CrowdStrike is one of the newer entrants in the cybersecurity space. Founded in 2011, the company was an alternative to the cumbersome IT security approach typical of its time. In a few short years, its Falcon platform garnered praise and won awards for its approach to endpoint security software.
CrowdStrike’s Falcon platform is a cloud-based security solution. This allows clients to avoid hardware and maintenance costs while preventing cyber criminals from hacking into the protection technology, which can happen with traditional on-premise antivirus solutions.
CrowdStrike takes an a la carte approach to its security offerings. This gives you the option to choose the products you need for your business. For instance, if your engineers use containers as part of their software development process, you can pick a CrowdStrike Falcon module offering visibility into container usage.
CrowdStrike’s protection technology possesses many compelling traits, but it’s not perfect. Let’s examine the platform in more detail.
Who is CrowdStrike Falcon for?
CrowdStrike’s Falcon supplies IT security for businesses of any size. It can scale to support thousands of endpoints.
Small businesses require a dedicated IT department to make use of the CrowdStrike Falcon software. Without that technical expertise, the platform is overwhelming.
Its slew of features, security insights, and managed services makes CrowdStrike Falcon best for midsize and large companies. It’s particularly useful for businesses staffed with a security operations center (SOC).
The platform provides protection for Windows, Mac, and Linux machines, including Windows servers and mobile devices. CrowdStrike also furnishes security for data centers.
CrowdStrike’s Falcon solution not only protects your data, but it also complies with regulatory requirements. It counts banks, governments, and health care organizations among its clientele.
CrowdStrike’s Falcon features
CrowdStrike’s Falcon platform uses a combination of protection capabilities, including artificial intelligence to analyze your endpoint data, attack indicators to identify and correlate actions indicative of potential threats, and exploit mitigation to stop attacks targeting software vulnerabilities.
Its foundational component is the Falcon Prevent module, CrowdStrike’s antivirus technology. It comes packaged in all of CrowdStrike’s product bundles.
CrowdStrike’s Falcon Prevent is the platform’s next-generation antivirus (NGAV). Traditional antivirus software depended on file-based malware signatures to detect threats. Cybercriminals know this, and now use tactics to circumvent these detection methods.
NGAV technology addresses the need to catch today’s more sophisticated types of malware. Falcon antivirus combines machine learning, analysis of malware behavioral characteristics, and threat intelligence to accurately recognize threats and take action.
Independent testing firmassessed CrowdStrike’s success at preventing cyberattacks. Its tests evaluated CrowdStrike’s protection performance using two scenarios: against threats during internet use, such as visiting websites, and against malicious files executed on Windows computers.
These are AV-Comparatives test results from its August through September testing round:
- Against real-world online attacks, such as websites known to harbor threats, AV-Comparatives found CrowdStrike security blocked 96.6% of the threats thrown at it. This ranks CrowdStrike below 15 competitors that blocked a higher percentage of threats.
- Against files infected with malware, CrowdStrike blocked 99.6%. This performance placed CrowdStrike below 12 other rivals.
These test results are solid, but not stellar, particularly in contrast with competitor solutions. Protection is a critical component, so CrowdStrike Falcon’s test performance detracts from its features as a security platform.
In terms of daily security management, the Falcon platform provides tools to help you diagnose suspicious activity and identify the real threats. Its web-based management console centralizes these tools.
The console allows you to easily configure various security policies for your endpoints. You can specify different policies for servers, corporate workstations, and remote workers. CrowdStrike Falcon also lets you tune the aggressiveness of the platform’s detection and prevention settings with a few mouse clicks.
The console’s dashboard summarizes threat detections. You simply click on the detections to drill into details of each issue.
When examining suspicious activity, CrowdStrike’s process tree is a particularly useful feature. It breaks down the attack chain in a visual format to deliver a clear picture of an attack.
The process tree provides insights such as the threat severity and the actions taken to remediate the issue. From the same screen, you can quickly choose to update your security profile to block a flagged file from running on your IT network in the future, or if it’s a false positive, to add it to your whitelist of acceptable items.
CrowdStrike Falcon furnishes some reporting, but the extent depends on the products you’ve purchased. Some products, such as Falcon Discover for IT asset management and related tasks, contain extensive reports and analytics, but the base Falcon Prevent product offers little by comparison.
The heart of the platform is the CrowdStrike Threat Graph. It collects and analyzes one trillion events per week and enriches that data with threat intelligence, a repository of security threat information, to predict and prevent malicious activity in real time.
Falcon incorporates threat intelligence in a number of ways. Along with its use in CrowdStrike’s detection technology, your dashboard lists the latest information on new and evolving threats to keep your SOC team up-to-date.
