CrowdStrike Falcon is best known for its next-generation anti-virus (NGAV) package, called Falcon Prevent. In addition, the company has expanded its systems menu to deliver an extensive list of products. This extends to managed services and consultancy services.
Most of CrowdStrike’s services are delivered from the Cloud. However, to bypass firewalls without weakening network security, the CrowdStrike system requires an element installed on each monitored system. With this dual-level strategy in place, CrowdStrike can offer customers a distributed and centralized system.
The decision to use a two-level delivery model paid off when the Covid pandemic hit the world. Corporations want to centralize IT services. However, that doesn’t need to mean centralizing staff locations. The devices of work-from-home staff can be protected by CrowdStrike Falcon just as quickly as desktops in company offices.
CrowdStrike isn’t the only security software provider that has developed a SaaS platform that uses local agent programs. Towards the end of this review, we will list rival security packages that use the same delivery model.
About CrowdStrike
CrowdStrike started up in 2011. The company’s consultancy branch, called CrowdStrike Services, was initially more active than the software development division. However, the Falcon family of products first emerged in 2013.
CrowdStrike Falcon is a family of products delivered from a SaaS platform. Ironically, the company’s most successful product, Falcon Prevent, isn’t cloud-based. Instead, Falcon Prevent is an on-device next-generation anti-virus. It also operates as an agent for all of the cloud-resident services that CrowdStrike offers on its platform.
Since 2013, the company, based in Sunnyvale, California, has extended its product list, and in June 2019, the business was listed on the NASDAQ exchange. Today, CrowdStrike Holdings, Inc. is worth $47 billion.
The CrowdStrike Falcon platform
The cloud-based element of CrowdStrike Falcon’s core system is called Insight. This coordinates Falcon Prevent instances, creating an EDR.
Falcon Prevent deploys user and entity behavior analytics (UEBA) to establish a baseline of regular activity per device and user account. In addition, this system is autonomous, so it can operate when endpoints get isolated from the network.
The Insight unit acts like a SIEM. It receives activity records compiled by the Prevent instances and sorts through them, looking for Indicators of Compromise (IoCs). This part of the system also updates endpoint agents on pending attack campaigns.
CrowdStrike shares attack intelligence with its customers, so if one customer experiences a new attack, all other CrowdStrike Falcon clients get informed about it. In addition, the Insight module also shares attack information between endpoints. This addresses the possibility of malware or hackers moving laterally around the network from endpoint to endpoint.
Customers can extend the threat intelligence that is built into the standard Falcon service by subscribing to an external threat intelligence feed, called CrowdStrike Falcon X. There are two other levels to the Falcon X package, called Falcon X Premium, which adds on human-readable threat reports, and Falcon X Elite, which includes the assistance of a cybersecurity expert.
By implementing security orchestration, automation, and response (SOAR), CrowdStrike XDR was created. This can gather information from third-party security services on a network, such as firewalls. The system can also communicate with Falcon Prevent instances and other security systems to shut down attacks.
The threat-hunting features of Falcon Overwatch. This is a managed threat-hunting service implemented by a team of cybersecurity experts.
One other service mediated by Falcon Prevent is the CrowdStrike Falcon Device Control system. This lets central administrators see and control the use of each USB port on a computer.
Falcon Firewall Management focuses on third-party firewall software. This is Falcon XDR narrowed down to just coordinating firewall software.
Falcon Discover is another service offered on the Falcon platform. This also needs an endpoint agent, and it is usually provided in conjunction with Falcon Prevent. This asset discovery service compiles a hardware inventory and then creates a software inventory for each device. This tool can help you spot rogue devices on the network, identify unauthorized software, and support software license management and patching.
CrowdStrike Falcon packages
CrowdStrike products are offered in bundles. These are:
- Falcon Pro
- Falcon Enterprise
- Falcon Premium
- Falcon Complete
Not all of the modules explained in the previous section are available as standalone products – they can only be bought as add-ons to a package.
- Falcon Pro Falcon Prevent – Falcon X, Falcon Device Control, and Falcon Firewall Management are available as add-ons.
- Falcon Enterprise Falcon Prevent and Falcon Insight – Falcon X, Falcon Device Control, Falcon Firewall Management, and Falcon Overwatch are available as add-ons.
- Falcon Premium Falcon Prevent, Falcon Insight, and Falcon Discover – Falcon X, Falcon Device Control, Falcon Firewall Management, and Falcon Overwatch are available as add-ons.
- Falcon Complete This managed service comes with a Breach Protection Warranty of $1 million.
Additional products
CrowdStrike has expanded its services beyond the packages built around endpoint protection. These additional services are hosted on the Falcon platform, but they don’t form part of any package. They are:
Falcon Spotlight
Falcon Spotlight is a vulnerability manager, which is based on Falcon Discover. Think of this as Falcon Discover +. This tool compiles an asset inventory and then checks on the configuration of all devices to ensure they are fully protected against attack. The Spotlight service includes an AI module called ExPRT.AI, which acts by searching through a Common Vulnerabilities and Exposures (CVE) database. This cloud-based service operates continuously through an on-premises agent.
Falcon FileVantage
FileVantage is a file integrity manager that can be applied to system files or data stores that need to be controlled for data privacy standards compliance. This system can be automatically tuned to a specific standard, such as PCI DSS, HIPAA, or SOX. This service doesn’t encrypt files and guard access to them. Instead, it logs the user account that accessed a protected file and notes its actions.
