CrowdStrike Falcon

Reduced the use of AWS Security Hub and Microsoft Defender for Servers.

Reduced management overhead.

We did not have any tools in place that provided this type of coverage/service. Thius was the reason to evaluate tools and then to select and implement CrowdStrike.

Again, we did not consolidate/eliminate. Our strategy was to implement this type of coverage/service.

We got rid of AV solution. It can also reduce the siem activity if integrated with the logs from firewalls, etc. USB monitoring was replaced. CrowdStrike Falcon is one step solution to manage host & server. Other Sandbox tool was too was replaced by CrowdStrike Falcon. Network containment helps a lot & removes dependency on other team

Best EDR platform for endpoint protection with best inclass feature offerings

- CarbonBlack EDR was decommissioned once we started migrating to by CrowdStrike Falcon as XDR.
- Thousand Eyes Endpoint tool was replaced using a combination of CrowdStrike Falcon and WorkSpaceOne as it was redundant.
- HaveIbeenPawned API subscription was removed as CrowdStrike Falcon Exposure module provides us with password exposure and password reuse information.
- Some asset inventory tool was decommissioned before I joined the company because of CrowdStrike Falcon. I don't know the name.
- Reduction in splunk clusters due to the use of Falcon SIEM with other tools through their free API integration.

We saved quite some money and resources because of consolidation. Less tools to keep and eye on and also less amount of log forwarding in Splunk. That also saves money and load.

It can replace the classical antivirus for sure, that becomes unesuful considering the great efficiency as edr of CrowdStrike. It can also reduce the siem activity if integrated with the logs from firewalls, etc. The vulnerability management tools also can replace partially tue dedicated ones being able to detect the missing patches but not the setup

As I said before, with CrowdStrike Falcon, there isn’t a need for a ton of security tools. CrowdStrike Falcon provides almost all required tools to achieve a comprehensive security state.

CrowdStrike has only replaced our previous endpoint protection solution

There has been no impact due to consolidation

Just currently replaced the EDR as our current one was end of subscription and took full advantage to review what is currently available and reviewed what was best on the market. We boiled it down to a few and CrowdStrike won out at the end due to features and performance.

didn't as it was 1:1 replacment

Microsoft Defender we have fully replaced with CrowdStrike Falcon as we trust it more. We previously used a tool to block all USB'S in certain locations we have since also got rid of this. We used a basic asset management tool to tell us about windows version and have got rid of this due to having CrowdStrike Falcon.

Lower costs over all.

We are investigating some of these modules but have not fully used them yet.

N/A

Our users frequently installed cracked software and torrents, after CrowdStrike Falcon this has been completely eliminated since most of these are backdoored and malicious so CrowdStrike Falcon would not let them install or even download these. We also made use of exclusion module to exclude some machines from detections, like our Programming labs where students learn to code and may need to download code or program which may not always pass CrowdStrike. Most of these exclusions are hash based.

We have been able to successfully reduce our attack surface area, when installed in first 90 days we had several thousands detections now it has been reduced to 900-1000

EDR
IDP
Vulnerability
Horizon Cloud
Data Protection

Have multiple capabilities on the same console is great.

I have stopped using SEAM and other companies' EDRs.

With USB Device Controll you can get rid of most DLP tools (at least for USB protection).
Also if you have some host firewall management system, it can be replaced with CS firewall management
Remote connection (not interactive or RDP like) can be also be replaced, with RTR

Unsure of the question, but with CS solutions we've increased security level, performance on all our devices and ease of use and management.

We did not remove any tools, but as we built out our security stack - we just expanded the functionality of CrowdStrike and it was already deployed everywhere.

One solution, one environment, one source of reports and logs. Easier and quicker to find all the details.

We've leveraged CrowdStrike Falcon for innovative use cases, such as integrating its threat intelligence into our SIEM solution. This synergy has elevated our overall threat detection capabilities and created a more robust security ecosystem. The platform's ability to stay ahead of emerging threats, coupled with real-time visibility and mitigation, instills confidence in our organization's cybersecurity posture.

CrowdStrike Falcon's multifaceted capabilities have allowed us to consolidate various security tools into a unified platform. This consolidation has streamlined our security operations, reducing complexity and improving overall efficiency.

Integration with the SIEM has not been necessary. From the console it has been possible, in our case, to monitor the system and detect threats in real-time, which has allowed us to act quickly on 100% of the threats detected. However, integration with the SIEM is possible and is done in a simple way.

It has simplified the management of threats on servers, ensuring that actions are carried out quickly without requiring a large number of personnel to do so.

For Security Solution on the clienst and servers we only use CrowdStrike Falcon. We don't need management server in our envirement. That is very convinient. We also use CrowdStrike Falcon multi factor solotion, On the this point we don't need another solution. The vulnerability managementis also very good and we don't need there another tool.

The costs can be taken down. One cosole to manage everything.

CrowdStrike Falcon replaced our traditional anti-virus software and provides more capabilities.

CrowdStrike was more or a replacement for traditional anti-virus so did not really consolidate our tools since it was not replacing multiple tools.

McAfee & Symantec anti-virus systems

Ease of management and better implementation of Falcon software. In addition, CrowdStrike Falcon is well integrated with other tools like SentinelOne Attivo, Splunk, Zscaler, etc which helps in better detection across multiple log sources.

Antivirus, USB Blocking tools, Password management tools, and file monitoring tools.

Ease of management has allowed the systems administrators more time to implement other solutions.

Traditional Antivirus.

With Falcon, we've reduced our reliance on multiple disparate security solutions. Its comprehensive feature set has eliminated the need for some of our legacy tools, leading to cost savings. By reducing the number of tools, we've simplified our workflows. Administrators no longer have to juggle between multiple platforms, leading to increased productivity.

Removed traditional anti-virus and separated MDR tool into a single tool.

CrowdStrike Falcon allows the use of SOARS to help automate some specific tasks when an incident has been determined to have happened. We can automate who is notified and how they are notified. We can automate tasks such as gathering forensic data to help speed up investigations. We can run specific programs on systems when detections happen.

By automating some tasks with CrowdStrike it has allowed us to speed up investigations into incidents that happen. The CrowdStrike Falcon solution also offers API access to other security tools that we use so we can pull data from multiple systems to help make decisions.

We replace the traditional endpoint protection solutions, the vulnerability manager. With the platform, the containment and remediation capacity is gained.