When Falcon Prevent identifies malware, it provides a link to additional details about the attack, including known information about the cybercriminals. This delivers additional context, such as the attack’s use of software vulnerabilities, to help your IT team ensure your systems are properly patched and updated.
You can build on this by adopting CrowdStrike products such as the company’s Falcon X module, which adds deeper threat intelligence features to your Falcon Prevent NGAV. You can also move up from the Falcon Pro starter package to Falcon Enterprise, which includes threat-hunting capabilities.
CrowdStrike’s Falcon ease of use
CrowdStrike incorporates ease of use throughout the application. It begins with the initial installation.
The CrowdStrike Falcon sensor is a lightweight software security agent easily installed on endpoints. It requires no configuration, making setup simple. This sensor updates automatically, so you and your users don’t need to take action. It can even protect endpoints when a device is offline.
If you’re replacing existing endpoint security, CrowdStrike Falcon makes migration a breeze. Simply install CrowdStrike’s solution using a security policy set to detection mode only, which ensures no conflict with the existing security software. Then uninstall the old security system and update your policy to the configuration needed to properly protect your endpoints.
CrowdStrike Falcon’s search feature lets you quickly find specific events. Its user interface presents a set of filters at the top so you can simply click a filter to drill down to the relevant endpoints, making it simple to manage thousands of devices.
The CrowdStrike Falcon platform is straightforward for veteran IT personnel. If you don’t have an IT team or a technical background, CrowdStrike’s Falcon solution is too complex to implement. Use the wrong configuration, such as leaving CrowdStrike Falcon in detection only mode, and it won’t properly protect your endpoints.
CrowdStrike’s Falcon pricing
CrowdStrike pricing starts at $8.99/month for each endpoint. This subscription gives you access to CrowdStrike’s Falcon Prevent module.
CrowdStrike’s starting price point means your annual cost is over $100 per endpoint, which is substantially higher than most competitor pricing. Rival solutions typically charge half that amount or less for introductory products, although features vary quite a bit across platforms.
To ensure CrowdStrike Falcon is right for your needs, try the software before you buy through CrowdStrike’s 15-day free trial. You must go through a vetting process after sign-up, so there’s a 24-hour wait before you get to use the trial.
CrowdStrike’s Falcon support
CrowdStrike products come with a standard support option. This includes the option to contact CrowdStrike by email, as well as an online self-service portal. Phone and chat help are available during business hours, and 24-hour support is accessible for emergencies.
The online portal is a wealth of information. CrowdStrike makes extensive use of videos, and its how-to articles are clear and easy to follow. You feel like you’ve got a trainer beside you, helping you learn the platform.
CrowdStrike offers additional, more robust support options for an added cost. Depending on the tier of support you opt for, your organization can receive an onboarding training webinar, prioritized service, and even on-site help.
Benefits of CrowdStrike Falcon
IT groups will appreciate CrowdStrike Falcon’s flexible, extensible, and straightforward functionality. SOC teams will relish its threat-hunting capabilities.
CrowdStrike Falcon provides many details about suspicious activity, enabling your IT team to unpack incidents and evaluate whether a threat is present. The level of granularity delivered is impressive, yet CrowdStrike works to keep the information clear and concise. You don’t feel as though you’re being hit by a ton of data.
The platform makes it easy to set up and manage a large number of endpoints. The CrowdStrike Falcon sensor’s lightweight design means minimal impact on computer performance, allowing your users to maintain productivity.
Another CrowdStrike benefit is how the company lays out its products. You choose the functionality you require now and upgrade your security capabilities as your organization’s needs evolve. For example, CrowdStrike’s Falcon Insight, included with the Enterprise package, adds endpoint detection and response (EDR) capabilities to your security suite.
If you find your security needs exceed what your IT team can handle, CrowdStrike covers you there, too. The company offers managed services, so you can leverage CrowdStrike’s team of experts to help with tasks such as threat hunting.
A flexible security solution packed with threat intelligence
The CrowdStrike Falcon platform is a solid solution for organizations that have lots of endpoints to protect, and a skilled IT team. Its toolset optimizes endpoint management and threat hunting.
While it works well for larger companies, it’s not for small operations. Some small businesses possess minimal IT staff who don’t have the time to investigate every potential threat, and lack the budget to outsource this work to CrowdStrike.
CrowdStrike is also more expensive than many competitor solutions. You have to weigh its pros and cons against the needs of your organization to determine if it’s the right fit for you.
View more information: https://www.fool.com/the-blueprint/crowdstrike-falcon-review/