Gartner defines an endpoint protection platform (EPP) as security software designed to protect managed endpoints — including desktop PCs, laptop PCs, virtual desktops, mobile devices and, in some cases, servers — against known and unknown malicious attacks. EPPs provide capabilities for security teams to investigate and remediate incidents that evade prevention controls. EPP products are delivered as software agents, deployed to endpoints, and connected to centralized security analytics and management consoles.
EPPs provide a defensive security control to protect end-user endpoints against known and unknown malware infections and file-less attacks using a combination of security techniques (such as static and behavioral analysis) and attack surface reduction capabilities (such as device control, host firewall management and application control). EPP prevention and protection capabilities are deployed as a part of a defense-in-depth strategy to help reduce the endpoint attack surface and minimize the risk of compromise. EPP detection and response capabilities are used to uncover, investigate and respond to endpoint threats that evade security protection, often as a part of broader threat detection, investigation and response (TDIR) capable products.

Endpoint Protection Platforms

Mobile threat defense (MTD) products protect organizations from malicious threats on iOS and Android devices, at the device, network and application levels. To successfully attack a mobile device, mobile malware must circumvent the controls built into mobile OSs, such as those for app store curation and native mobile OS hardening. MTD products tend to focus on preventing and detecting anomalous behavior by collecting and analyzing indicators of compromise, as well as expected behavior. MTD products gather threat intelligence from the devices they support, as well as from external sources, and use an analysis engine that resides in the cloud, on-premises or on an MTD app installed on devices.

Mobile Threat Defense

Removable media security refers to set of policies, technologies and best practices to protect data and systems from the risk associated with portable storage devices. These devices, known as removable media, include USB flash drives, External hard drives (HDDs), solid-state drives (SSDs), memory cards, smartphones and tablets etc. Removable media security prevents data breaches and malware infections by controlling and monitoring the use of USB drives, external disks, and other portable devices within an organization. This proactive protection helps maintain regulatory compliance, offers peace of mind through detailed audit trails, and reduces the risk of costly downtime or data loss due to unsafe media usage. 
This security framework includes access restrictions, mandatory encryption, malware scanning, and ongoing user education to prevent costly breaches or compliance violations. In enterprise settings, it is crucial for employees, IT staff, contractors, and vendors who routinely transfer, back up, or share sensitive business data using removable devices. These users are required to comply with security protocols to keep corporate networks and confidential information safe. Typical features include data encryption, device control and malware scanning.

Removable Media Security

Extended detection and response (XDR) delivers security incident detection and automated response capabilities for security infrastructure. XDR integrates threat intelligence and telemetry data from multiple sources with security analytics to provide contextualization and correlation of security alerts. XDR must include native sensors, and can be delivered on-premises or as a SaaS offering. Typically, it is deployed by organizations with smaller security teams.

Extended Detection and Response

CrowdStrike Falcon Reviews, Ratings & Features 2026 | Gartner Peer Insights

Evaluation and contract negotiation

Evaluation & Contracting

Ability to understand your organization's needs

Timely and complete response to product questions

Pricing and contract flexibility (pricing and terms)

Integration and deployment

Integration & Deployment

Availability of quality 3rd-party resources (integrators, service providers, etc.)

Ease of integration using standard APIs and tools

Quality and availability of end-user training

Ease of deployment

Service and support

Service & Support

Timeliness of vendor's response

Quality of technical support

Quality of peer user community

Product capabilities

Product Capabilities

Ease of Use

Cloud-Based Management

Prevention

EDR Functionality

Workspace Security Suite

Managed Services

Geographic Support

OS Support

Malware accuracy and effectiveness

Performance impact on endpoint

Management interface /ease of use

Protection

Performance Impact

Deployment and Onboarding

Hybrid Management

TDIR Product Integration

Additional Context

CrowdStrike Falcon

CrowdStrike

SentinelOne Singularity Endpoint

SentinelOne

Sophos Endpoint

Sophos

Microsoft Defender for Endpoint

Microsoft

Trellix Endpoint Security Suite

Trellix

Symantec Endpoint Security Complete

Broadcom

Trend Vision One - Endpoint Security

Trend Micro

ESET PROTECT

ESET

ThreatDown Endpoint Detection and Response

Malwarebytes

Harmony Endpoint

Check Point Software Technologies

50M - 250M USD

<50M USD

250M - 500M USD

500M - 1B USD

1B - 3B USD

3B - 10B USD

Gov't/PS/ED <5,000 Employees

10B - 30B USD

30B + USD

Gov't/PS/ED 5,000 - 50,000 Employees

Gov't/PS/ED 50,000 + Employees

Infrastructure Architect

Support is quite lacking when it comes to integration with other tools. We are really having a hard time getting support, but the tool is very useful even after the outage last year.

