CrowdStrike Falcon OverWatch:
24/7 Proactive Threat Hunting

CrowdStrike® Falcon OverWatch™ is an always-on service comprised of highly skilled threat hunters who relentlessly scour for unknown and advanced threats targeting your organization. Stay vigilant with a threat hunting operation that never sleeps. Uncover stealthy, menacing attacks and leave adversaries with nowhere to hide.

Contact us
2023 GLOBAL THREAT REPORT:

Why Choose Falcon OverWatch


Detect and disrupt hidden advanced attacks

Falcon OverWatch hunts relentlessly to intercept the stealthiest and most sophisticated attacks: the 1% of the 1% of threats that go undetected.

Exceed the limits of autonomous solutions

Falcon OverWatch threat hunters are masters of their craft. With the power of the CrowdStrike Security Cloud, proprietary hunting methodologies and unmatched expertise, machine learning becomes just one of many weapons in the threat hunting arsenal.

Add skilled, always-on threat hunting — not the overhead

Deploy an elite team of threat hunters — without the significant time, resources and tooling needed to staff, train and scale a global, 24/7 threat hunting operation.

How Falcon OverWatch does it


Hunting advanced threats at speed and scale

Every security professional knows that no security technology will ever be 100% fail-proof. Adversaries test and innovate. Tactics evolve. And so does Falcon OverWatch.

CrowdStrike’s global threat hunting service operates around-the-clock to unearth advanced threats wherever they operate. Falcon OverWatch continuously innovates and evolves — ensuring that the methods, systems and tools it uses are faster and stealthier than any adversary. With the visibility and vigilance of Falcon OverWatch, your adversaries have nowhere to hide.

CrowdCast On Demand

24/7 human vigilance

There’s a huge difference between triaging an alert and proactively hunting for unknown and advanced attacks. True threat hunting requires skilled experts who apply complex statistical methods, examining outliers, frequency analysis and hypothesis testing to determine where and how attackers conceal their operations.

  • Diverse, highly skilled expertise. Falcon OverWatch hires and trains elite threat hunting experts from a wide range of backgrounds, including government, law enforcement, commercial enterprise, the intelligence community and defense.
  • Full attack context. Before you can take action against an adversary, you need to fully understand the threat. As soon as a hands-on-keyboard intrusion is discovered, Falcon OverWatch begins to comprehensively reconstruct the attack for analysis.
  • Immediate, actionable alerts. Get results in a flash. Receive alerts to novel and emerging attacks with deep context and tactical recommendations that enable you and your team to act swiftly and confidently.

Power of the CrowdStrike security cloud

  • Cloud-scale telemetry. The light weight CrowdStrike Falcon® sensor covers hundreds of event types from millions of endpoints around the world. Cloud-scale data empowers Falcon OverWatch to hunt threats proactively at unprecedented speed and scale.
  • Patented and proprietary tooling. All of this is underpinned by the Falcon OverWatch team’s proprietary tools and processes, which ensures every hunt is optimized for maximum efficiency.
  • Unrivaled threat intelligence. Get up-to-the-minute intel on the unique behaviors of more than 180 adversary groups, including in-depth working knowledge of their current tactics, techniques and procedures (TTPs).
  • Always sharp. Falcon OverWatch’s continuous, proactive operation delivers results every minute of every day. Falcon OverWatch threat hunters are always on top of their game, finely tuning their skills as they handle each new threat.
Falcon cloud

Embedded in Falcon Complete MDR

Falcon OverWatch is a key component of the CrowdStrike Falcon®️ Complete managed detection and response (MDR) solution, adding another layer of elite 24/7 human expertise.
Learn more about Falcon Complete MDR >

Falcon OverWatch is a key component of Falcon Complete MDR, helping organizations reduce risks and improve efficiencies, resulting in 403% ROI gains.

Read the report

Falcon OverWatch ensured CrowdStrike Falcon Complete MDR achieved the highest detection coverage, conclusively reporting 99% of the adversary techniques in the 2022 MITRE Engenuity ATT&CK Evaluation for Security Service Providers.

Learn more

Falcon OverWatch offerings

Go deeper with Falcon OverWatch Elite

falcon-intelligence-icon-red

CrowdStrike Falcon OverWatch

Global, 24/7 threat hunters proactively hunt hidden and advanced attacks throughout customer environments, rapidly alerting you to new malicious activity as soon as it’s uncovered.

See below
falcon-intelligence-icon-premium 1 (1)

CrowdStrike Falcon OverWatch Elite

CrowdStrike Falcon OverWatch Elite tailors the core Falcon OverWatch experience for organizations seeking deeper, contextualized threat hunting analysis, insights and support. Engage directly with assigned Falcon OverWatch Elite experts and hone your understanding of the emerging and novel attacks facing your organization — and the steps required to hunt, respond and defend against them.

Learn more

  • Global, 24/7 human-led operations tooltip
  • Relentless vigilance tooltip
  • Telemetry at unprecedented scale tooltip
  • Cutting-edge processes and tooling tooltip
  • Cross-disciplinary expertise tooltip
  • Integrated IOCs and threat intelligence tooltip
  • Actionable alerts with detailed context tooltip
  • Personalized guidance, insights and support tooltip
  • Frictionless, two-way communications tooltip
  • Monthly hunting exchanges tooltip
  • Expert advisory and coaching tooltip
  • Tailored hunting assessments and reports tooltip
  • Quarterly hunting reviews tooltip
  • Falcon OverWatch Elite Threat Hunting Library tooltip
  • Exclusive research and webcasts tooltip

Falcon OverWatch

Falcon OverWatch Elite

2022 Falcon OverWatch Threat Hunting Report

Discover the deep research and analysis that Falcon OverWatch threat hunters perform daily. Learn why Falcon OverWatch observed:

  • 50% year-over-year increase in interactive intrusions
  • 71% of threats detected by the Falcon platform were malware-free
  • The average eCrime breakout time is down to 1 hour and 24 minutes
Read the report

Related resources

Learn more about Falcon OverWatch

Purchase Falcon OverWatch as part of a bundle

Gain the elite vigilance of Falcon OverWatch as part of many of our CrowdStrike Falcon® bundles — including our 24/7 managed detection and response (MDR) offering, CrowdStrike Falcon® Complete. Each bundle is specifically tailored to provide a range of options that meet your unique security needs.

Explore CrowdStrike bundles