I'm looking at either Crowdstrike or Sentinel One for EDR.
I'm also looking for an MDR solution. Blackpoint seems like a good option.
Does anyone have experience using Crowdstrike's MDR service?
I’m the most senior cybersecurity person in an organization of around 1,200 people. Our leadership is looking to cut costs due to recent financial issues, and they’re considering dropping CrowdStrike Falcon Complete MDR for Microsoft Defender for Endpoint.
CrowdStrike has been great for us, with 24/7 managed detection and response, proactive threat hunting, and fast incident response. I’m worried that switching to Defender, without those managed services, could leave us exposed to more risk.
I’m looking for help with two things:
Feature Differences: What would we lose if we move from Falcon Complete to Defender? How do their EDR capabilities, threat hunting, and response compare?
Risk Concerns: What are the biggest risks if we make this switch? Any real-world examples or data to back up the potential downsides?
I really want to make sure leadership understands what we’re giving up here. Any advice or experiences would be helpful.
Thanks!
Videos
Hi,
I know this subreddit might be a bit biased towards this question, but I'll ask anyway.
We need to decide between a managed SIEM/SOC solution and CrowdStrike's MDR, specifically the Falcon Complete solution. Unfortunately, due to budget limitations, we can't afford both.
From my perspective, after testing CrowdStrike for a month mostly the EDR and ITDR solutions and I think its amazing. I haven't tested the Falcon Complete solution yet, but I've heard very good things. However, if we choose the MDR route, we'll lose our managed SIEM/SOC solution entirely, which means we will have to find other solutions for the parts of our infrastructure that CrowdStrike doesn't cover, like network, VMware, NAC, etc.
The deal also includes the NG-SIEM, which I know is based on LogScale. This means I'll be blind to any system that doesn't have LogScale integration.
What's your opinion on this? What would you do?
Im doing a competitve study on vendor provider MDRs and I have heard great things about CRWD MDR, can anyone help on why they arw the best.
We do not have any SOC right now, would onboarding CrowdStrike MDR and managed SIEM (NGSIEM) replace the need for a managed SOC?
Super small security team, for a medium-large company.
We currently use falcon and we also have access to Microsoft Defender for endpoint. Does any of you guys use CS plus use defender in detection mode only? Of course having two EDRs in block mode could be a problem.
Broad question I know but what's the view on Falcon Complete against Defender with some sort of MDR wrap to get a fully managed service please?
Jas
I’m currently the most senior cybersecurity professional in an organization of 1,200 employees. Due to a recent financial downturn, executive leadership is considering cutting costs by replacing CrowdStrike Falcon Complete MDR with Microsoft Defender. CrowdStrike has been an effective solution for us, providing robust threat detection and 24/7 managed response, and I believe switching to Defender would increase our risk.
If leadership is willing to accept that additional risk for cost savings, I understand their position, but I want to ensure they are fully aware of what we’re giving up.
My question is: How can I best communicate the specific features and protections we’ll be losing, and quantify the additional risk this change would bring to the organization?
Anyone else pumped to see the new Falcon capabilities?
Hello Everyone
We currently use CrowdStrike as our Managed XDR solution but do not have an SIEM in place for log aggregation from various third-party sources. CrowdStrike is now offering SOC as a Service (SOCaaS), and we're trying to decide between using their service or opting for another SOC service provider.
Can anyone provide a technical explanation of the benefits of choosing CrowdStrike's SOCaaS over SOC service providers?
Any input or experiences you can share would be greatly appreciated!
Thanks in advance!
To purchase the MDR solution, do I have to buy it through Crowdstrike directly?
Are there endpoint minimums?
I have some Cybersecurity knowledge but I want a service to completely manage the EDR, and potentially add the other parts of the Falcon that CRWD offers.
Most people purchase Crowdstrike through a VAR. Not sure if there are any minimums.
Would caution you to pick an MDR based on also device management, DM is an MSSP service that guidepoint or SHI can offer, the MDR I recommend for you to evaluate independently, also there are some ethical concerns with the “fox also watching the henhouse”. they also limit interaction with the SOC for you. Get the EDR and management through a var but look at red canary, Expel, or Binary defense for the MDR Is my take.
