Tested &
recommended by
Microsoft
VS.
overloading
Domain
Controllers
Lightweight AD adapter co-developed with Microsoft results in minimal consumption
of Domain Controller resources.
Heavy agents perform all processing on the Domain Controllers,often
causing downtime, & requiring
significant increase of DC hardware
resources (~20-30%).
Native integration with Azure AD,Authenticator MFA, & Defender
suite. Keep up with evolving security
requirements, such as stronger MFA
with Number Matching.
Azure AD workaround requires installing ADFS & RADIUS servers in
Azure AD, only supports ‘push MFA
for Microsoft Authenticator.
No modification of AD software, scheme, or 0S. No password info
sent to the cloud.
Intrusive architecture that acts as a wrapper around LSASS to sync AD password hashes to CrowdStrike’s cloud. Requires connecting DC directly to the internet, as well as DC restart.
Approach:
Active prevention
VS.
reactive detection
Blocking identity threats in real-time by enforcing MFA protection on all authentications and access requests
Generating additional alerts for detected threats, while malicious activity is still live, acting another ‘sensor’ for the XDR platform. Very few CrowdStrike customers are able to use its MFA in production due to its DC overloading.
Extends MFA to all critical resources and interfaces, including PowerShell, PsExec, WMI,as well as legacy apps, file shares and more.
Offers reduced MFA capabilities, that might work in a lab or small environment, but cause technical issues when deployed at scale.
Tested and proven prevention capabilitiesagainst ransomware attacks and nation state operations at multiple customer environments
Prevention capabilities are in limited use,aligned with CrowdStrike’s detection-oriented product strategy.
Coverage
Comprehensive
Protection Both
On-Prem and
in the Cloud
vs.
AD-centric
Native integration with all leading on-prem and cloud identity providers (AD, ADFS, Azure AD, Okta, Ping, RADIUS, etc.)
AD-centric approach,with only partial visibility to cloud access logs, and without active protection capabilities for Azure AD, Okta and other cloud IdPs.
Integrates with all the leading MFA products and methods, as well as custom and proprietary MFA solutions.
Only works with a limited number of MFA products’, Mobile Push MFA option (providing insufficient protection against MFA Bombing and other rising attack methods).
Capable of protecting even air-gapped networks without any internet connectivity (including support for FIDO2 and other physical MFA tokens, as well as desktop MFA options).
Only works in environments where DCs can be connected directly to the internet.
3 Reasons why Customers Choose Silverfort Over CrowdStrike
Microsoft Integration
Silverfort and Microsoft has a strategic partnership featuring native integrations with AD, Azure AD, Azure Authenticator, and the Defender Suite
Real Time Protection
Silverfort’s technology and architecture enable it to enforce MFA and Access Block policy at scale in even in production environments of hundreds with hundreds of thousands users
Comprehensive Coverage
Silverfort integrates with all cloud and federation Identity Providers, as well as with leading MFA solutions (including the ability to integrate with custom and proprietary ones)