CrowdStrike Intros Falcon OverWatch Cloud Threat Hunting

August 1, 2022

Falcon OverWatch Cloud Threat Hunting is the industry’s first standalone threat hunting service for hidden and advanced threats originating, operating or persisting in cloud environments. Armed with the industry’s first cloud-oriented indicators of attack (IOAs) for the control plane and detailed adversary tradecraft, Falcon OverWatch Cloud Threat Hunting delivers unparalleled visibility into cloud environments to observe and disrupt the most sophisticated cloud threats.

Rapid adoption of cloud-native architectures have opened up new, broader attack surfaces, and security teams are often left in the dark without visibility or the requisite skill sets to hunt continuously around the clock for sophisticated threats across these complex cloud environments. As a result, adversaries are finding cloud assets and exploiting them faster than security teams can discover them.

Leveraging CrowdStrike’s agent-based and agentless Cloud Native Application Protection Platform (CNAPP) capabilities, Falcon OverWatch cloud threat hunters investigate suspicious and anomalous behaviors and novel attacker tradecraft. Falcon OverWatch Cloud Threat Hunting conducts 24x7x365 operations and can prevent incidents and breaches while proactively alerting customers to cloud-based attacks, including:

Adversary activity taking place within and across cloud infrastructure for Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure and other cloud service providers.
Sophisticated hands-on-keyboard activity and zero-days that take advantage and compromise cloud workloads and containers in production.
Cloud-based IOAs, such as control plane and serverless vulnerabilities, misconfigurations, application behavior anomalies, container escapes, privilege escalations, node compromises and more.
Attack paths that first exploit traditional IT assets to gain initial entry and pivot to applications, systems and data in the cloud.

“CrowdStrike pioneered the concept of blending industry-leading technology with proactive threat hunting to deliver truly comprehensive protection that closes the gap between detection and response,” said Shawn Henry, CrowdStrike chief security officer and president of CrowdStrike Services. “We’re bringing that same leadership to Falcon OverWatch Cloud Threat Hunting – a cloud-specific new service that no other vendor can offer. Organizations gain access to around-the-clock cloud expertise without the costly overhead or requisite investments in hiring, training and tooling that’s required to succeed in combating adversaries. We believe that Falcon OverWatch Cloud Threat Hunting is a powerful force multiplier for organizations seeking a dedicated service to protect their cloud environments.”

“Elite threat hunting skills are hard to find and retain, and Falcon OverWatch has truly been a seamless extension of our security team to see and stop sophisticated cloud threats,” said Michael Sherwood, CIO for the City of Las Vegas. “As we move away from physical hardware and more to virtual and cloud-based systems, we are looking for partners who have the skills and technology to support that transition. CrowdStrike has enabled us to make these shifts securely – marrying automation with human intelligence to deliver effective, real-time threat prevention.”

“Cloud complexity isn’t slowing down and the attack surface keeps growing exponentially – something adversaries have taken advantage of,” said Craig Robinson, Research Vice President, Security Services at IDC. “Having the right technology and processes in place are two legs of the cybersecurity stool, but organizations also need the right expertise as the third leg to combat sophisticated cloud threats.”