We are already using multiple modules of Crowdstrike Falcon. Have you used CS Falcon for IT in production and, if yes, what are your experiences?

Operations ManagementThreat & Vulnerability Management
295 viewscircle icon2 Comments
Sort by:
Associate Director, Information Security Managementa year ago

Yes, we are and have been for some time. On servers it’s a lightweight deployment:

Fast and easy
In almost all cases, no reboot required
Low resource consumption on the local OS
Low Network usage

We also find it’s quite effective at the behavioural side of blocking attackers when they get hands-on-keyboards (vs. scripted/automated) attacks. It’s an effective heterogeneous solution applying and performing quite well across Linux, Windows and macOS. Not all EDR/XDR tools are effective heterogeneous solutions.

Director of Information Security in Healthcare and Biotecha year ago

Overall, we've had a great experience. It works well across platforms (Windows, Mac, Linux). The GUI can be a little cumbersome to navigate as not all the web pages are consistently laid out and they are constantly adding and renaming things so you have to keep up with it. Easy to deploy. Some extra steps to uninstall an agent on a device that stopped report in. And still supports some legacy OSes, albeit with a limited feature set.

Content you might like

What’s your organization doing to protect against risks related to disinformation? How are you approaching this & which business unit leaders are currently involved?

Read More Comments

Disesdi Susanna Cox outlines 3 critical threats:
1. Non-deterministic decisions – same prompt, different actions (e.g., unintended transfers).
2. Cascading failures – multi-step tasks = more attack surface.
3. Emergent behavior – guardrails can’t cover infinite edge cases; focus on blast radius and recovery.

3 Controls to Implement Now: 
• Map agent workflows to attack tactics (MITRE ATLAS)
• Weekly prompt-injection tests (OWASP + CSA)
• Least-privilege, expiring agent tokens (NIST AI RMF + CSA MAESTRO)

Which control or framework gives you the biggest headache, and how are you tackling it?

Full analysis: https://disesdi.substack.com/p/openai-just-dropped-their-agentic

How valuable to reducing change/fail % is it if a sys admin is able to predict the impact of a kernel or glibc change before applying the change to their Linux systems?

Highly valuable30%

Moderately valuable68%

Not valuable at all.1%

View Results

What are you currently using to monitor APIs for anomalies in transaction logic?

What are the areas that your organization prioritizes for digital risk protection to help defend against cyber threats? (check all that apply.)

Attack Surface Management39%

Account Takeovers65%

Executive Protection47%

Hacktivism/Disinformation28%

Brand Abuse/Impersonations21%

Phishing Attacks33%

View Results