Crowdstrike Falcon

CrowdStrike Falcon is a highly reviewed, highly sophisticated endpoint solution. Falcon focuses on malware; where it really stands out is with advanced types of malware, including PowerShell exploits and file-less malware variants. Falcon combines next-generation antivirus and endpoint detection and response with managed hunting all delivered via their cloud portal. CrowdStrike Falcon delivers, and delivers well, at all three phases of the ransomware phases.

During the delivery or pre-infection phase and the infection phase of an attack, Falcon detects files and blocks known ransomware before it has the chance to infect the system or spread throughout your organization. Typically, this is enough to protect your systems, until you experience a "zero-day" attack. Fortunately for Falcon, they utilize machine learning to understand indicators of attacks to help block these previously unknown attacks; this includes newer file-less attacks. Another advanced feature of the Falcon software blocks execution and spread of malware utilizing features that block exploits that leverage unpatched vulnerabilities.

Where this tool really shines is the post-infection recovery phase. Leveraging the dashboard, we can see exactly how the attack happened and follow a kill chain back and understand what needs to be done to improve your security posture. There are many tools out there that claim to provide you with details around an attack, but Falcon really delivers the forensic detail you need. The cloud dashboard provides event details, behavior detected, file path, hash values, and timestamps from the actual attack. During the investigation, we were able to locate malicious hash values on other systems and quarantine them.

The cloud-managed solution is only as good as its dashboard interface, and CrowdStrike's Falcon doesn't disappoint. The dashboard layout is well polished and easy to use. The documentation around it is well written and gives a lot of context. Without reading the documentation, the dashboard has hover-over tooltips that make it simple to navigate for the first time or infrequent users. Once inside the dashboard, you have all the information at the click of a mouse. Our team found ourselves spending a lot of time ingesting data and clicking through this intelligible user interface.

In the event you need support with Falcon, CrowdStrike offers several tiers of support. The basic support package included gives you 24x7 support using email, phone or their support portal. Additional support options can be added on to get prioritized case handling, enhanced support portal, technical account manager, and even onsite visits. While there is not a strong online community, the support staff are friendly and knowledgeable and can quickly resolve your case. If you need additional threat-hunting support, for an additional fee you can get CrowdStrike's OverWatch team engaged to help with difficult problems.

We were very impressed with the completeness of the CrowdStrike solution. Falcon was not difficult to deploy, and the dashboard was intuitive and easy to follow. After implementation, you have access to important information and can make decisions and tune this solution to meet your environmental criteria.

by Mike Diehl; tested by Mike Diehl & Matt Hreben

Product title
CrowdStrike Falcon
Product info
Name: CrowdStrike Falcon Description: Price: $50.00
Solid threat hunting tools; Complete solution with a solid endpoint agent and cloud managed dashboard.
A little more costly than similar products in the space; large implementations can get expensive, especially when adding additional support options.
CrowdStrike Falcon continues to be a sophisticated toolset that focuses on all three phases of a malware attack. The cloud-based management dashboard provides very detailed information to help identify threats and remove them from your assets. If your organization puts a high value on information, this product should be near the top of your list.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.