CrowdStrike Falcon Overwatch
See and stop hidden advanced attacks
Falcon OverWatch: Managed Threat Hunting
Falcon OverWatch is a human threat detection engine that operates as an extension of your team, hunting relentlessly to see and stop the most sophisticated hidden threats
Stopping the Mega Breach
Falcon OverWatch is CrowdStrike’s managed threat hunting service, built on the CrowdStrike Falcon platform. OverWatch provides deep and continuous human analysis, 24/7, to relentlessly hunt for anomalous or novel attacker tradecraft that is designed to evade standard security technologies.
OverWatch is comprised of an elite team of cross-disciplinary specialists who harness the massive power of the CrowdStrike Threat Graph, enriched with CrowdStrike threat intelligence, to continuously hunt, investigate and advise on sophisticated threat activity in customer environments. Armed with cloud-scale telemetry and detailed tradecraft on more than 130 adversary groups, OverWatch provides unparalleled ability to see and stop the most advanced threats.
Key Benefits of Choosing Falcon Overwatch
DETECT AND DISRUPT HIDDEN ADVANCED ATTACKS
OverWatch hunts relentlessly to detect and disrupt the stealthiest sophisticated threats: the 1% of the 1% of threats that go undetected.
ACHIEVE MAXIMUM EFFECTIVENESS AND EFFICIENCY
OverWatch delivers the best results by leveraging cloud-scale data, custom tools and up-to-the-minute threat intelligence and augmenting this with insights from skilled analysts to hunt with unprecedented speed and scale.
GAIN A SEAMLESS EXTENSION OF YOUR TEAM
OverWatch delivers results for organizations of all sizes, operating as a seamless extension of your team - minimizing overhead, complexity and cost.
Sense
- Cloud-scale data. Scalable and effective threat hunting requires access to vast amounts of data and the ability to mine that data in real time for signs of intrusions. CrowdStrike’s rich telemetry creates the foundation for OverWatch threat hunting.
- Trillions of events per day. CrowdStrike’s lightweight Falcon sensor delivers continuous telemetry covering hundreds of event types from millions of endpoints. All of this is collected and catalogued by the Falcon platform, providing comprehensive visibility into activity across the CrowdStrike install base.
Enrich
- Context. The proprietary CrowdStrike Threat Graph contextualizes events and reveals relationships between data points in real time.
- Threat Intelligence. CrowdStrike threat intelligence provides up-to-the-minute intel on the tradecraft of more than 140 adversary groups, as well as intimate working knowledge of the tactics, techniques and procedures (TTPs) in use in the wild.
- Proprietary Tools. All of this is underpinned by OverWatch’s proprietary tools and processes, which ensure every hunt is optimized for maximum efficiency.
Analyze
- Human analysis. Threat hunting involves taking enriched data and applying complex statistical methods, examining outliers, and frequency analysis. It involves using intuition and experience to form and test hypotheses about where and how a determined attacker might conceal their operations.
- 200+ years of combined diverse expertise. OverWatch employs elite experts from a wide range of backgrounds, including government, law enforcement, commercial enterprise, the intelligence community and defense.
- Continuous vigilance 24/7/365. When a sophisticated intrusion occurs, time is critical. Your adversaries do not sleep and are not restricted by time zones or geography - neither should your threat hunting team.
Reconstruct
- Connect the dots. Before you can take action against an adversary, you first need to fully understand the threat. As soon as a hands-on-keyboard intrusion is discovered, OverWatch begins to comprehensively reconstruct the attack.
- Ask the right questions. Experience helps OverWatch quickly zero in on how the intruder gained access and how far the intrusion has spread.
- Get answers in seconds. CrowdStrike’s proprietary Threat Graph provides OverWatch analysts with the answers to these questions in near real time.
Communicate
- One team, one fight. CrowdStrike pioneered the idea of creating a seamless union between the technology, our experts and your team, closing the gap between detection and response.
- Frictionless communication. OverWatch operates as a native component of the Falcon platform and a force multiplier for your team, delivering timely threat information within your single cloud-native console.
