CrowdStrike Delivers Managed Threat Hunting

CrowdStrike Delivers Industry-First Managed Threat Hunting Across Third-Party Data

Falcon Adversary OverWatch now hunts across third-party data in Falcon Next-Gen SIEM, extending expert-driven detection across every attack surface to stop stealthy adversaries

CrowdStrike announced Falcon Adversary OverWatch Next-Gen SIEM, the first and only solution to bring managed threat hunting to third-party data. This breakthrough innovation extends the visibility of CrowdStrike’s elite threat hunters into unmanaged attack surfaces that adversaries have long exploited. By leveraging third-party data ingested by Falcon Next-Gen SIEM, CrowdStrike delivers 24/7 expert detection beyond endpoints, identity and cloud environments to stop breaches across every attack surface.

Adversaries strike from all angles, and once inside, they move laterally with alarming speed. Groups like FAMOUS CHOLLIMA embed malicious insiders to operate from within. Others, like OPERATOR PANDA exploit unmanaged infrastructure, edge devices and siloed systems like firewalls, VPNs and email gateways – where traditional tools lack visibility. By extending managed threat hunting to third-party data, CrowdStrike delivers faster detection, broader coverage and even greater speed in stopping breaches.

“Today’s adversaries move incredibly fast and thrive on the complexity of modern environments. They exploit the sprawl of IT and security tools to give them an edge, while defenders are left to stitch together disjointed data to try and find signals in the noise,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “With OverWatch now hunting across third-party data, we’re eliminating the blind spots that adversaries rely on, delivering unified visibility, expert-led detection and the early insight needed to stop breaches.”

Transform the SOC with Falcon Adversary OverWatch and Next-Gen SIEM

CrowdStrike’s latest innovations set a new standard for modern security operations. Powered by the AI-native CrowdStrike Falcon® cybersecurity platform, Falcon Adversary OverWatch uses deep adversary expertise and industry-leading threat intelligence to rapidly uncover evasive threats. Falcon Next-Gen SIEM unifies native and third-party data, real-time intelligence and AI-driven automation to deliver comprehensive visibility, high-fidelity alerts and machine speed response. New innovations include:

Expert-Led Threat Hunting Across all Attack Surfaces: Integrates real-time, 24/7 threat hunting from Falcon Adversary OverWatch with first-party endpoint, identity, cloud and third-party data from Falcon Next-Gen SIEM. Expands coverage across unmanaged infrastructure that adversaries often exploit to expose hidden threats.
UEBA and Case Management for Falcon Next-Gen SIEM: Analyzes user behavior with advanced machine learning to uncover insider threats and stealthy adversaries once they're on the network. With AI-driven risk scoring, entity resolution and automated workflows, security teams can reduce false positives, connect related activities across data sources and investigate in a centralized platform to respond faster.
Unified Identity Security and Next-Gen SIEM: The powerful combination of Falcon® Identity Protection and Falcon Next-Gen SIEM enables security teams to detect and prioritize identity-based threats in real time, while Falcon Fusion SOAR automates Active Directory actions – like disabling compromised accounts and MFA enforcement – to respond at machine speed.
CrowdStrike Pulse Services: To help customers drive SOC transformation, CrowdStrike Pulse Services reduces active risk with targeted offerings such as ransomware readiness planning, high-value asset protection strategies and cyber resiliency uplift. Delivered through modular, expert-led engagements, Pulse helps teams improve response times and build more resilient operations.

Source: CrowdStrike media announcement

Click to learn how to make your agents super!

Follow @PipelineWire