Falcon OverWatch™ is the CrowdStrike® managed threat hunting service built on the CrowdStrike Falcon® platform. OverWatch provides deep and continuous human analysis on a 24×7 basis to relentlessly hunt for anomalous or novel attacker tradecraft designed to evade other detection techniques.
OverWatch is comprised of an elite team of cross-disciplinary specialists that harnesses the massive power of the CrowdStrike Threat Graph®, enriched with CrowdStrike threat intelligence, to continuously hunt, investigate and advise on sophisticated threat activity in customer environments. Armed with cloud-scale telemetry of over two trillion endpoint events collected per week, and detailed tradecraft on more than 120 adversary groups, OverWatch provides the unparalleled ability to see and stop the most sophisticated breaches.
This mid-year report provides a summary of OverWatch’s threat hunting findings from the first half of 2019. It reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. OverWatch specifically hunts for targeted intrusion adversaries, therefore, this report’s findings cover state-sponsored and targeted eCrime activity, not the full spectrum of attacks that are stopped by the CrowdStrike Falcon platform.