CrowdStrike as an organization is utterly committed to stopping data breaches, and has spared no effort or expense in developing automated systems to achieve that purpose. The culmination of that lofty intent is the creation of the CrowdStrike Falcon Host next-generation endpoint protection system, a living, breathing technology platform that was designed to constantly grow smarter and more powerful by the moment, as it processes and analyzes threat-related endpoint telemetry streaming in 24/7 from around the globe. Yet that’s still not enough.
In fact, there are few, if any, cybersecurity professionals worth their salt who will tell you that technology alone — even the very best of the breed — is 100 percent effective at detecting every threat that could result in a “mega breach.” It’s because these most sophisticated of attacks are typically orchestrated by highly skilled humans, and in some cases, it takes the efforts of equally skilled humans to defend against and ultimately repel those attacks.
That’s why CrowdStrike has accounted for the human element and integrated into the Falcon Breach Prevention Platform multiple teams of highly skilled individuals to develop intelligence about current and pending attacks, and to assist in the detection and response to those attacks. A huge component of this “human shield” is an organization we call Falcon Overwatch, a global team conducting proactive hunting activities around the clock on behalf of CrowdStrike customers.
In this recent CrowdCast featuring the head of the Overwatch team, CrowdStrike Senior Director of Hunting Operation Kris Merritt, the role of using human threat hunters to extend and enhance the impact of automated detection capabilities is explored and dissected. As Kris explains, a great deal of valuable human capital is misspent by organizations that cast security professionals in the role of passively reviewing an overwhelming amount of alert data, the vast majority of which ends up being confirmed by those humans as false positives. This is the major contributor to “alert fatigue,” which can lead to security teams missing the most important alerts — the ones that actually do indicate the presence of an active threat.
The webcast covers:
- What proactive hunting is, and why it’s a critical component of effective data breach prevention
- Where hunting activities fit in your detection program
- How CrowdStrike Falcon Overwatch works, along with real-life examples of how it has detected malicious activity in time to stop breaches in progress