CrowdStrike, profile picture
Uploaded byCrowdStrike
3,006 views

Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting

The document discusses proactive threat hunting as a vital endpoint protection strategy that goes beyond traditional alerting, emphasizing the need for managed detection and response to address emerging threats. It highlights the evolution of endpoint detection maturity and the benefits of proactive hunting through CrowdStrike's Falcon Overwatch service. The approach involves continuous investigation, prioritization of alerts, and collaboration with organizations to enhance response efforts and prevent significant security breaches.

Embed presentation

Downloaded 207 times
PROACTIVE THREAT HUNTING: GAME-CHANGING ENDPOINT PROTECTION BEYOND ALERTING 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CHRIS WITTER – SR. DIRECTOR, HUNTING OPERATIONS CON MALLON – SR. DIRECTOR, PRODUCT MARKETING
FALCON PLATFORM CLOUD DELIVERED API 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. MANAGED HUNTING THREAT INTEL ENDPOINT DETECTION AND RESPONSE IT HYGIENE NEXT-GEN ANTIVIRUS ENDPOINT PROTECTION
A DEEPER DIVE INTO ‘HUNTING’
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. EDR MATURITY MODEL LEVEL OF PROTECTION NO EDR – reliant on ‘prevention’ – but what of the 1% that slips through? LIMITED EDR – ‘dumb collection’ approach where the burden is on the user to sift & search to find meaningful detections with limited response tools SMART EDR – ‘native automation’ automatically and prioritizes alerts and can prevent for you if needed - still struggling to find resources to implement hunting on the data set MANAGED DETECTION & RESPONSE – proactive managed hunting, investigation and response activity on emerging and advanced threats - leveraging rich data using advanced analytics in the hands of proven and experienced team of threat hunters
WHY DO WE NEED HUNTING? THE SECURITY PROBLEM THE PEOPLE PROBLEM THE DETECTION PROBLEM REACTIVE POSTURE PROACTIVE POSTURE Judging the intent of code Alert fatigue à False negatives New IOC / TTP? Detect novel threats? 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
WHICH IS LEADING TO THIS “By 2020, 15% of midsize and enterprise organizations will be using services like MDR, up from less than 1% today.” Gartner: Market Guide for Managed Detection and Response Services – May, 2016
WHAT IS HUNTING? A few common use cases cause us to perform “proactive” investigation: § Retroactive discovery → New intel, pattern matching, intrusion artifacts § New artifact discovery → Analysis of telemetry to discover outliers § Detection method discovery → Pattern/IOA hypothesis testing DEFINITION HYPOTHESIS “Hunting is the discovery of malicious artifacts or detection methods not accounted for in passive monitoring capabilities.”
WHERE DOES HUTING FIT INTO YOUR DETECTION PROGRAM? ANOMALY BEHAVIORAL ATOMIC HUNTING REGIMENT New Artifact Discovery Detection Method Discovery Retroactive Discovery Detect the tactic you know Detect what you don’t know Detect what you know HOLISTIC DETECTION PROGRAM
FALCON OVERWATCH MANAGED HUNTING FINDING THE ADVERSARY So You Don’t Have To BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 BUSINESS VALUE Alert prioritization –pinpoint urgent threats and avoid false positives Guided remediation – work with your team to add clarity, speed and precision to support response efforts Threat Hunting – proactive 24x7 hunting eliminating false negatives
FALCON OVERWATCH 2017 OBSERVATIONS • Powershell • Mixed TTPs • Advanced <-> Everyday • Twitter à Attack
THE OVERWATCH MODEL
OUR APPROACH TO PROACTIVE HUNTING HUNTING STRATEGIC SOC Retroactive discovery New artifact discovery Detection method discovery 24x7 coverage Continuous investigation Intrusion triage & scoping + FALCON OVERWATCH Hunt Investigate Advise …Stop the breach
PLATFORM STACK OPERATORS TRADECRAFT TOOLS CYBER ACTOR CrowdStrike FALCON MANAGED HUNTING EDR NEXT-GEN AVTechnology Processes People
Falcon OverWatch Strategically Focused Hunting Security Operations Regimen CrowdStrike Threat Intelligence Cloud Analytics / ML CrowdStrike Services / IR SOC INCIDENT RESPONSE HUNTING ADVANCED ANALYTICS CustomerCrowdStrike
FALCON OVERWATCH IN DETAIL
FALCON OVERWATCH DATA & PROCESS FLOW CUSTOMER ENDPOINTS CONTINUOUS ENDPOINT DATA 1 FALCON UI • Detection details • EAM investigation • Intelligence/Actors 2 OVERWATCH ANALYTICS PLATFORM • Falcon data streams • Hunting triggers • Advanced analytics • Business logic 3 • Strategic analysis • Atomic + Behavioral + Anomaly detection • Rapid intrusion triage and scoping OVERWATCH HUNTERS 4 • Notification of intrusions/breaches • Expert operators <--> Support channel 5 CROWDSTRIKE CLOUD Patented Threat Graph ™
OVERWATCH IN-PRODUCT ALERTING
INVESTIGATING THE OVERWATCH ALERTS
INVESTIGATING THE OVERWATCH ALERTS
OVERWATCH EXAMPLE -SENDING RICH NOTIFICATIONS Summary Scenario Human Analysis Actionable Information
TO SUMMARIZE • Proactive managed hunting is for organizations that want an additional layer of protection to make sure that nothing gets missed • Falcon OverWatch is a managed threat hunting service built on the Falcon Platform to ensure that nothing gets missed and ultimately prevent the mega breach
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Questions? Please submit all questions in the Q&A chat right below the presentation slides Contact Us Additional Information Join Weekly Demos crowdstrike.com/productdemos Featured Asset: Proactive Hunting Whitepaper Link in Resource List Website: crowdstrike.com Email: info@crowdstrike.com Number: 1.888.512.8902 (US)