Falcon Forensics
Falcon Forensics is a package of system investigation tools that can be used to document an attack. This type of service helps reveal the extent of damage inflicted by a malware infection or hacker attack. For example, find out what data was accessed, changed, or moved and which software has been replaced, removed, or corrupted.
Falcon CWP
CWP stands for Cloud Workload Protection, which is CrowdStrike’s protection system for cloud resources, similar to the endpoint protection provided by Falcon Prevent. As well as identifying and blocking malware and intrusion in progress, this system acts as a vulnerability manager to identify potential system weaknesses in cloud-resident code.
This system operates on containers and cloud servers and can be implemented on Amazon Web Services, Azure, and Google Cloud Platform. This is continuous service, and it spots system security weaknesses and threats. In addition, it can be integrated into a CI/CD pipeline for development testing.
Falcon Horizon
The Falcon Horizon package is a cloud security posture management (CSPM) system. The service operates as both a vulnerability scanner and a compliance system. The service also includes a threat intelligence system that scans the Dark Web for lists of client company identities, such as names or email addresses.
This system is a vulnerability manager for AWS, Azure, and GCP. It will scan containers and programs and set them to run continuously.
Falcon Runtime Protection
The Falcon Runtime Protection system is a continuous testing service used as part of a CI/CD pipeline. It checks through systems, including containers and microservices, for vulnerabilities and security errors.
This package runs from the cloud and tests services resident in the cloud. The tester performs a discovery service, drilling through to supporting services hosted elsewhere. The tool can continue to run for IT operations.
Falcon Zero Trust
The Falcon Zero Trust system strengthens authentication procedures for users accessing cloud resources or hybrid systems. This is a service that businesses that operate assets across sites or on-site and on the cloud.
The Zero Trust system integrates with Active Directory. The AD implementations can be resident on one of your servers or the cloud as Azure AD. This service is a variation on user and entity behavior analytics (UEBA) because it tracks users’ activities, notes their location when logging in, and raises an alert if behavior suddenly changes.
Unexpected changes in user behavior could denote account takeover. Therefore, the system pays attention to authentication activity and protects access rights management systems against tampering.
Falcon Identity Threat Detection
Falcon Identity Threat Detection (ITD) offers a service that analyzes the user accounts in your system and recommends ways to tighten them up. The service operates on accounts for cloud resources and those active on your sites. The access rights analysis identifies abandoned accounts and weak password policies.
The ITD package also tracks all access attempts, watching lateral movements across your system and recording failed login attempts. These events could indicate insider threats or account takeover. In addition, illogical access attempts, such as the same account being used in two different locations or a user account being used from a place where that individual is known not to be, also triggers alerts.
CrowdStrike Falcon deployment options
All of the CrowdStrike Falcon services are cloud-based, except for the Falcon Prevent system. That software is available for installation on Windows, macOS, and Linux.
CrowdStrike Falcon prices
The main product packages of CrowdStrike Falcon are priced per endpoint per month on a subscription. Even though the tariff is set per month, fees must be paid annually in advance.
The price list is:
- Falcon Pro: $8.99 per endpoint per month
- Falcon Enterprise: $15.99 per endpoint per month
- Falcon Premium: $18.99 per endpoint per month
- Falcon Complete: Priced by negotiation
CrowdStrike Falcon strengths and weaknesses
The CrowdStrike Falcon family of products is comprehensive and is constantly growing – the Zero Trust product was added to the platform in November 2021. The company has grown to a large size and has achieved success by providing reliable security systems.
We have identified several good and bad points in the CrowdStrike Falcon platform.
Pros:
- A large stable of products that provides a thorough protection for networks and cloud resources
- A suite of services that can enroll remote, individual devices
- An easy-to-use console that is accessible through a Web browser
- Consolidated services that exploit one joint on-devices agent
- Backed by a prominent cybersecurity consultancy
Cons:
- No firewall product
Alternatives to CrowdStrike Falcon
Combining a cloud-controlled service with endpoint agents is a successful architecture for cybersecurity products, and many rivals have adopted it to CrowdStrike Falcon.
Here is our list of the best alternatives to CrowdStrike Falcon:
- Palo Alto Palo Alto’s strength is its firewall service. It is available as a network device, as a virtual appliance, and as a SaaS platform. The company has added on services to the firewall implementation, adding on content filtering, data loss prevention, software-defined wide-area networks SD-WANs) and secure access service edge (SASE) systems.
- Perimeter 81 This business is an innovative cloud-first enterprise that can deliver a range of security services from its SaaS platform. Among the tools on offer are an SD-WAN, a SASE, Zero Trust application, and network access, plus a cloud-resident firewall. This system is ideal for knitting a distributed team into one secure virtual network.
- Forcepoint This system protection service includes a firewall package and data loss prevention that identifies and protects sensitive data. Forcepoint also offers a SASE system and a Secure Web Gateway.
- Rapid7 Insight This cloud platform is very similar to the CrowdStrike Falcon family, except it doesn’t have a solid on-device unit competing with Falcon Preven.t Instead, you can get an XDR or a vulnerability manager from this provider.
- Endpoint Protector Focusing on EDR and data loss prevention, this package is delivered from the cloud with solid endpoint agents that can also implement device control. This system is offered as one package rather than a series of services.