Adjunct Professor

My overall experience has been excellent. As a previous customer for several years, I have brought Crowdstrike into several organizations. The main need has been to detect novel malicious and anomalous endpoint behavior. After evaluating several vendors, Crowdstrike was the clear winner. Key factors included the administrator interface, which is clean and intuitive for investigating alerts. This made it easy to track event sequences and determine responses to anomalies. While price was important, we also considered market share, innovation, and integrations with tools like our ticketing system, SIEM, and SOC, maximizing our investment. Measuring ROI is difficult, but the product has delivered value. It effectively handles events, quarantines malicious files, and prevents incidents, thus avoiding significant costs from investigations and threat spread. As a CISO, I have peace of mind knowing I can verify its monitoring and blocking. For example, I tested detection by downloading Mimikatz on a test machine, confirming the agent’s effectiveness. Deployment and onboarding were seamless thanks to mobile device management, enabling zero-touch installation of Crowdstrike agents and removal of our previous solution, migrating all devices in two weeks. The agent worked well with our unattended installation method and caused no compatibility issues with legacy systems; only offline devices (due to user leave) were missed—a common issue for any software. Crowdstrike Falcon scales well; it can support thousands of endpoints, and at around 500 now, I foresee no scaling issues as we grow. Its ability to detect advanced threats and suspicious behavior is very high. I’ve used Red Team tools like Stratus Red Team to simulate complex attacks (e.g., creating backdoor users, deploying scenarios across servers, laptops, and cloud). These tests validate its detection and provide a full assessment of our monitoring, SIEM, SOC, log analysis, and escalation processes.

Palo Alto Networks

VMware (Carbon Black)

Cisco Systems

Bitdefender

Fortinet

McAfee

Broadcom (Symantec)

BlackBerry Cylance

LevelBlue (Cybereason)

Kaspersky

Other...

FireEye

Broadcom (VMware)

BlackBerry

Rapid7 (Minerva Labs)

Cynet

Elastic

WatchGuard

Acronis

IT Associate

CrowdStrike Falcon provides strong endpoint protection with a lightweight agent and real-time threat detection. The cloud-based platform is easy to scale and manage, and backed up with top-notch threat intelligence.

ENDPOINT SECURITY SPECIALIST

Overall, I believe they have a good product. However, there is room for improvement in the visibility of logs within the console, as the current functionality is quite limited. At present, we cannot access network or endpoint logs when investigating a host for unusual activity; logs are only available if a detection occurs. That said, the prevention capabilities are effective.
Regarding custom IoCs, they are restricted to detection only, with no support for blocking or the addition of custom URLs as IoCs. Additionally, there is no functionality for application management or custom application blocking.
The licensing model should also be improved as basic functionality of EPP or EDR like device control are licensed separately rather than being included in the basic license. 

Sr information security specialist

overall the product is ok. tough to get information at timeS

IT Security & Risk Management Associate

This is for specifically Falcon Firewall. The UI experience is frustrating and barely usable. For example, if I want to input multiple filters to view the traffic for an environment then I have to wait for the page to reload each time I apply an individual filter. Ideally I should be able to apply multiple filters at once before needing to reload my results.  Currently the experience is frustrating 

IT ASSOCIATE

My overall experience with CrowdStrike Falcon Endpoint Protection has been very positive. The platform is light on endpoints and does not affect device performance, which has facilitated its mass deployment without end users noticing interruptions.

A concrete example: during a deployment to remote employee laptops, Falcon detected a script-based malware attempt that had not been identified by our previous solution. The alert quickly reached the central dashboard, and the security team was able to isolate the affected computer, analyze the behavior, and eliminate the threat in less than an hour.

On a day-to-day basis, the Falcon console provides complete endpoint visibility and facilitates incident investigation, which has significantly reduced response time and manual workload for our security team. Overall, it has been a reliable and efficient tool to protect our endpoints and minimize

NETWORK ENGINEER

CrowdStrike Falcon has been a strong and reliable endpoint protection platform.It offers real-time threat detection, easy management, and strong integration across modules.While the setup can take some time,the overall performance,visibility,and support are excellent.

