Our website uses cookies to enhance your browsing experience.


CrowdStrike Falcon OverWatch: A SANS Review


Threat hunting is a key function in a successful security operations center (SOC), leveraging knowledge of attacker techniques, sources of threat intelligence, access to deep and broad telemetry, and round-the-clock vigilance to see and stop the most advanced attacks. CrowdStrike® Falcon OverWatch, a core module of the Falcon platform, embeds a team of expert threat hunters to uncover threats that can get past automated, machine-driven detection, enabling fast response before threats become a serious breach.

In this webcast, SANS Instructor Joe Sullivan reviews Falcon OverWatch and how it responds to sophisticated threats including credential theft, lateral movement and defense evasion. Specifically, attendees at this webcast will learn about:

  • Ways in which OverWatch can help organizations overcome threat hunting staffing concerns
  • How OverWatch can provide threat detection earlier in the attack flow, making incident response faster and more effective
  • How the feedback loop established between organizations and the OverWatch team works to address threats in real time