How Falcon OverWatch Works with You When a Breach Attempt is Discovered

Introduction

Falcon OverWatch is a team of dedicated, proactive threat hunters that work on your behalf. They constantly search the entire CrowdStrike Threat Graph for anomalous or otherwise new attacker activity. This augments the detection and protection offered by both the Falcon Host product and your in-house Security Operations Center. Often, human investigation is required to identify truly cutting-edge attack techniques.

Video

Read Video Transcript

How It Works

When the Falcon OverWatch team discovers a breach attempt, they immediately contact you. This is done in three ways. First, they push an alert to the Falcon Host management interface. This creates an event so that automated tools and processes can immediately see the high urgency alert. Second, the OverWatch team makes direct contact by email and phone. This is more than just a message to say that an alert was triggered. The communication will include all detail and context around the breach attempt, leveraging forensic data collected by Falcon Host. This rapidly reduces investigation timeframes and enables faster response. Finally, the OverWatch team can work with you via our support portal. This can be used for ongoing case management and root cause analysis.

More Resources

 

See How You Can Stop Breaches request a live demo