Gartner defines an endpoint protection platform (EPP) as security software designed to protect managed endpoints — including desktop PCs, laptop PCs, mobile devices and, in some cases, server endpoints — against known and unknown malicious attacks. EPPs provide capabilities for security teams to investigate and remediate incidents that evade prevention controls. EPP products are delivered as software agents, deployed to endpoints, and connected to centralized security analytics and management consoles.
EPPs provide a defensive security control to protect end-user endpoints against known and unknown malware infections using a combination of security techniques (such as static and behavioral analysis) and system controls (such as device control and host firewall management). EPP prevention and protection capabilities are deployed as a part of a defense-in-depth strategy to help reduce the attack surface and minimize the risk of endpoint compromise. EPP detection and response capabilities are used to uncover, investigate, and respond to endpoint threats that evade security prevention, often as a part of broader security operations platforms.

Endpoint Protection Platforms

Extended detection and response (XDR) delivers security incident detection and automated response capabilities for security infrastructure. XDR integrates threat intelligence and telemetry data from multiple sources with security analytics to provide contextualization and correlation of security alerts. XDR must include native sensors, and can be delivered on-premises or as a SaaS offering. Typically, it is deployed by organizations with smaller security teams.

Extended Detection and Response

Mobile threat defense (MTD) products protect organizations from malicious threats on iOS and Android devices, at the device, network and application levels. To successfully attack a mobile device, mobile malware must circumvent the controls built into mobile OSs, such as those for app store curation and native mobile OS hardening. MTD products tend to focus on preventing and detecting anomalous behavior by collecting and analyzing indicators of compromise, as well as expected behavior. MTD products gather threat intelligence from the devices they support, as well as from external sources, and use an analysis engine that resides in the cloud, on-premises or on an MTD app installed on devices.

Mobile Threat Defense

CrowdStrike Falcon Reviews, Ratings & Features 2025 | Gartner Peer Insights

Evaluation and contract negotiation

Evaluation & Contracting

Ability to understand your organization's needs

Timely and complete response to product questions

Pricing and contract flexibility (pricing and terms)

Integration and deployment

Integration & Deployment

Availability of quality 3rd-party resources (integrators, service providers, etc.)

Ease of integration using standard APIs and tools

Quality and availability of end-user training

Ease of deployment

Service and support

Service & Support

Timeliness of vendor's response

Quality of technical support

Quality of peer user community

Product capabilities

Product Capabilities

Ease of Use

Cloud-based Management

Prevention

EDR Functionality

Workspace Security Suite

Managed Services

Geographic Support

OS Support

Malware accuracy and effectiveness

Performance impact on endpoint

Management interface /ease of use

Protection

Performance Impact

Deployment and Onboarding

Hybrid Management

TDIR Product Integration

Additional Context

SentinelOne Singularity Platform

SentinelOne

CrowdStrike Falcon

CrowdStrike

Trellix Endpoint Security Suite

Trellix

Microsoft Defender for Endpoint

Microsoft

Sophos Endpoint

Sophos

Symantec Endpoint Security Complete

Broadcom

Trend Vision One - Endpoint Security

Trend Micro

ESET PROTECT

ESET

ThreatDown Endpoint Detection and Response

Malwarebytes

Harmony Endpoint

Check Point Software Technologies

50M - 250M USD

<50M USD

250M - 500M USD

500M - 1B USD

1B - 3B USD

3B - 10B USD

Gov't/PS/ED <5,000 Employees

10B - 30B USD

30B + USD

Gov't/PS/ED 5,000 - 50,000 Employees

Gov't/PS/ED 50,000 + Employees

ENDPOINT SECURITY SPECIALIST

Overall, I believe they have a good product. However, there is room for improvement in the visibility of logs within the console, as the current functionality is quite limited. At present, we cannot access network or endpoint logs when investigating a host for unusual activity; logs are only available if a detection occurs. That said, the prevention capabilities are effective.
Regarding custom IoCs, they are restricted to detection only, with no support for blocking or the addition of custom URLs as IoCs. Additionally, there is no functionality for application management or custom application blocking.
The licensing model should also be improved as basic functionality of EPP or EDR like device control are licensed separately rather than being included in the basic license. 

Operations engineer

Mi experiencia con CrowdStrike ha sido muy retadora pero a su vez gratificante. Es una herramienta muy efectiva para asegurar equipos tanto computadoras como servidores. Adicionalmente, estoy feliz con mi experiencia debido a que he aprendido mucho durante el camino en las implementaciones realizadas, no solo aprendiendo cosas específicas de CrowdStrike sino temas generales de ciberseguridad.

My experience with CrowdStrike has been very challenging but also rewarding. It's a very effective tool for securing both computers and servers. Additionally, I'm happy with my experience because I've learned a lot along the way from the implementations I've completed, not only learning specific things about CrowdStrike but also general cybersecurity topics.

