CrowdStrike Falcon

What I like most about CrowdStrike Falcon is its proactive detection and rapid response to threats. The combination of real-time analysis, process behavior and cloud-based protection allows you to identify even unknown or fileless attacks that other traditional solutions could miss. For example, Falcon once detected suspicious activity on an endpoint that was running a legitimate script modified by an attacker. The platform automatically blocked the malicious execution and generated a detailed report with recommendations on how to enforce application policy, allowing the security team to remediate the situation without impacting operations. Additionally, the centralized interface and clear alerts make managing and monitoring all endpoints much simpler and more efficient. This gives me confidence that our devices are constantly protected without the need for constant manual intervention.

The platform provides immediate alerts and rapid identification of threats, helping our team response quickly. Cloud base management allows us easy access from anywhere this will reduces the need for us to be on-premis. And least detailed security analytics give deep insights into threats patterns.

Real-time mobile threat detection: Instantly identifies and blocks malicious apps, phising links, and network-based attacks on iOS and Andriod devices. Zero-touch, seamless enrollment: Fast deployment and integration with existing MDM/UEM platforms allow wide-scale protection with minimal user effort. Privacy-focused unified platform: centralized management and compliance across mobile and transactional endpoints, while respecting user privacy-only monitoring of corporate apps and no scanning of persoanl data.

What I like least about CrowdStrike Falcon Endpoint Protection is that, although the platform is very powerful, some reports and alerts can be too technical for non-specialized personnel. For example, when an alert is generated about advanced suspicious behavior, the report includes many details of processes and scripts that require in-depth knowledge to interpret correctly. This can slow down decision making if the team receiving the alert is not fully familiar with the terminology. Another minor point is that, at first, configuring certain advanced policies can be a bit complex, especially for organizations that do not have a dedicated security team or experience in PPE. However, these are minor aspects compared to the overall value and effectiveness of the platform.

We notice first that sometimes legitimate files or process are flagged as threats, which can disrupt workflows and required manual review to whitelist safe items. We where hopping this would solve it for use so we spend less time. Secondly, the agent can consume significant CPU and memory on older machine leading to slower performance and impacting user productivity. The incident that happed few months ago world wide that create a blue screen, cost. Should not be happed that's why they need to check careful planning they update beter.

Reporting and alert customization: The reporting and alert settings could be more flexible; some less critical notifications can create unnecessary noise and are not easily filtered. Sync challenges: Synchronization with ome third-party MDM or UEM solutions can occasionally lag, requiring manual troubleshooting or vendor intervention for full compatibility. Relatively high cost for advanced features: The platform comes t a premium license tier, and adding certain advanced capabilities may require extra expense, which can be prohibitive for smaller teams. Support has been generally responsive, though resolution times vary depending on issue complexity.