a ton of data.

The platform makes it easy to set up and manage a large number of endpoints. The CrowdStrike Falcon sensor’s lightweight design means minimal impact on computer performance, allowing your users to maintain productivity.

Another CrowdStrike benefit is how the company lays out its products. You choose the functionality you require now and upgrade your security capabilities as your organization’s needs evolve. For example, CrowdStrike’s Falcon Insight, included with the Enterprise package, adds endpoint detection and response (EDR) capabilities to your security suite.

If you find your security needs exceed what your IT team can handle, CrowdStrike covers you there, too. The company offers managed services, so you can leverage CrowdStrike’s team of experts to help with tasks such as threat hunting.

A list of security threats is shown in the Falcon interface.

Falcon provides a detailed list of the uncovered security threats. Source: CrowdStrike software.


A flexible security solution packed with threat intelligence

The CrowdStrike Falcon platform is a solid solution for organizations that have lots of endpoints to protect, and a skilled IT team. Its toolset optimizes endpoint management and threat hunting.

While it works well for larger companies, it’s not for small operations. Some small businesses possess minimal IT staff who don’t have the time to investigate every potential threat, and lack the budget to outsource this work to CrowdStrike.

CrowdStrike is also more expensive than many competitor solutions. You have to weigh its pros and cons against the needs of your organization to determine if it’s the right fit for you.


Frequently Asked Questions for CrowdStrike Falcon

Is CrowdStrike Falcon an antivirus?

CrowdStrike’s Falcon endpoint security platform is more than just antivirus software. It incorporates next-generation antivirus, called Falcon Prevent, but it also offers many other features, including tools to manage a large number of devices.

You choose the level of protection needed for your company and budget. CrowdStrike Falcon is an extensible platform, allowing you to add modules beyond Falcon Prevent, such as endpoint detection and response (EDR), and managed security services.

Can CrowdStrike Falcon protect endpoints when not online?

Yes, CrowdStrike Falcon protects endpoints even when offline. CrowdStrike’s sensor, a lightweight software security agent installed on endpoints, contains all the prevention technologies required for online and offline protection.

Does CrowdStrike offer a free version?

No free version exists, but you can take CrowdStrike Falcon for a test-drive by signing up for a 15-day free trial.

CrowdStrike also provides a handful of free security tools, such as its CrowdDetox, which cleans up junk software code to help security researchers analyze malware more efficiently.

The CrowdStrike Falcon platform offers a wide range of security products and services to meet the needs of any size company. Use CrowdStrike’s 15-day free trial to see for yourself if the platform is the right fit for your business.

The CrowdStrike Falcon platform offers a wide range of security products and services to meet the needs of any size company. Use CrowdStrike’s 15-day free trial to see for yourself if the platform is the right fit for your business.


How CrowdStrike Falcon Compares

Product AI-Powered Threat Detection Tools Beyond Antivirus 24-hour Phone Support Reporting and Analytics
CrowdStrike Falcon
Yes
Yes
Yes
Yes
Sophos Intercept X
Yes
Yes
Yes
Yes
VMware Carbon Black
Yes
Yes
Yes
Bitdefender GravityZone Business Security
Yes
Yes
Yes
Yes
Webroot Business Endpoint Protection
Yes
Yes
Yes

The Motley Fool has a Disclosure Policy. The Author and/or The Motley Fool may have an interest in companies mentioned.