Falcon OverWatch: Managed Threat Hunting
Falcon OverWatchTM is a human threat detection engine that operates as an extension of your team, hunting relentlessly to see and stop the most sophisticated hidden threats
Download 2021 Threat Hunting Report
Benefits
Why Choose Falcon OverWatch
-
![Detect and Disrupt Hidden Advanced Attacks]()
Detect and Disrupt Hidden Advanced Attacks
OverWatch hunts relentlessly to detect and disrupt the stealthiest sophisticated threats: the 1% of the 1% of threats that go undetected.
-
![Achieve Maximum Effectiveness and Efficiency]()
Achieve Maximum Effectiveness and Efficiency
OverWatch delivers the best results by leveraging cloud-scale data, custom tools and up-to-the-minute threat intelligence and augmenting this with insights from skilled analysts to hunt with unprecedented speed and scale.
-
![Gain a Seamless Extension of Your Team]()
Gain a Seamless Extension of Your Team
OverWatch delivers results for organizations of all sizes, operating as a seamless extension of your team — minimizing overhead, complexity and cost.
HOW CROWDSTRIKE DOES IT
SEARCH Proprietary Threat Hunting Methodology
The SEARCH Methodology
OverWatch analysts leverage their proprietary SEARCH methodology to shine a light into the darkest corners — leaving adversaries with nowhere to hide.
Watch: Falcon OverWatch SEARCH Threat Hunting Methodology
Watch: 6 Steps to Unleash a Hyper-Effective Threat Hunting Team
SENSE
- Cloud-scale data. Scalable and effective threat hunting requires access to vast amounts of data and the ability to mine that data in real time for signs of intrusions. CrowdStrike’s rich telemetry creates the foundation for OverWatch threat hunting.
- Trillions of events per day. CrowdStrike’s lightweight Falcon sensor delivers continuous telemetry covering hundreds of event types from millions of endpoints. All of this is collected and catalogued by the Falcon platform, providing comprehensive visibility into activity across the CrowdStrike install base.
ENRICH
- Context. The proprietary CrowdStrike Threat Graph® contextualizes events and reveals relationships between data points in real time.
- Threat Intelligence. CrowdStrike threat intelligence provides up-to-the-minute intel on the tradecraft of more than 140 adversary groups, as well as intimate working knowledge of the tactics, techniques and procedures (TTPs) in use in the wild.
- Proprietary Tools. All of this is underpinned by OverWatch’s proprietary tools and processes, which ensure every hunt is optimized for maximum efficiency.
ANALYZE
- Human analysis. Threat hunting involves taking enriched data and applying complex statistical methods, examining outliers, and frequency analysis. It involves using intuition and experience to form and test hypotheses about where and how a determined attacker might conceal their operations.
- 200+ years of combined diverse expertise. OverWatch employs elite experts from a wide range of backgrounds, including government, law enforcement, commercial enterprise, the intelligence community and defense.
- Continuous vigilance 24/7/365. When a sophisticated intrusion occurs, time is critical. Your adversaries do not sleep and are not restricted by time zones or geography — neither should your threat hunting team.
RECONSTRUCT
- Connect the dots. Before you can take action against an adversary, you first need to fully understand the threat. As soon as a hands-on-keyboard intrusion is discovered, OverWatch begins to comprehensively reconstruct the attack.
- Ask the right questions. Experience helps OverWatch quickly zero in on how the intruder gained access and how far the intrusion has spread.
- Get answers in seconds. CrowdStrike’s proprietary Threat Graph provides OverWatch analysts with the answers to these questions in near real time.
COMMUNICATE
- One team, one fight. CrowdStrike pioneered the idea of creating a seamless union between the technology, our experts and your team, closing the gap between detection and response.
- Frictionless communication. OverWatch operates as a native component of the Falcon platform and a force multiplier for your team, delivering timely threat information within your single cloud-native console.
- Actionable insights. You get results, including alerts with deep context and targeted recommendations for response, beginning day one, without any new infrastructure, communications channels or processes.
HONE
- Continuous improvement. Threat hunting is not a one-time activity; it’s a process that demands continuous improvement and sharpening of your tools in order to deal with evolving adversary TTPs.
- Always sharp. OverWatch’s continuous, proactive operation delivers results every minute of every day. Each threat they handle enables OverWatch hunters to continuously fine tune their skills and processes, ensuring they are always sharp, effective and ready for the next new threat.
Technical Center
For technical information on Falcon OverWatch, please visit the CrowdStrike Tech Center.
Product Validation
Customers Trust CrowdStrike
Third-Party Validation
Since 2016, CrowdStrike has demonstrated a strong commitment to continuous industry collaboration, scrutiny, and testing. Time and time again, CrowdStrike has been independently certified to replace legacy solutions.
-
![[For Modules Only] Forrester TEI]()
Forrester Total Economic Impact
Falcon OverWatch helps organizations reduce risks and improve efficiencies, resulting in 316% ROI.
-
![[For Modules Only]Sans Review]()
SANS Review of OverWatch
SANS experts review how Falcon OverWatch responds in real time to sophisticated threats including credential theft, lateral movement and defense evasion.
![[For Modules Only] Forrester TEI](https://cs-staging-2-www.crowdstrike.com/wp-content/uploads/2019/10/Forrester-Logo.png){kind=logo}
![[For Modules Only]Sans Review](https://cs-staging-2-www.crowdstrike.com/wp-content/uploads/2018/08/report_09.jpg)
Visit our third-party evaluations page to see how CrowdStrike performed against the industry’s most rigorous tests and trials.
Falcon OverWatch Offerings
Choose the one that meets your requirements:
-
![Falcon OverWatch]()
Falcon OverWatch
See and stop hidden advanced attacks and reduce dwell time with 24 x 7 proactive human threat hunting.
-
![Falcon OverWatch Elite]()
Falcon OverWatch Elite
Falcon OverWatch Elite expands the basic OverWatch offering by introducing an assigned threat response analyst to help your organization both understand the threats that are most likely to target it and how best to prepare and respond to them.
| Falcon OverWatch | Falcon OverWatch Elite | |
|---|---|---|
Real-time visibility
|
 |
|
|
Global threat visibility
|
|
|
|
Immunity by Community
|
|
|
|
Specialized data, tools and processes
|
|
|
|
Hypothesis-driven threat hunting
|
|
|
|
Continuous vigilance
|
|
|
|
Cross-disciplinary expertise
|
|
|
|
Intelligence-led threat hunting
|
|
|
|
Alerts augmented with context
|
|
|
|
Email threat notifications
|
|
|
|
Quarterly threat hunting reports
|
|
|
|
Personalized onboarding
|
| |
|
Response advice, advanced investigation and contextual support
|
| |
|
Two-way communications via Slack and Email
|
| |
|
Proactive, closed-loop communications
|
| |
|
Threat hunting and investigation coaching
|
| |
|
Tailored threat reports and briefings
|
| |
|
OverWatch Elite global insights
|
|
See How CrowdStrike Stacks Up Against the Competition
Compare
Get Answers to Commonly Asked Questions
Falcon OverWatch FAQPurchase Falcon OverWatch as a Part of a Bundle
CrowdStrike Falcon bundles are specifically tailored to meet a wide range of endpoint security needs.
Explore the Bundles