More Related Content

PPTX
Threat hunting for Beginners
bySKMohamedKasim
 
PPTX
EDR - Cehckpoint CPX 2024 Harmony Endpoint.pptx
byAldoPalominoBravo
 
PDF
Threat Hunting Procedures and Measurement Matrice
byVishal Kumar
 
PDF
Cyber Threat hunting workshop
byArpan Raval
 
PPTX
Threat hunting and achieving security maturity
byDNIF
 
PPTX
Threat hunting in cyber world
byAkash Sarode
 
PDF
Global Cyber Threat Intelligence
byNTT Innovation Institute Inc.
 
PDF
Cyber Threat Intelligence - It's not just about the feeds
byIain Dickson
 
Threat hunting for Beginners
bySKMohamedKasim
 
EDR - Cehckpoint CPX 2024 Harmony Endpoint.pptx
byAldoPalominoBravo
 
Threat Hunting Procedures and Measurement Matrice
byVishal Kumar
 
Cyber Threat hunting workshop
byArpan Raval
 
Threat hunting and achieving security maturity
byDNIF
 
Threat hunting in cyber world
byAkash Sarode
 
Global Cyber Threat Intelligence
byNTT Innovation Institute Inc.
 
Cyber Threat Intelligence - It's not just about the feeds
byIain Dickson
 

What's hot

PDF
Cloud-Enabled: The Future of Endpoint Security
byCrowdStrike
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
PDF
State of Endpoint Security: The Buyers Mindset
byCrowdStrike
 
PDF
Q radar architecture deep dive
byKamal Mouline
 
PDF
Threat Hunting Report
byMorane Decriem
 
PPTX
Threat Hunting with Splunk Hands-on
bySplunk
 
PDF
Battling Unknown Malware with Machine Learning
byCrowdStrike
 
PDF
Elastic SIEM (Endpoint Security)
byKangaroot
 
PDF
PaloAlto Enterprise Security Solution
byPrime Infoserv
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
PPTX
Threat hunting - Every day is hunting season
byBen Boyd
 