VMware (Carbon Black)

Palo Alto Networks

Cisco Systems

Bitdefender

Fortinet

McAfee

Broadcom (Symantec)

BlackBerry Cylance

Cybereason

Kaspersky

FireEye

Other...

Broadcom (VMware)

BlackBerry

Rapid7 (Minerva Labs)

Cynet

WatchGuard

OpenText (Webroot)

Elastic

IT Associate

CrowdStrike Falcon provides strong endpoint protection with a lightweight agent and real-time threat detection. The cloud-based platform is easy to scale and manage, and backed up with top-notch threat intelligence.

IT Security & Risk Management Associate

This is for specifically Falcon Firewall. The UI experience is frustrating and barely usable. For example, if I want to input multiple filters to view the traffic for an environment then I have to wait for the page to reload each time I apply an individual filter. Ideally I should be able to apply multiple filters at once before needing to reload my results.  Currently the experience is frustrating 

The product is really good but need to improve customer service

Sr information security specialist

overall the product is ok. tough to get information at timeS

Enterprise Cybersecurity Specialist

Overall, CrowdStrike is a top tier EDR that I would recommend to any enterprise class customers.  Their solutions cost a premium, however their sensor reliability and their single pane of glass compensates for the additional cost.  I use CrowdStrike as the benchmark for evaluating tools and solutions, and very few vendors can meet this benchmark.

CrowdStrike is not perfect, but there is no software vendor out there that is.

Engineering Manager

El producto de Falcon Crowdstrike me parece de las plataformas mas amigables e innovadoras para los usuarios finales, una de las bondades que tenemos con el producto es el modo Flex que nos permite que el usuario final tenga mas posibilidades de ampliar su licenciamiento, la manera en que no es invasivo el sensor de Crowdstrike en Workstations, favorece en el tema del despliegue que es de los mas agiles y rápidos que yo eh visto a comparación de otras marcas.

IT SECURITY & RISK MANAGEMENT ASSOCIATE

When it comes to CrowdStrike, what I like most is the event search and advanced event search using crowdstrike query language for threat hunting and forensic analysis. strating we face lot of problem with cql, but after crowdstrike university provided videos and cool friday webinars on best practices in support portal it helped a lot in improving the usage/ utilisation of falcon and it modules. easy to use and role allocation which will help teach fresher, not impacting production environment.

IT MANAGER

CrowdStrike Falcon Platform is a next-gen platform for protection against the latest threats and attacks. Its Anti Virus engine helps you in protecting your systems from malwares. It has been designed to safeguard your end points including mobile devices. We have installed CrowdStrike on all our systems. Scans are scheduled at respective time intervals and real time protection is enabled too. Thus, if we plug and play any USB device and if it contains any infectious file, it automatically gets caught and gets quarantined. Further action to delete can be taken subsequently. Program updates help us keep our system and network safe from the latest threats.

Active

Find the top Endpoint Protection Platforms with Gartner. Compare and filter by verified product reviews and choose the software that’s right for your organization.

50M-1B USD

1B-10B USD

10B+ USD

Gov't/PS/Ed

IT Security Officer

When comparing Crowdstrike Falcon to two other EPP products on the market that I've worked with, I find that Falcon delivers a more stable and reliable service and sensor. While I do feel like all their modules aren't fully thought through where you are presented with a lot of data but can't filter, process or handle it in a way you expect, the over all feeling is very good.
I have had a very positive experience interacting with their staff, my customer team and their support. 
Rarely do we experience any issues where other software or operating systems work poorly with the sensor. The sensor is not without faults or bugs, but I find that issues are often reported quickly by the supplier to the administrators and often with a work around or the possibility of gaining support for mitigations. 
They provide courses and learning materials for advancing within the tool. There are often live hands-on labs as webinars you can attend, but these I've found to be less good, though I like they are open for feedback and to improve. 

Chief Information Security Officer

We have enjoyed great success with CrowdStrike Falcon for EDR. The product is easy to install and administer. The CrowdStrike Account and Support teams have been brilliant to work with during contracting, planning, and executing on deployments and service expansions.  They are easy to engage with, the contract terms are simple, and they have the expertise on hand to tackle tough challenges in dealing with the evolving threats in the cyber threat landscape.  

Excellent Experience from a user, administrator, and support perspective. 

From a user and administrative perspective, the console and products feel very unified in the console itself. While they do move things around sometimes, they leave the older versions in place for a while that allows you to learn the new interface while still being able to fall back to the old which is fantastic. The console and workflows feel intuitive. The overall experience is very polished.

The agent just works and has low resource usage. Very rarely have I run into any issues with the agent either via install or day to day operations. Even when they are issues, if its a bug their development process allows for quick hotfixes and response.

From a support perspective, they have been phenomenal, especially compared to other vendors in their level in this space. You get responses from qualified and experienced individuals who know how to review logs and provide actionable information quickly.