Looking for a opinions from people that have used both products, we are currently using CrowdStrike Complete and we like the product and the 24 X 7 SOC has been outstanding, we are being pushed to migrate to Defender and I would like to hear some opinions if you have used both products.
Why would you move to Defender, or why you would not move to Defender.
Thank you in advanced!
We have been looking at implementing a MDR in our environment. We have nailed it down to Bitdefender and Crowdstrike and cannot make up our minds. Crowdstrike is significantly more expensive. Is their price justified by their services over Bitdefender?
Has anyone used both and have a preference over one or the other?
My Org has a number of Crowdstrike EP solutions that a small remote internal team manages while the management/policy of core FW, Office are outsourced to 3rd party. We are looking at Expel MDR and CS MDR and Services. Current CS limitation is that they're endpoint only - do they partner with other providers for non-EP solutions? IN terms of services looking at Mandiant retainer, does CS offer Business Email Compromise investigation?
CS only runs endpoint and identity as an MDR.
If you want to do something like Expel you need a log stack and an IR provider that can use all different tools like Extrahop or Proofpoint/Mimecast to make an effective BEC response strategy.
You will probably need an MSSP that will work with your existing tools. Sort of like a BYO Security Stack MSSP solution. The big players will say they do it but you might want to find a boutique outfit.
I am pretty sure the CS Breach services will do anything you pay them to.
I was quoted like 60k for crowdstrike MDR and only 15k for Huntress MDR. Huntress runs on top of Defender, so we'd prefer to go with them, but something seems off about that pricing...
Long time lurker looking for your input on the managed offering from both Crowdstrike and Sentinelone. I know there are lots of opinions on these two vendors in the MSP community and a few older threads here in sysadmin, but thought I'd ask again.
We have pricing for both S1 and CS fully managed offerings in their government clouds and due to CS destroying the internet we have significantly cheaper pricing for CS vs S1 with rate locks so we don't have to worry about renewals in the future.
So, my question to my fellow sysadmins is if price wasn't an issue, which product is better in your eyes?
What were the pros/cons for each vendor?
I've done demos and hands on POV/POC in both platforms, but I want to know what people think about the tools when they are at scale in production.
Thanks!
Edit: I wanted to say we currently have Defender (E5) but we are looking at CS or S1 for the 24x7 managed SOC since our team is stretched thin.
I’m trying to compare EDR solutions and have a demo with CrowdStrike in a few weeks. I’ve seen sentinelOne and Sophos and I’ve been hearing the CrowdStrike is the best. Anyone with experience with CrowdStrike what makes CrowdStrike better then a the competitors?
Curious how folks are really using MDR providers day-to-day.
Do you trust them to handle detection/response in cloud and SaaS apps (like Okta, M365, AWS, etc), or is it mostly just endpoint/network stuff? Why or why not?
Can they actually respond to incidents on your behalf, or do they just escalate to your internal IR team?
How deep do they go on investigations? Can they reach out to employees directly (e.g., Slack messages to verify behavior) or are they limited to log review?
And how do you evaluate whether your MDR is doing a good job? What are the red/yellow/green flags?
Hello, my company is currently looking for a new MDR vendor. We are looking at Crowdstrike and Arctic Wolf. The big difference I see between these two companies is that Crowdstrike uses host-based IDS/IPS, and Arctic Wolf uses network-based.
Arctic Wolf keeps making it sound like Crowdstrike would not be sufficient in keeping our network secure due to their solution being host-based. We currently have Next Generation Firewalls that have the IDS/IPS solutions built in, so would we need the physical devices that Arctic Wolf provides, or would Crowdstrikes host-based solution be sufficient?
Any input on experiences with these vendors would be greatly appreciated!
I’ve been a threat hunter for roughly five years now. Been working with CrowdStrike for about the last year (Was Carbon Black before) and I have to say I think CrowdStrike is completely overrated.
I’ve been pretty disappointed with it from a visibility perspective. I think a whole lot less of the MITRE Engenuity evaluation after my experience with it to be honest.
Do other threat hunters and blue team folks out there with exposure to more than one EDR feel the same way?