We are thrilled that the CrowdStrike Falcon®® platform continues to receive stellar evaluations in third-party testing. Our recent participation in several highly-regarded industry evaluations reflects the fact that CrowdStrike® is on a mission to stop breaches for our customers and a crucial part of that journey is to continually test our solution, validate its capabilities and find opportunities to improve. We also make it easy for customers to test CrowdStrike Falcon® for themselves via our free trial program. Every minute of every day security teams put enormous trust in endpoint security solutions to protect their organizations from breaches. Unfortunately, most organizations lack the ability to accurately assess the effectiveness and performance of security solutions on their own. In order to establish trust, open and independent testing remains the only way for organizations to validate vendor claims about their solutions. The following are summaries of several recent independent evaluations of the CrowdStrike Falcon® platform:
SC Media / SC Labs: Five Stars Across the Board
In a recent product evaluation by SC Labs’ Tom Weil and Matthew Hreben, the CrowdStrike Falcon® platform received the highest possible rating — five stars in every category, including Features, Documentation, Value for Money, Performance, Support and Ease of Use. Of Falcon strengths, the reviewers write, “Functionality is backed by the 24/7 Falcon OverWatch® team, going beyond alert triage with the proactive adversary and threat hunting across all environments.” SC Labs found no weaknesses in the Falcon platform.
Single Lightweight Agent
The review highlights the Falcon single, lightweight, intelligent agent that deploys across every endpoint, stating how it “gathers system events (and) takes proactive detection and prevention actions as necessary, with or without cloud connectivity.”
Falcon’s Ease of Use and Effectiveness
After putting Falcon through some testing maneuvers with the lab’s toolsets, the reviewers were very pleased with the results, writing “We were truly impressed with the ease of navigation between the different applications and how interactive the dashboard is. An administrator or security analyst with little experience could navigate this product with a high degree of confidence in understanding an event. CrowdStrike impressively stopped all five testing detonations.”
CrowdStrike Threat Graph
The reviewers also extoll the virtues of CrowdStrike Threat Graph®, the massive graph database that serves as the “brains” behind the Falcon platform. The review describes how incidents are populated in a visual process tree that includes clearly displayed details. Of the process tree functionality they write, “This showed numerous details on execution, files, sandbox analysis, etc., helping organizations gain a clear understanding as quickly as possible without being overly technical.”
AV Comparatives for Both Mac and Business Security
In June, AV Comparatives released two new test reports covering the Falcon platform. The testing resulted in Falcon being awarded AV Comparative’s top certifications: Approved for Business Security and Approved for Mac Security, providing additional validation of CrowdStrike’s leadership in next-generation antivirus (NGAV) efficacy. Falcon achieved this approval by delivering highly effective malware detection, with low levels of false positives and excellent performance. AV Comparatives tests a solution’s ability to effectively stop malware of all types, on multiple platforms, understanding that, while most organizations tend to focus on Windows malware effectiveness, the threat landscape is much broader. Enterprises need comprehensive, multi-platform protection if they’re going to be effective at stopping breaches and CrowdStrike is committed to delivering that protection.
How AV Comparative Testing is Conducted
AV Comparatives releases Windows test reports approximately every three months, with full certifications awarded twice a year.
CrowdStrike has been participating in continuous testing with them since 2016. In this round, AV Comparatives collected Windows malware samples from March through June 2019 and evaluated the ability of solutions to detect and prevent infection. AV Comparatives also assessed false positives, as well as performance impact on the endpoint.
How Falcon Performed in AV Comparatives Windows Testing
AV Comparatives awarded Falcon certification as “Approved for Business Security.” This is the highest level of certification a provider can achieve. Highlights of the testing include:
- 99 percent Protection Rating on Windows, blocking 725 out of 732 recent samples pulled from real-world threats
- Excellent Windows Performance, with the top rating of “very fast” in 6 out of 8 performance categories
How Falcon performed in AV Comparatives Mac Testing
This was CrowdStrike’s second year of participation in AV Comparatives annual tests for macOS. The Mac Security test assesses how effectively security solutions protect macOS systems against malicious apps. The test took place in June 2019 and used macOS malware that had appeared in the preceding few months, including a total of 585 recent and representative malicious Mac samples. Falcon received certification as “Approved for Mac Security,” the highest Mac certification awarded by AV Comparatives. Highlights of this testing include:
- 99.7 percent Mac malware protection
- Zero macOS false positives
It’s important to note that CrowdStrike is the only next-gen antvirus (NGAV) vendor to submit its Falcon PreventTM NGAV solution for participation in regular, recurring macOS certifications.
