SANS Product Review: CrowdStrike Falcon OverWatch

See and Stop Hidden Threats with Managed Threat Hunting

Threat hunting is a key function in a successful security operations center (SOC), leveraging knowledge of attacker techniques, access to deep telemetry and threat intel, and round-the-clock vigilance to see and stop the most advanced attacks. CrowdStrike® Falcon OverWatch, a core module of the Falcon platform, embeds a team of expert threat hunters to uncover threats that can get past automated, machine-driven detection, enabling fast response before threats become a serious breach.

In this report, SANS reviews Falcon OverWatch and how it responds to sophisticated threats including credential theft, lateral movement and defense evasion. Read this report to learn:

  • Why threat hunting is critical to stopping hidden, sophisticated threats
  • How OverWatch uncovers advanced attacks for your organization that might otherwise go unseen
  • How OverWatch works with your team to respond faster and more effectively


  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center