Their knowledgebase is vast and very detailed. Many issues can be resolved by doing some basic research in their detailed knowledgebase.

My biggest "gripe" is more of an industry issue than a Crowdstrike issue, but it's that you have to learn another query language and nomenclature. While Crowdstrike's language is Splunk like, their recent migration to the Humio language, required re-learning what you already knew.

INFOSEC ENGINEER

I have been using Crowstrike's Falcon Platform for over 5 years now. It is great at what is does and while the Falcon Platform itself can be pricey (though about on par for the competition), additional tools are included or very affordable (SIEM/Log Collector or CSPM for example). It's very easy to deploy, especially in a modern setting. The functionality within the tool is exactly what our team is looking for - EDR, isolation, remote response, and more.

Engineer

pros,

1- Easy to use and setup either individual or in a small/midcap organisation as per my experience,as a falcon administrator i have implemented and installed falcon software/antivirus in multiple customer sites, it is very easy to deploy with a minimal setup. you just need your cred and connect with cloud, and there we go.  from portal itself we can install and apply the policy in one go.

2- User friendly interface - it provides very simple and understandable user interface to manage the services.

3 - Coming to the crowdstrike brain, i would say, it has the effective threat detection and prevention in real time environment. as it detects in real-time attacks, behaviour anylitics, prevention of ransomware and malware.

4 - scalable because it works over cloud. so it takes no physical storage on devices. just a small file need to be installed on mac, windows, linux etc that CF file to map with cloud.



Jr Network and Security Administrator

CrowdStrike Falcon provided fantastic value to our EP strategy as a whole. The platform provides robust prevention, detection and response with solid performance and scale. We leverage its native-cloud architecture to remove the on-prem requirements, for easier deploy and manage. Support team has been the best, most helpful and responsive. Since implemetation, we have seen a distinct decrease in the number of security incidents and quicker response times.

Incident Responder

Like to work with the CrowdStrike EDR product, it's been 3 years I'm using it, so far, it's a great experience and in these 3 years the product has made significant changes in its core components/infra. I've worked with various CrowdStrike modules, and it's helped me in identifying the detections and triaging the security alerts better.

The steps to implementation were easy and seemless to the endpoints. The installation of the sensor was light weight and cause no performance issues. Implemented prevention and EndPoint Detection Response configurations in steps to ensure all configurations were implemented successfully. The guidance from our Technical Account Manager and Sales Engineer ensured we had all the best practices in place to ensure we have the full capability of the product. 

IT Security & Risk Management - Executive

Overall, Everyone in our team liked the functionality of the product. It has a very small learning curve and clear documentation which helped us understand and implement things quickly. The detections were real time, so we were able to triage them ASAP, protecting the organization from the threats. It is worth every penny we pay for.

My experience with CrowdStrike Falcon has been largely positive, and I would recommend it to anyone looking for a robust, real-time endpoint protection with minimal impact on system performance.

The dashboard is easy to navigate, a user friendly dashboard, providing clear insights into the security status of all connected devices. Falcon's machine learning driven analytics also helped to identify threats that might have gone unnoticed by traditional methods. 

However, the cost can be high compared to other solutions, so value for money, which might be a concern for smaller businesses. 

Security Analyst

The deployment team (Gold Standard) was extremely helpful in getting sensors deployed across our org and setting us up for future success with various prevention policies for phased deployments.  The support team has also been very helpful whenever we experience issues, they address them quickly via their support portal.

CrowdStrike Falcon Dashboard

CrowdStrike Falcon Prevention

The CrowdStrike Falcon platform features a single lightweight agent that delivers cutting-edge, AI-powered real-time protection and visibility. Designed to defend endpoints and workloads both on and off the network, it stops threats before they become breaches. Backed by adversary-driven threat intelligence and AI, the Falcon platform processes trillions of global events weekly in real time, fueling an advanced security data platform accessible through a unified command console.

CrowdStrike is a recognized entity in the cybersecurity space, specializing in enterprise risk management through the innovative application of technology. The company focuses primarily on protecting essential business risk areas such as endpoints, cloud workloads, identity, and data. Employing the state-of-the-art CrowdStrike Security Cloud and advanced AI technology, the firm provides effective solutions. Its CrowdStrike Falcon platform uses real-time indications of attack, threat intelligence, telemetry enhanced from diverse enterprise sources, and evolving adversary knowhow for high-grade detection, automated protection and healing, advanced threat tracking, and efficient vulnerability visibility. The Falcon platform, designed in the cloud with a singular lightweight-agent architecture, offers swift deployment, unique protection and performance, and reduced complexity. Therefore, CrowdStrike delivers a significant value proposition right from the beginning.

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world‚Äôs most advanced cloud-native platform for protecting critical areas of enterprise risk ‚Äî endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon¬Æ platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.