MRG Effitas 360 Degree Assessment and Certification
CrowdStrike participated in MRG Effitas 360 Degree Assessment and Certification and received a Level 1 Certification — the highest rating possible. This round of testing by MRG Effitas focused on traditional “real-world” detection tests. It’s called a “360 Assessment” because it employs the full spectrum of malware, including Trojans, backdoors, financial malware, ransomware and other malicious applications. Besides real-world testing, MRG Effitas performed tests to check PUA (potentially unwanted application)/adware protection and exploit/fileless protection, and measured false positive detection rates. They also measured the performance impact of the security products being evaluated. Malware was delivered to the systems being tested via a mix of malicious URLs, webmail, drive-by downloads and other channels.
How Falcon Performed in MRG Effitas Testing
Falcon scored high marks — achieving a Level 1 Certification, the highest ranking awarded by MRG Effitas. We believe this is not only a great achievement for CrowdStrike’s first published test with this highly respected organization, it is further validation of our commitment to protecting our customers. Falcon used a variety of techniques to block a wide range of malware, fileless attacks and other threats to achieve the following impressive list of scores:
- 99.71 percent of “in the wild” threats
- 100 percent of ransomware
- 100 percent of financial malware
- 100 percent of fileless attacks
- 92.86 percent of PUA/adware
In addition, Falcon delivered the best performance rating of all tested vendors, and did it with zero false positives, providing further evidence that the Falcon platform delivers the right combination of powerful detection, without impacting business operations.
SE Labs Gives CrowdStrike AAA Rating
SE Labs tested a variety of endpoint security products from a range of well-known vendors, in an effort to judge which were the most effective. Each product was exposed to the same threats, consisting of
a mixture of targeted attacks using well-established techniques. This included public email and web-based threats that were live on the internet at the time the tests were conducted. The results indicate how effective the products were at detecting and/or protecting against those threats in real time.
How Falcon Performed in SE Labs Testing
CrowdStrike earned a AAA rating for Enterprise Endpoint Protection from SE labs, the highest ranking possible in this test. Other highlights from CrowdStrike results include:
- A “Total Accuracy” rating of 95 percent, representing an aggregate score across all the tests SE Labs performed
- Falcon detected 98 percent of all the threats SE Labs used in the test, and blocked 92 percent of them
- There were zero false positives in the Falcon platform’s results
- Falcon achieved a “Protection Rating” of 85 percent, which reflects the fact that Falcon does not block access to URLs, but is highly effective at blocking execution of malicious payloads
AV-TEST Corporate Endpoint Protection for MacOS
In the most recent report, AV-TEST certified the Falcon platform as “Approved for Corporate Endpoint Protection for macOS.” Falcon achieved this approval by demonstrating 100 percent protection against all tested malware, with zero false positives.
AV TEST Recognition Commands Respect
AV TEST is highly respected in the endpoint protection industry as a tough-but-fair evaluator of endpoint security technologies. In this round of macOS testing, they brought together a variety of widespread macOS malware collected over the previous four months, and evaluated the ability of solutions to detect and prevent macOS infections. AV-TEST also assessed usability, by monitoring for false positive detections and user alerts, as well as assessing performance impact on the endpoint.
How Falcon Performed in AV Testing
Falcon achieved “AV-TEST APPROVED” certification, the highest ranking awarded by AV-TEST for macOS malware detection. Falcon scored well in all categories:
- Protection Score: 6 out of 6, detecting 100 percent of tested macOS malware
- Usability Score: 6 out of 6, showing zero false positives and zero false security warnings
- Performance Score: 5 out of 6, with above-average results for 3 out of 4 performance categories
CrowdStrike is Committed to Independent Third-Party Testing
CrowdStrike is committed to consistently subjecting the Falcon platform to independent third-party testing and validation. We are proud of the recognition we receive from leading testing organizations, but more importantly, we value what it means to our customers, partners and the industry at large. With this third-party validation, you can be assured that the claims we make about the Falcon platform’s performance and effectiveness have been independently tested and proven to be true.
Additional Resources
- Learn what other third-party analysts and evaluators have to say about the CrowdStrike Falcon® platform by visiting the CrowdStrike Industry Validation webpage.
- Check out the SC Labs Review of the CrowdStrike Falcon® Platform.
- Read the AV Comparatives results: Approved for Business Security and Approved for Mac Security.
- Learn how CrowdStrike Falcon® earned the MRG Effitas 360 Degree Assessment and Certification.
- Read the report from SE Labs.
- Read the most recent AV Test Report: AV-TEST certified the Falcon platform.
- Download the 2020 CrowdStrike Global Threat Report
- Test CrowdStrike next-gen AV for yourself: Start your free trial of Falcon Prevent™ today.