CrowdStrike Falcon OverWatch: A SANS Review


Threat hunting is a key function in a successful security operations center (SOC), leveraging knowledge of attacker techniques, sources of threat intelligence, access to deep and broad telemetry, and round-the-clock vigilance to see and stop the most advanced attacks. CrowdStrike® Falcon OverWatch, a core module of the Falcon platform, embeds a team of expert threat hunters to uncover threats that can get past automated, machine-driven detection, enabling fast response before threats become a serious breach.

In this webcast, SANS Instructor Joe Sullivan reviews Falcon OverWatch and how it responds to sophisticated threats including credential theft, lateral movement and defense evasion. Specifically, attendees at this webcast will learn about:

  • Ways in which OverWatch can help organizations overcome threat hunting staffing concerns
  • How OverWatch can provide threat detection earlier in the attack flow, making incident response faster and more effective
  • How the feedback loop established between organizations and the OverWatch team works to address threats in real time

Featured Speakers

Joe Sullivan

Community Instructor - SANS

Joe Sullivan is a SANS community instructor for SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling, MGT512: Security Leadership Essentials For Managers and MGT514: Security Strategic Planning, Policy, and Leadership. He uses his knowledge and experience as a 20-year information security veteran to inform his teaching and writing. Joe is the principal security strategist for Crossroads Information Security and formerly served as the CISO for a privately held bank. He holds the GCFE, GCIH, GSTRT and CISSP certifications, as well as numerous other industry certifications.

Scott Taschler

Director of Products – CrowdStrike

Scott Taschler is a 20+ year veteran of the cybersecurity industry, with a strong focus on optimizing workflows in the security operations center. In his current role as director of product marketing for CrowdStrike, Scott works with organizations all around the globe to understand the biggest barriers to productivity and to drive thought leadership on optimizing incident response and threat hunting. Prior to CrowdStrike, Scott spent 14 years as a technical leader for McAfee, with deep expertise in SIEM, incident response, threat intelligence, and other building blocks to a successful SOC. Scott is based in Minneapolis, MN.


  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center