CrowdStrike® Falcon OverWatch℠
The world’s leading AI-powered platform for 24x7 proactive threat hunting

Leave adversaries and stealthy attacks nowhere to hide with threat hunting that never sleeps.

Get 2023 Threat Hunting Report Watch 2023 Threat Hunting Report release
2023 Threat Hunting Report:

Counter Adversary Operations

Adversaries don’t stand a chance


CrowdStrike is proud to announce the launch of Counter Adversary Operations, a newly formed, first-of-its kind team that brings together CrowdStrike Falcon® Intelligence and the CrowdStrike® Falcon OverWatch℠ threat hunting team to form one unit with one mission: To stop breaches and raise the adversaries’ cost of doing business.

Learn more

Why Choose Falcon OverWatch


Detect and disrupt hidden advanced attacks

Falcon OverWatch hunts relentlessly to intercept the stealthiest and most sophisticated attacks: the 1% of the 1% of threats that go undetected.

Exceed the limits of autonomous solutions

Falcon OverWatch threat hunters are masters of their craft. With the power of the CrowdStrike® Security Cloud, proprietary hunting methodologies and unmatched expertise, machine learning becomes just one of many weapons in the threat hunting arsenal.

Add skilled, always-on threat hunting — not the overhead

Deploy an elite team of threat hunters — without the significant time, resources and tooling needed to staff, train and scale a global, 24/7 threat hunting operation.

How Falcon OverWatch works


Hunting advanced threats at speed and scale

Every security professional knows that no security technology will ever be 100% fail-proof. Adversaries test and innovate. Tactics evolve. And so does Falcon OverWatch.

CrowdStrike’s global threat hunting service operates around-the-clock to unearth advanced threats wherever they operate. Falcon OverWatch continuously innovates and evolves — ensuring that the methods, systems and tools it uses are faster and stealthier than any adversary. With the visibility and vigilance of Falcon OverWatch, your adversaries have nowhere to hide.

CrowdCast On Demand
24/7 human vigilance

There’s a huge difference between triaging an alert and proactively hunting for unknown and advanced attacks. True threat hunting requires skilled experts who apply complex statistical methods, examining outliers, frequency analysis and hypothesis testing to determine where and how attackers conceal their operations.

  • Diverse, highly skilled expertise. Falcon OverWatch hires and trains elite threat hunting experts from a wide range of backgrounds, including government, law enforcement, commercial enterprise, the intelligence community and defense.
  • Full attack context. Before you can take action against an adversary, you need to fully understand the threat. As soon as a hands-on-keyboard intrusion is discovered, Falcon OverWatch begins to comprehensively reconstruct the attack for analysis.
  • Immediate, actionable alerts. Get results in a flash. Receive alerts to novel and emerging attacks with deep context and tactical recommendations that enable you and your team to act swiftly and confidently.
Power of the CrowdStrike security cloud
  • Cloud-scale telemetry. The light weight CrowdStrike Falcon® sensor covers hundreds of event types from millions of endpoints around the world. Cloud-scale data empowers Falcon OverWatch to hunt threats proactively at unprecedented speed and scale.
  • Patented and proprietary tooling. All of this is underpinned by the Falcon OverWatch team’s proprietary tools and processes, which ensures every hunt is optimized for maximum efficiency.
  • Unrivaled threat intelligence. Get up-to-the-minute intel on the unique behaviors of more than 180 adversary groups, including in-depth working knowledge of their current tactics, techniques and procedures (TTPs).
  • Always sharp. Falcon OverWatch’s continuous, proactive operation delivers results every minute of every day. Falcon OverWatch threat hunters are always on top of their game, finely tuning their skills as they handle each new threat.
Falcon cloud

Embedded in Falcon Complete MDR

Falcon OverWatch is a key component of the CrowdStrike Falcon®️ Complete managed detection and response (MDR) solution, adding another layer of elite 24/7 human expertise.
Learn more about Falcon Complete MDR >

Falcon OverWatch is a key component of Falcon Complete MDR, helping organizations reduce risks and improve efficiencies, resulting in 403% ROI gains.

Read the report

Falcon OverWatch ensured CrowdStrike Falcon Complete MDR achieved the highest detection coverage, conclusively reporting 99% of the adversary techniques in the 2022 MITRE Engenuity ATT&CK Evaluation for Security Service Providers.

Learn more

Falcon OverWatch offerings

Go deeper with CrowdStrike® Falcon OverWatch℠ Elite

falcon-intelligence-icon-red

CrowdStrike Falcon OverWatch

Global, 24/7 threat hunters proactively hunt hidden and advanced attacks throughout customer environments, rapidly alerting you to new malicious activity as soon as it’s uncovered.

See below
falcon-intelligence-icon-premium 1 (1)

CrowdStrike Falcon OverWatch Elite

CrowdStrike Falcon OverWatch Elite enhances the core Falcon OverWatch experience for organizations seeking deeper, contextualized threat hunting analysis, insights and support. Engage directly with assigned threat hunting experts and hone your understanding of emerging attacks, including identity-based intrusions — and the critical steps to defend against them.

Learn more

  • Global, 24/7 human-led operations tooltip
  • Relentless vigilance tooltip
  • Telemetry at unprecedented scale tooltip
  • Cutting-edge processes and tooling tooltip
  • Cross-disciplinary expertise tooltip
  • Integrated IOCs and threat intelligence tooltip
  • Actionable alerts with detailed context tooltip
  • Personalized guidance, insights and support tooltip
  • Identity threat hunting tooltip
  • Frictionless, two-way communications tooltip
  • Monthly hunting exchanges tooltip
  • Expert advisory and coaching tooltip
  • Tailored hunting assessments and reports tooltip
  • Falcon OverWatch Elite Threat Hunting Library tooltip
  • Exclusive research and webcasts tooltip

Falcon OverWatch

Falcon OverWatch Elite

2023 Threat Hunting Report

Get the latest adversary intelligence exposed by CrowdStrike's Counter Adversary Operations team.

  • 79 min. average eCrime breakout time, a 5-minute drop from 2022
  • 7 min. fastest breakout time recorded
  • 62% of interactive intrusions involved compromised identities
Download the report
CrowdStrike Counter Adversary Operations

CrowdStrike is proud to announce the launch of Counter Adversary Operations, a newly formed, first-of-its kind security team that brings together CrowdStrike Falcon® Intelligence and the CrowdStrike Falcon OverWatch threat hunting team to form one unit with one mission: To stop breaches and raise the adversaries’ cost of doing business.

Learn more

Related resources

Learn more about Falcon OverWatch

Purchase Falcon OverWatch as part of a bundle

Gain the elite vigilance of Falcon OverWatch as part of many of our CrowdStrike Falcon® bundles — including our 24/7 managed detection and response (MDR) offering, CrowdStrike Falcon® Complete. Each bundle is specifically tailored to provide a range of options that meet your unique security needs.

Explore CrowdStrike bundles