PDF
Threat Hunting
bySplunk
 
PPSX
Zero-Trust SASE DevSecOps
byAraf Karsh Hamid
 
PPTX
Bsides 2019 - Intelligent Threat Hunting
byDhruv Majumdar
 
PPTX
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
PPTX
Security Information and Event Management (SIEM)
byk33a
 
PDF
Introduction to MITRE ATT&CK
byArpan Raval
 
PDF
Threat-Based Adversary Emulation with MITRE ATT&CK
byKatie Nickels
 
PDF
SIEM Architecture
byNishanth Kumar Pathi
 
PDF
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
Cloud-Enabled: The Future of Endpoint Security
byCrowdStrike
 
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
State of Endpoint Security: The Buyers Mindset
byCrowdStrike
 
Q radar architecture deep dive
byKamal Mouline
 
Threat Hunting Report
byMorane Decriem
 
Threat Hunting with Splunk Hands-on
bySplunk
 
Battling Unknown Malware with Machine Learning
byCrowdStrike
 
Elastic SIEM (Endpoint Security)
byKangaroot
 
PaloAlto Enterprise Security Solution
byPrime Infoserv
 
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
Threat hunting - Every day is hunting season
byBen Boyd
 
Threat Hunting
bySplunk
 
Zero-Trust SASE DevSecOps
byAraf Karsh Hamid
 
Bsides 2019 - Intelligent Threat Hunting
byDhruv Majumdar
 
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
Security Information and Event Management (SIEM)
byk33a
 
Introduction to MITRE ATT&CK
byArpan Raval
 
Threat-Based Adversary Emulation with MITRE ATT&CK
byKatie Nickels
 
SIEM Architecture
byNishanth Kumar Pathi
 
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 

Similar to Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting

PPTX
What is Threat Hunting? - Panda Security
byPanda Security
 
PPTX
Cyber Threat Hunting with Phirelight
byHostway|HOSTING
 
PPTX
CrowdStrike Falcon Insight (01212026).pptx
bypjsantos17
 
PDF
Cyber Threat Hunting Workshop.pdf
byssuser4237d4
 
PDF
Cyber Threat Hunting Workshop.pdf
byssuser4237d4
 
PPTX
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
PPTX
CrowdStrike Falcon XDR Slides (01212026).pptx
bypjsantos17
 
PDF
Videocon Service Center in Mumbai
byuhaglobaltechnoservi
 
PPTX
Hunting before a Known Incident
byEndgameInc
 
PDF
Maturing your threat hunting program
byCybereason
 
PDF
Why_TG
byTOP GUN
 
PDF
April 2015 Webinar: Cyber Hunting with Sqrrl
bySqrrl
 
PDF
End-Point Security Protecting Networks from Cyber Threats - DigitDefence
byyams12611
 
PDF
You Can't Stop The Breach Without Prevention And Detection
byCrowdStrike
 
PPTX
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
PDF
Cyber Threat Hunting Meap V05 Chapters 1 To 8 Of 13 Nadhem Alfardan
bycawulineriku
 
PPTX
panw-cortex-xdr-customer-presentation.pptx
byduyanhNguyen70
 
PDF
How to Replace Your Legacy Antivirus Solution with CrowdStrike
byCrowdStrike
 
PPTX
Threat hunting foundations: People, process and technology.pptx
byInfosec
 
PDF
huntpedia.pdf
byCecilSu
 
What is Threat Hunting? - Panda Security
byPanda Security
 
Cyber Threat Hunting with Phirelight
byHostway|HOSTING
 
CrowdStrike Falcon Insight (01212026).pptx
bypjsantos17
 
Cyber Threat Hunting Workshop.pdf
byssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
byssuser4237d4
 
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
CrowdStrike Falcon XDR Slides (01212026).pptx
bypjsantos17
 
Videocon Service Center in Mumbai
byuhaglobaltechnoservi
 
Hunting before a Known Incident
byEndgameInc
 
Maturing your threat hunting program
byCybereason
 
Why_TG
byTOP GUN
 
April 2015 Webinar: Cyber Hunting with Sqrrl
bySqrrl
 
End-Point Security Protecting Networks from Cyber Threats - DigitDefence
byyams12611
 
