The threat presented by today’s adversaries is as pervasive as it is dangerous — eCrime and state-nexus actors alike are attempting to infiltrate companies and organizations of all sizes and across all verticals.
While technology is a powerful tool for performing routine or repeatable analysis, the only way to effectively hunt and contain sophisticated and determined cyber threat actors is to use the expertise and ingenuity of human threat hunters.
The Telescope and the Microscope: Two Sides of the Threat Hunting Coin
Threat hunting is an ever-evolving discipline that proactively tracks changes in adversaries’ behavior. It requires a broad awareness of the threat landscape — the telescopic view — and can be augmented by a deeper understanding of a customer’s pain points or areas of identified risk — the microscopic view. The most comprehensive threat hunting leverages both the telescopic and microscopic viewpoints, blending the insights gained from both perspectives to safeguard a customer’s assets from threats.
The CrowdStrike Falcon OverWatch™ team’s continuous hunting operations are driven by a world-class team of dedicated in-house threat hunters — individuals who are relentlessly committed to honing their craft and dedicated to the mission of stopping breaches. OverWatch analysts track the most stealthy and persistent hands-on-keyboard campaigns, actively hunting for that last 1% of malicious activity deliberately seeking to subvert technology-based controls.
Using patented hunting tools, OverWatch hunters leverage the power of the CrowdStrike Security Cloud to hunt across in excess of one trillion events a day — proactively searching for that malicious activity designed to blend in with the benign. Given the sheer breadth of information available to them, OverWatch analysts are skilled at identifying even the faintest signs of activity indicative of threat actor behavior and emerging threats, enabling customers to rapidly disrupt malicious behavior before its impact is felt.
The Power of Elite Tailored Threat Hunting
For organizations that are looking for an active partnership with their hunters, CrowdStrike offers OverWatch Elite — the personalized customer engagement add-on for CrowdStrike’s Falcon OverWatch managed threat hunting service.
OverWatch Elite builds on the continuous 24/7 human-led threat hunting provided by OverWatch, leveraging the ability to hunt across global telemetry to address areas of concern identified by customers. OverWatch Elite customers have access to an assigned threat analyst who provides a range of services to drive improved maturity across a customer’s internal security team. These services include expert coaching to support any in-house hunting efforts, regular threat updates, and a dedicated line of communication to address any queries or concerns as they arise. In partnership with their assigned analyst, customers can develop, operationalize and tune their threat hunting programs to ensure that supplementary threat hunts are tailored to their needs.
OverWatch Elite analysts build close partnerships with their assigned customers to develop a shared understanding of an organization’s unique structure and requirements. OverWatch Elite analysts are then able to tune their tools to the particular nuances found within a customer’s environment. In addition to addressing the customer’s needs, this fine-tuning enables all OverWatch analysts to more easily identify hands-on-keyboard activity and respond promptly to potential threats.
The fast, closed-loop communication between customers and the OverWatch Elite team allows for greater collaboration to address issues. Whether a customer has seen the news about a recent vulnerability or read an intelligence report about certain threat actors targeting companies in their sector, assigned analysts are available to listen and respond to these concerns by performing threat hunts tailored to address them.
Working Better Together
It is important to recognize that these two parts of OverWatch share a common mission: stopping breaches. OverWatch and OverWatch Elite analysts work hand-in-hand daily to ensure all customers are protected against those malicious hands-on-keyboard activities designed to evade detection. All teams under the OverWatch umbrella work together continuously to provide the best customer service possible.
OverWatch Elite Manager Gareth Willams puts it best: “You can’t look at the moon with a microscope and you can’t use a telescope to see small objects, but both give you a great field of vision.”
In addition to tailored threat hunting services, OverWatch Elite offers several additional features that truly make this a customer engagement-centric managed threat hunting service. Additional offerings include 60-minute call escalation for critical threats, which provides OverWatch Elite customers added peace of mind when it comes to rapidly disrupting adversary activity within their environments. OverWatch Elite customers are also invited to a private Slack channel where they can reach an OverWatch Elite analyst to respond with speed and confidence.
For more information, please visit OverWatch Elite’s page on CrowdStrike’s website.
Leave a Reply