CrowdStrike Falcon and Darktrace offering advanced threat detection and prevention solutions. CrowdStrike excels in endpoint protection, while Darktrace specializes in AI-driven network security. If you need advanced automation and autonomous response, Darktrace might be the better choice. A primary difference is that CrowdStrike's service is host-based, while Darktrace is network-based.
The summary above is based on 216 interviews we conducted recently with Darktrace and CrowdStrike Falcon users. To access the review's full transcripts, download our report.
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The stability is very good."
"It is stable and scalable."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"Forensics is a valuable feature of Fortinet FortiEDR."
"Regarding features, I appreciate its integration capabilities with identity providers...Stability-wise, I rate the solution a ten out of ten."
"I haven't had any issues with bugs or glitches. I haven't had a problem with stability so far."
"We like Falcon's network visibility. We can see how threats are evolving on PCS or in the company network. The solution's real-time incident response is very fast."
"CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools."
"The automatic alert feature is the most important feature of the solution."
"CrowdStrike Falcon's most valuable feature is the fact that it's not getting in the way of our workforce and their workflow."
"The malware protection is the most valuable feature of CrowdStrike Falcon."
"The most valuable feature is its threat analysis."
"I like the Antigena feature in Darktrace, as it offers immediate response and is helpful."
"The most valuable features of Darktrace are its full capabilities. You have visibility of everything."
"The models, triggers, and alerts are customizable."
"The solution can scale."
"The solution is outstanding from a monitoring perspective."
"One thing I appreciate is Antigena Email, which is for email protection."
"It's a very stable product."
"Its AI technology supports cybersecurity by learning my environment and accurately responding to threats."
"Detections could be improved."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"I haven't seen the use of AI in the solution."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"The solution is not user-friendly."
"The SIEM could be improved."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"It takes about two business days for initial support, which is too slow in urgent situations."
"They need to strengthen the forensic capabilities of this product, for e-discovery."
"I would also like to see the endpoint firewall component produce some level of logging and feedback."
"In a future release, I would like to see more integrations for data breaches and security features."
"Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it."
"The ability to receive text alerts natively in the console would be kind of cool."
"Falcon could include more integrative features."
"Darktrace does not have any capabilities to configure."
"The pricing model is a little too high and could be more flexible."
"The level of tracking within the network from the transmission level up to the machine level can use improvement."
"The user interface and the configuration are a bit complex and should be improved or simplified."
"Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better."
"I'd love them to see maybe covering the cloud a bit more."
"Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside. It should also have a better pricing plan because it is an expensive product."
"It's quite expensive to have."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 112 reviews while Darktrace is ranked 12th in Email Security with 66 reviews. CrowdStrike Falcon is rated 8.6, while Darktrace is rated 8.2. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and VMware Carbon Black Endpoint, whereas Darktrace is most compared with Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks, ExtraHop Reveal(x) and Cisco Secure Network Analytics.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @reviewer1799568,
Most of these comparisons are opinions and some tests are done in specific conditions that might not suit or reflect your organization's needs and roadmap. Ultimately, the cost of a mistake is a data breach and not just an audit finding or operational discomfort.
I mention this because there are no viable shortcuts. I suggest you test the solutions thoroughly in your own environment to see what works for you.
The gaming floor is hopefully "air-gapped" and the solution should respect that segregation and still provide great security and visibility. One of the challenges is security updates.
For such an environment you would need comprehensive AI and machine learning. I suggest you look at the difference between IOC and IOA.
IOA vs IOC: Defining & Understanding The Differences | CrowdStrike. (Please also check other sources).
Good luck and stay safe!
The pros and cons of Darktrace vs Crowdstrike Falcon vs alternative EPP solutions are something worth looking at before making a decision on which one is the best fit for your particular needs.
Darktrace is an AI-based cyber security solution that uses machine learning to identify threats faster and with greater accuracy than traditional approaches. It works by continuously scanning the network, learning its normal behavior, and then detecting anomalies or malicious activities in real-time. This can provide your business with an early warning system to alert you to potential attacks before they have a chance to do major damage. One of the biggest advantages of Darktrace is that it’s able to work without relying on vulnerable signatures, meaning no matter how complex or sophisticated an attack may be, it will still be detected. The other benefit here is the scalability—Darktrace can quickly scale up as needed in order to protect larger networks rapidly changing over time.
CrowdStrike Falcon is another popular endpoint protection platform touted for its cloud-based architecture and advanced threat prevention capabilities. Similar to Darktrace, it has some powerful detection technologies but differs slightly in terms of how it works as well as what kind of threats it’s designed for. While Darktrace focuses mainly on malware protection, Falcon primarily focuses on preventing data exfiltration attempts or unauthorized accesses from outside sources such as remote hackers or phishing emails trying to steal information stored inside your system files or databases etcetera CrowdStrike also offers a cloud-native approach which means they can update their signature database nearly instantaneously against any new forms of attack so you don’t need to worry about attackers finding ways around their protections even if they manage one vulnerability first time round. The downside here though could be a lack of control in terms of what type/level updates you choose – this varies depending upon the subscription level chosen by users.
Alternative EPP solutions include those offered by vendors such as Symantec Endpoint Protection (SEP) and McAfee, these often have greater coverage when compared with software like CrowdStrike, however, you should bear in mind that these providers tend not only to charge more expensively but they also come bundled with additional features like anti-virus software, etc., which depending upon your desired goal may prove superfluous thus leading ultimately into cost waste rather than efficiency gain. SEP notably boosts robust customization abilities whereby customers are given generous freedom within setup policies - allowing them fine grain authority over endpoints rules set up e.g. whether particular application file types can run, allowing internet connection, etc. (elements not quite present within CrowdStrike) – although again there comes significant added expense via extra licenses required plus paywall obscurity associated with product tiers being unclear until we eventually reach checkout point.
In conclusion, all three services outlined here offer good suite options for businesses seeking out endpoint protection platforms. Each has respective strengths and weaknesses so careful analysis should help weigh out the pros and cons faced overall - consider particularly well whether the price tag is commensurate with potential user experience value gained meanwhile considering deeply what levels customizability offered suits own demands perfectly prior to forging ahead towards whichever choice deemed most suitable!
Hi.
I am told that Darktrace is a complimentary product that doesn't do any endpoint protection.