Senior IT Team Leader

My overall experience with CS Falcon esp in deployment is very straight forward, its not only an endpoint but also a top security firm right now. They change a lot, not just for detection but to guide vulnerability management and user behavior hardening. 

It Associate

La experiencia general que he tenido con Falcon Crowdstrike ha sido bastante buena, ya que permite hacer un seguimiento bastante detallado de los endpoints asociados, pudiendo ver todas las características de estos, así como las alertas en las que se encuentran.

Active

Find the top Endpoint Protection Platforms with Gartner. Compare and filter by verified product reviews and choose the software that’s right for your organization.

50M-1B USD

1B-10B USD

10B+ USD

Gov't/PS/Ed

Our overall experience with Crowstrike Falcon has been very positive.It provides strong endpoint protection with real-time threat detection, fast response and minimal performance impact on the system.The cloud-based console is user-friendly and offers excellent visibility into security events.

NETWORK SUPPORT ENGINEER

Highly effective and reliable security solutionfor our organization Cloud native architecture.We particularly value its real-time threat detection, behavioral analytics and incident response capabilities, which have significantly improved our security posture.

It's a powerful, endpoint protection with strong visibility across environments. The overall experience seems to be highly positive and very happy with the product and service of falcon. It's very efficient and productive. 

CrowdStrike Falcon is the cream of the crop. There is no other EDR solution I have used that provides the type of functionality, insight, and reassurance that my endpoints are covered and protected from adversaries and insider threats. 

SECURITY CONTROL ASSESSOR II

My overall experience has been excellent. The solution delivers on its promises by providing reliable performance, intuitive usability, and strong integration capabilities. Implementation required some planning, but support and documentation were responsive and thorough.  CrowdStrike has proven that they are the market leader in cybersecurity for good reason! Their innovative technology, proactive approach, and comprehensive protection make this the best choice for anyone looking to strengthen their defenses.

IT Support Analyst 2

The visibility into the activity on company managed endpoints, customizability of the platform, and ease of navigation has been great as a new entry into the cybersecurity career. The only issue has been some of the organization of some of the items in me us as well as documentation. They are no longer listed alphabetically, making it more difficult to find things quickly.

CYBER SECURITY

Crowdstrike Falcon takes immediate action when any incident occurs on the server. If a Critical Incident is detected, the CS team quickly contains the affected host/server without delay and begins mitigation to resolve the issue. My organization has been using it for more than 5 years. 

MANAGER, IT SECURITY AND RISK MANAGEMENT

My overall experiencie with CrowdStrike has been very positive. The platform is mature, stable and highly effective in detecting and stopping threats in real time

The Activity Dashboard is a one-stop shop for everything a SOC analyst needs to do their minimum duties, and does not require any altering. When remediating an incident, the data is presented in a workflow that is intuitive and easy to understand, allowing for quick remediation.

APPSEC ANALYST

CS Falcon delivers excellent endpoint and cloud workload protection with strong threat detection, fast response and a lightweight agent.

CHIEF INFORMATION SECURITY OFFICER

Deployed the solution to 5k+ assets in 3 hours flat, without experiencing an impact with the end point and/or applications. 

CrowdStrike Falcon Dashboard

CrowdStrike Falcon Prevention

The CrowdStrike Falcon platform features a single lightweight agent that delivers cutting-edge, AI-powered real-time protection and visibility. Designed to defend endpoints and workloads both on and off the network, it stops threats before they become breaches. Backed by adversary-driven threat intelligence and AI, the Falcon platform processes trillions of global events weekly in real time, fueling an advanced security data platform accessible through a unified command console.

CrowdStrike is a recognized entity in the cybersecurity space, specializing in enterprise risk management through the innovative application of technology. The company focuses primarily on protecting essential business risk areas such as endpoints, cloud workloads, identity, and data. Employing the state-of-the-art CrowdStrike Security Cloud and advanced AI technology, the firm provides effective solutions. Its CrowdStrike Falcon platform uses real-time indications of attack, threat intelligence, telemetry enhanced from diverse enterprise sources, and evolving adversary knowhow for high-grade detection, automated protection and healing, advanced threat tracking, and efficient vulnerability visibility. The Falcon platform, designed in the cloud with a singular lightweight-agent architecture, offers swift deployment, unique protection and performance, and reduced complexity. Therefore, CrowdStrike delivers a significant value proposition right from the beginning.

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world‚Äôs most advanced cloud-native platform for protecting critical areas of enterprise risk ‚Äî endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon¬Æ platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.