BACK TO TECH CENTER

Fast Response to Sophisticated Threats: OverWatch Incidents

Introduction

Threat hunting leverages skilled defenders to hunt actively for the faintest signs of advanced attacks. OverWatch is CrowdStrike’s managed threat hunting team. OverWatch operates as an extension of your team and the Falcon platform, hunting relentlessly to uncover sophisticated threats that blend in silently and lead to a breach if they remain undetected.

In this demonstration we’ll see how OverWatch uses CrowdStrike’s incident workbench to reconstruct and communicate threat activity to security teams in near real time, 24/7/365.

Video

<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span>

Reconstructing Attacks

CrowdStrike’s Incident Workbench, a key piece of the Falcon Platform, provides OverWatch with the ideal platform to reconstruct a full picture of an attack in progress. OverWatch analysts leverage the power of the Threat Graph to get answers to their critical questions in seconds, while the Incident Workbench provides the framework for the analyst to assemble the full story, and build out that story as the intrusion progresses, in a manner that’s simple for a responder to digest and act upon.

OverWatch Process Tree

OverWatch reconstructs attacks in the incident workbench

Frictionless Communication

The Falcon platform provides the perfect collaboration environment for threat hunters and organizations’ security teams. CrowdStrike pioneered the idea of creating a seamless union between the technology, our experts and your team, closing the gap between detection and response. As intrusions are identified and documented, OverWatch makes them available to responders via the Incident Workbench, empowering them with timely, complete information all within a single cloud-native console.

Conclusion

CrowdStrike’s seamless union of people, process, and technology empowers organizations with the ability to see and stop advanced, hidden threats, leaving adversaries nowhere to hide.

More resources

Content provided by Brandon Dixon of Risk IQ, Janani Nagarajan of CrowdStrike, and Andrew Munchbach of CrowdStrike

Try CrowdStrike Free for 15 Days Get Started with A Free Trial