Menu
REPORTS
2020 Threat Hunting Report: Insights from the CrowdStrike OverWatch Team
September 17, 2020
Falcon OverWatchTM is the CrowdStrike® managed threat hunting service built on the CrowdStrike Falcon® platform. OverWatch provides deep and continuous human analysis on a 24/7 basis to relentlessly hunt for anomalous or novel attacker tradecraft designed to evade other detection techniques.
OverWatch comprises an elite team of cross-disciplinary specialists that harness the massive power of the CrowdStrike Threat Graph®, enriched with threat intelligence, to continuously hunt, investigate and advise on sophisticated threat activity in customer environments. Armed with cloud-scale telemetry of over 3 trillion endpoint events collected per week, and detailed tradecraft on 140 adversary groups, OverWatch has the unparalleled ability to see and stop the most sophisticated threats, leaving adversaries with nowhere to hide .
This report provides a summary of CrowdStrike OverWatch’s threat hunting findings from the first half of 2020. It reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. The report’s findings relate to the targeted and interactive intrusions that OverWatch tracks and are not necessarily representative of the full spectrum of attacks that are stopped by the Falcon platform.
OVERWATCH SEARCH HUNTING METHODOLOGY
CrowdStrike OverWatch threat hunting exists with the express purpose of finding threats that technology on its own cannot. For the first time, this report is pulling back the curtain to reveal the methodology that sits behind the human-driven search engine that is alcon OverWatch. Working around the clock, the OverWatch team employs the “SEARCH” hunting methodology to detect threats at scale. Using SEARCH, OverWatch threat hunters methodically sift through a world of unknown unknowns to find the faintest traces of malicious activity and deliver actionable analysis to CrowdStrike customers in near real time. The OverWatch SEARCH methodology shines a light into the darkest corners of customers’ environments — leaving adversaries with nowhere to hide.
Download the report to find out more.