- Actionable insights. You get results, including alerts with deep context and targeted recommendations for response, beginning day one, without any new infrastructure, communications channels or processes.
Hone
- Continuous improvement. Threat hunting is not a one-time activity; it’s a process that demands continuous improvement and sharpening of your tools in order to deal with evolving adversary TTPs.
- Always sharp. OverWatch’s continuous, proactive operation delivers results every minute of every day. Each threat they handle enables OverWatch hunters to continuously fine tune their skills and processes, ensuring they are always sharp, effective and ready for the next new threat.
Falcon Overwatch Offerings
Choose the one that meets your requirements:
Falcon Overwatch
See and stop hidden advanced attacks and reduce dwell time with 24 x 7 proactive human threat hunting.
Falcon Overwatch Elite
Falcon OverWatch Elite expands the basic OverWatch offering by introducing an assigned threat response analyst to help your organization both understand the threats that are most likely to target it and how best to prepare and respond to them.
Falcon Overwatch |
Falcon Overwatch Elite |
|
|---|---|---|
| Real-Time CrowdStrike's lightweight agent streams deep telemetry into the Security Cloud in near real time giving OverWatch immediate visibility to emerging threats. |
 |
 |
| Global Threat Visibility The CrowdStrike Security Cloud ingests, indexes and enriches trillions of events per day, giving OverWatch the broadest view of threat activity as it is happening, all over the world. |
|
|
| Immunity by Community Through millions of endpoints globally distributed, the CrowdStrike OverWatch team can see emerging threats immediately, and disrupt them globally. |
|
|
| Specialized Data, Tools and Processes The OverWatch team leverages a proprietary threat hunting methodology 'SEARCH' to effectively stop breaches. |
|
|
| Hypothesis Driven Threat Hunting OverWatch performs threat hunting using intuition and experience to form and test hypotheses about where and how a determined attacker might conceal their operations. |
|
|
| Continuous Vigilance The OverWatch team conducts 24/7/365 threat hunting, because attackers are not constrained by geography or time zones. |
|
|
| Cross Disciplinary Expertise Human threat hunters possess diverse backgrounds and skill sets, for broad and deep expertise. |
|
|
| Intelligence-LED Threat Hunting CrowdStrike threat intelligence empowers the OverWatch team with intimate knowledge of the latest TTPs, ensuring that the team knows what it should be looking for today and tomorrow. |
|
|
| Alerts Augmented with Context OverWatch analysts deliver alerts that are augmented with contextual details and global insights to help organizations understand and act faster. |
|
|
| Email Threat Notifications Your team receives tailored email summaries of critical threats uncovered by OverWatch threat hunters. |
|
|
| Quarterly Threat Hunting Reports Receive quarterly reports on the threat landscape and what OverWatch has seen in the wild. |
|
|
| Personalized Onboarding Collaboration with your OverWatch analyst begins on day one. |
|
|
| Response Advice, Advanced Investigation and Contextual Support Your OverWatch Elite analyst is available for targeted advice on incident response and to provide deeper context on threats observed by OverWatch in your environment. |
|
|
| Two-Way Communications via Slack and Email Get on-demand access to expertise via multiple channels. |
|
|
| Proactive Closed-Loop Communications OverWatch Elite analysts perform proactive 24/7 outreach for critical, active threats that are not addressed within the first 60 minutes. |
|
|
| Threat Hunting and Investigation Coaching OverWatch Elite provides tailored coaching for your team on best practices for threat hunting and investigations in the Falcon console. |
|
|
| Tailored Threat Reports and Briefings Meet with your Overwatch Elite analyst and other OverWatch experts to review your security posture and gain hunting insights relevant to your industry. |
|
|
| Overwatch Elite Global Insights OverWatch analysts deliver contextual details and global insights through exclusive quarterly briefings to help organizations understand and act faster. |
|
Documentation:
Download the CrowdStrike Falcon Overwatch Datasheet (.PDF)