Falcon OverWatch: Proactive Managed Threat Hunting
Falcon OverWatchTM is a human threat detection engine that operates as an extension of your team, hunting relentlessly to see and stop the most sophisticated hidden threats
Download 2021 Threat Hunting Report
Why Choose Falcon OverWatch
See and Stop Hidden Advanced Attacks
The OverWatch team hunts relentlessly to see and stop the stealthiest, most sophisticated threats: the 1% of 1% of threats that blend in silently and lead to a breach if they remain undetected.
Maximum Effectiveness and Efficiency
OverWatch delivers the best results by amplifying analysts’ skills and instincts with the most advanced technology. This elite team of experts uses cloud-scale data, custom tools and up-to-the-minute threat intelligence to hunt with unprecedented speed and scale.
A Seamless Extension of Your Team
As a core component of the Falcon platform, OverWatch delivers results for organizations of all sizes, operating as a seamless extension of your team — minimizing overhead, complexity and cost.
HOW CROWDSTRIKE DOES IT
SEARCH Proprietary Threat Hunting Methodology
The SEARCH Methodology
OverWatch analysts leverage their proprietary SEARCH methodology to shine a light into the darkest corners — leaving adversaries with nowhere to hide.
- Cloud-scale data. Scalable and effective threat hunting requires access to vast amounts of data and the ability to mine that data in real time for signs of intrusions. CrowdStrike’s rich telemetry creates the foundation for OverWatch threat hunting.
- Trillions of events per week. CrowdStrike’s lightweight Falcon sensor delivers continuous telemetry covering hundreds of event types from millions of endpoints. All of this is collected and catalogued by the Falcon platform, providing comprehensive visibility into activity across the CrowdStrike install base.
- Context. The proprietary CrowdStrike Threat Graph® contextualizes events and reveals relationships between data points in real time.
- Threat Intelligence. CrowdStrike threat intelligence provides up-to-the-minute intel on the tradecraft of more than 140 adversary groups, as well as intimate working knowledge of the tactics, techniques and procedures (TTPs) in use in the wild.
- Proprietary Tools. All of this is underpinned by OverWatch’s proprietary tools and processes, which ensure every hunt is optimized for maximum efficiency.
- Human analysis. Threat hunting involves taking enriched data and applying complex statistical methods, examining outliers, and frequency analysis. It involves using intuition and experience to form and test hypotheses about where and how a determined attacker might conceal their operations.
- 200+ years of combined diverse expertise. OverWatch employs elite experts from a wide range of backgrounds, including government, law enforcement, commercial enterprise, the intelligence community and defense.
- Continuous vigilance 24/7/365. When a sophisticated intrusion occurs, time is critical. Your adversaries do not sleep and are not restricted by time zones or geography — neither should your threat hunting team.
- Connect the dots. Before you can take action against an adversary, you first need to fully understand the threat. As soon as a hands-on-keyboard intrusion is discovered, OverWatch begins to comprehensively reconstruct the attack.
- Ask the right questions. Experience helps OverWatch quickly zero in on how the intruder gained access and how far the intrusion has spread.
- Get answers in seconds. CrowdStrike’s proprietary Threat Graph provides OverWatch analysts with the answers to these questions in near real time.
- One team, one fight. CrowdStrike pioneered the idea of creating a seamless union between the technology, our experts and your team, closing the gap between detection and response.
- Frictionless communication. OverWatch operates as a native component of the Falcon platform and a force multiplier for your team, delivering timely threat information within your single cloud-native console.
- Actionable insights. You get results, including alerts with deep context and targeted recommendations for response, beginning day one, without any new infrastructure, communications channels or processes.
- Continuous improvement. Threat hunting is not a one-time activity; it’s a process that demands continuous improvement and sharpening of your tools in order to deal with evolving adversary TTPs.
- Always sharp. OverWatch’s continuous, proactive operation delivers results every minute of every day. Each threat they handle enables OverWatch hunters to continuously fine tune their skills and processes, ensuring they are always sharp, effective and ready for the next new threat.
Customers Trust CrowdStrike
Since 2016, CrowdStrike has demonstrated a strong commitment to continuous industry collaboration, scrutiny, and testing. Time and time again, CrowdStrike has been independently certified to replace legacy solutions.
Forrester Total Economic Impact
Falcon OverWatch helps organizations reduce risks and improve efficiencies, resulting in 316% ROI.
SANS Review of OverWatch
SANS experts review how Falcon OverWatch responds in real time to sophisticated threats including credential theft, lateral movement and defense evasion.
Visit our third-party evaluations page to see how CrowdStrike performed against the industry’s most rigorous tests and trials.
Falcon OverWatch Offerings
Choose the one that meets your requirements:
See and stop hidden advanced attacks and reduce dwell time with 24 x 7 proactive human threat hunting.
Falcon OverWatch Elite expands the basic OverWatch offering by adding an assigned OverWatch threat analyst to consult on root causes, assist with analysis, perform weekly health checks and provide proactive configuration recommendations and customized quarterly briefings.
|OverWatch Standard||OverWatch Elite |
|Cross-disciplinary human experts|
|Seamless integration with the Falcon platform|
|Alerts augmented with context|
|Assigned threat analyst|
|Hunting and investigation coaching|
|Recurring environmental checkups|
|Proactive Tuning Guidance|
|Tailored threat reports and briefings|
|Response advice, advanced investigation and context support|
|Proactive, closed-loop communications|