Fast Response to Sophisticated Threats: OverWatch Incidents
Introduction
Threat hunting leverages skilled defenders to hunt actively for the faintest signs of advanced attacks. OverWatch is CrowdStrike’s managed threat hunting team. OverWatch operates as an extension of your team and the Falcon platform, hunting relentlessly to uncover sophisticated threats that blend in silently and lead to a breach if they remain undetected.
In this demonstration we’ll see how OverWatch uses CrowdStrike’s incident workbench to reconstruct and communicate threat activity to security teams in near real time, 24/7/365.
Video
Reconstructing Attacks
CrowdStrike’s Incident Workbench, a key piece of the Falcon Platform, provides OverWatch with the ideal platform to reconstruct a full picture of an attack in progress. OverWatch analysts leverage the power of the Threat Graph to get answers to their critical questions in seconds, while the Incident Workbench provides the framework for the analyst to assemble the full story, and build out that story as the intrusion progresses, in a manner that’s simple for a responder to digest and act upon.
Frictionless Communication
The Falcon platform provides the perfect collaboration environment for threat hunters and organizations’ security teams. CrowdStrike pioneered the idea of creating a seamless union between the technology, our experts and your team, closing the gap between detection and response. As intrusions are identified and documented, OverWatch makes them available to responders via the Incident Workbench, empowering them with timely, complete information all within a single cloud-native console.
Conclusion
CrowdStrike’s seamless union of people, process, and technology empowers organizations with the ability to see and stop advanced, hidden threats, leaving adversaries nowhere to hide.
More resources
- CrowdStrike 15-Day Free Trial
- CrowdStrike Tech Center
- Sign up for a weekly Falcon demo
- Request a 1:1 Demo
- CrowdStrike Store Overview
- RiskIQ CrowdStrike Partner Page
- RiskIQ Community Edition
Content provided by Brandon Dixon of Risk IQ, Janani Nagarajan of CrowdStrike, and Andrew Munchbach of CrowdStrike
