CrowdStrike is launching new innovations to power the AI-native security operations center (SOC) and help teams hunt and resolve threats with speed and accuracy.
A new solution, CrowdStrike Falcon® Adversary OverWatch Next-Gen SIEM, will bring managed threat hunting to available third-party data and extend the visibility of CrowdStrike’s elite threat hunters into unmanaged attack surfaces. We are also announcing advanced user and entity behavior analytics (UEBA), case management, and identity security automation capabilities for CrowdStrike Falcon® Next-Gen SIEM to accelerate response to suspicious user behavior and identity-based attacks.
Adversaries continue to target long-standing entry points such as firewalls, routers, VPNs, and email gateways to bypass defenses. While these threats aren’t new, detecting them across evolving business infrastructure is a critical challenge. SOC teams often struggle to correlate signals across siloed tools, leading to missed threats, delayed response, and longer dwell time. Organizations need granular visibility to discover and remediate threats targeting these assets.
With these innovations, security teams can use CrowdStrike’s industry-leading technology and services to streamline operations, hunt for threats, and quickly detect and respond to adversary activity targeting key entry points and their broader IT environments.
Inside Falcon Adversary OverWatch Next-Gen SIEM
Falcon Adversary OverWatch Next-Gen SIEM is a new solution built to bring real-time managed threat hunting to available third-party SIEM data from network edge devices, identity and access management tools, SaaS applications, and email security tools, among other sources, to uncover threats in their early stages. This is in addition to the threat hunting of first-party data across endpoint, cloud, and identity that CrowdStrike’s expert threat hunters already provide.
Modern SOCs are flooded with data but starved for insight. Despite investments in SIEM and log aggregation tools, many organizations are slow to detect and stop adversaries due to siloed systems and uncorrelated alerts leaving blind spots across the IT environment. The solution isn’t more data — it’s proactive threat hunting powered by visibility across attack surfaces.
Falcon Adversary OverWatch, powered by the CrowdStrike Falcon® cybersecurity platform, uses patented AI, deep adversary expertise, and threat intelligence to uncover threats. Falcon Next-Gen SIEM unifies native and third-party data, real-time intelligence, and AI-driven automation to deliver full visibility, high-fidelity alerts, and accelerated response. CrowdStrike is bringing these capabilities together to power the modern SOC.
Threat hunting requires specific tools and expertise. Falcon Adversary OverWatch enriches SIEM events with threat intelligence and the results of expert investigation, in conjunction with AI, to turn massive volumes of telemetry into high-confidence alerts. This accelerates detection, reduces alert fatigue, and builds confidence in every decision. Falcon Adversary OverWatch does the heavy lifting — correlating signals, analyzing behaviors, filtering out false positives, and surfacing threats — so SOC analysts can focus on stopping adversaries.
With up to 4.7 trillion events regularly analyzed daily and 24/7 expert-driven threat hunting, Falcon Adversary OverWatch delivers end-to-end visibility across third-party, hybrid, and multi-cloud environments. Every detection benefits all customers: If Falcon Adversary OverWatch uncovers a new threat in one environment, it checks across all environments to determine whether others are at risk. This collective defense model enhances protection across all customer environments and helps contain emerging threats.
By extending managed threat hunting to available third-party data, CrowdStrike delivers comprehensive visibility and expert-led, AI-powered detection across attack surfaces, empowering the SOC to find and stop threats before initial access turns into a full-scale breach.
Elevating Security Operations with Falcon Next-Gen SIEM
New UEBA in Falcon Next-Gen SIEM delivers behavior-based threat detection powered by automation, AI, and contextual awareness. It’s built to address the gaps traditional tools miss and empower security teams with visibility and speed to take control of the outcome.
Legacy SIEM systems struggle with modern data volume and complexity, flooding analysts with false positives and slowing response times. Rather than surfacing real threats, traditional UEBA tools generate noise and rely on older models that adversaries have learned to evade.
Falcon Next-Gen SIEM reimagines behavior analytics to fulfill the original promise of UEBA without the guesswork, noise, or endless fine-tuning. It correlates detections across users, hosts, and activities in a centralized platform to uncover insider threats and other activity that adversaries disguise as normal behavior. This UEBA capability prioritizes high-fidelity detections by assigning AI-powered risk scores that reflect the urgency of each incident. The risk score is fully transparent and customizable, helping analysts focus on threats that pose the greatest risk.
Leave a Reply