You Can't Stop The Breach Without Prevention And Detection
byCrowdStrike
 
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
Cyber Threat Hunting Meap V05 Chapters 1 To 8 Of 13 Nadhem Alfardan
bycawulineriku
 
panw-cortex-xdr-customer-presentation.pptx
byduyanhNguyen70
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
byCrowdStrike
 
Threat hunting foundations: People, process and technology.pptx
byInfosec
 
huntpedia.pdf
byCecilSu
 

More from CrowdStrike

PDF
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
byCrowdStrike
 
PDF
Cyber Security Extortion: Defending Against Digital Shakedowns
byCrowdStrike
 
PDF
An Inside Look At The WannaCry Ransomware Outbreak
byCrowdStrike
 
PDF
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
byCrowdStrike
 
PDF
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
byCrowdStrike
 
PDF
Bear Hunting: History and Attribution of Russian Intelligence Operations
byCrowdStrike
 
PDF
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
byCrowdStrike
 
PDF
Venom
byCrowdStrike
 
PDF
CrowdCasts Monthly: When Pandas Attack
byCrowdStrike
 
PDF
CrowdCast Monthly: Operationalizing Intelligence
byCrowdStrike
 
PDF
CrowdCasts Monthly: Going Beyond the Indicator
byCrowdStrike
 
PDF
CrowdCasts Monthly: You Have an Adversary Problem
byCrowdStrike
 
PDF
CrowdCasts Monthly: Mitigating Pass the Hash
byCrowdStrike
 
PDF
End-to-End Analysis of a Domain Generating Algorithm Malware Family
byCrowdStrike
 
PDF
TOR... ALL THE THINGS
byCrowdStrike
 
PDF
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
byCrowdStrike
 
PDF
TOR... ALL THE THINGS Whitepaper
byCrowdStrike
 
PDF
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
byCrowdStrike
 
PDF
Hacking Exposed Live: Mobile Targeted Threats
byCrowdStrike
 
PDF
Be Social. Use CrowdRE.
byCrowdStrike
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
byCrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
byCrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
byCrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
byCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
byCrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
byCrowdStrike
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
byCrowdStrike
 
Venom
byCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
byCrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
byCrowdStrike
 
CrowdCasts Monthly: Going Beyond the Indicator
byCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
byCrowdStrike
 
CrowdCasts Monthly: Mitigating Pass the Hash
byCrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
byCrowdStrike
 
TOR... ALL THE THINGS
byCrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
byCrowdStrike
 
TOR... ALL THE THINGS Whitepaper
byCrowdStrike
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
byCrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
byCrowdStrike
 
Be Social. Use CrowdRE.
byCrowdStrike
 

Recently uploaded

PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
apidays New York 2025 | AI in Application Security
byapidays
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 

Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting

  • 1.
    PROACTIVE THREAT HUNTING: GAME-CHANGINGENDPOINT PROTECTION BEYOND ALERTING 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CHRIS WITTER – SR. DIRECTOR, HUNTING OPERATIONS CON MALLON – SR. DIRECTOR, PRODUCT MARKETING
  • 2.
    FALCON PLATFORM CLOUD DELIVERED API 2017CROWDSTRIKE, INC. ALL RIGHTS RESERVED. MANAGED HUNTING THREAT INTEL ENDPOINT DETECTION AND RESPONSE IT HYGIENE NEXT-GEN ANTIVIRUS ENDPOINT PROTECTION
  • 3.
    A DEEPER DIVEINTO ‘HUNTING’
  • 4.
    2017 CROWDSTRIKE, INC.ALL RIGHTS RESERVED. EDR MATURITY MODEL LEVEL OF PROTECTION NO EDR – reliant on ‘prevention’ – but what of the 1% that slips through? LIMITED EDR – ‘dumb collection’ approach where the burden is on the user to sift & search to find meaningful detections with limited response tools SMART EDR – ‘native automation’ automatically and prioritizes alerts and can prevent for you if needed - still struggling to find resources to implement hunting on the data set MANAGED DETECTION & RESPONSE – proactive managed hunting, investigation and response activity on emerging and advanced threats - leveraging rich data using advanced analytics in the hands of proven and experienced team of threat hunters
  • 5.
    WHY DO WENEED HUNTING? THE SECURITY PROBLEM THE PEOPLE PROBLEM THE DETECTION PROBLEM REACTIVE POSTURE PROACTIVE POSTURE Judging the intent of code Alert fatigue à False negatives New IOC / TTP? Detect novel threats? 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 6.
    WHICH IS LEADINGTO THIS “By 2020, 15% of midsize and enterprise organizations will be using services like MDR, up from less than 1% today.” Gartner: Market Guide for Managed Detection and Response Services – May, 2016
  • 7.
    WHAT IS HUNTING? Afew common use cases cause us to perform “proactive” investigation: § Retroactive discovery → New intel, pattern matching, intrusion artifacts § New artifact discovery → Analysis of telemetry to discover outliers § Detection method discovery → Pattern/IOA hypothesis testing DEFINITION HYPOTHESIS “Hunting is the discovery of malicious artifacts or detection methods not accounted for in passive monitoring capabilities.”
  • 8.
    WHERE DOES HUTINGFIT INTO YOUR DETECTION PROGRAM? ANOMALY BEHAVIORAL ATOMIC HUNTING REGIMENT New Artifact Discovery Detection Method Discovery Retroactive Discovery Detect the tactic you know Detect what you don’t know Detect what you know HOLISTIC DETECTION PROGRAM
  • 9.
    FALCON OVERWATCH MANAGEDHUNTING FINDING THE ADVERSARY So You Don’t Have To BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 BUSINESS VALUE Alert prioritization –pinpoint urgent threats and avoid false positives Guided remediation – work with your team to add clarity, speed and precision to support response efforts Threat Hunting – proactive 24x7 hunting eliminating false negatives
  • 10.
    FALCON OVERWATCH 2017OBSERVATIONS • Powershell • Mixed TTPs • Advanced <-> Everyday • Twitter à Attack
  • 11.
  • 12.
    OUR APPROACH TOPROACTIVE HUNTING HUNTING STRATEGIC SOC Retroactive discovery New artifact discovery Detection method discovery 24x7 coverage Continuous investigation Intrusion triage & scoping + FALCON OVERWATCH Hunt Investigate Advise …Stop the breach
  • 13.
    PLATFORM STACK OPERATORS TRADECRAFT TOOLS CYBER ACTORCrowdStrike FALCON MANAGED HUNTING EDR NEXT-GEN AVTechnology Processes People
  • 14.
  • 15.
  • 16.
    FALCON OVERWATCH DATA& PROCESS FLOW CUSTOMER ENDPOINTS CONTINUOUS ENDPOINT DATA 1 FALCON UI • Detection details • EAM investigation • Intelligence/Actors 2 OVERWATCH ANALYTICS PLATFORM • Falcon data streams • Hunting triggers • Advanced analytics • Business logic 3 • Strategic analysis • Atomic + Behavioral + Anomaly detection • Rapid intrusion triage and scoping OVERWATCH HUNTERS 4 • Notification of intrusions/breaches • Expert operators <--> Support channel 5 CROWDSTRIKE CLOUD Patented Threat Graph ™
  • 17.
  • 18.
  • 19.
  • 20.
    OVERWATCH EXAMPLE -SENDINGRICH NOTIFICATIONS Summary Scenario Human Analysis Actionable Information
  • 21.
    TO SUMMARIZE • Proactivemanaged hunting is for organizations that want an additional layer of protection to make sure that nothing gets missed • Falcon OverWatch is a managed threat hunting service built on the Falcon Platform to ensure that nothing gets missed and ultimately prevent the mega breach
  • 22.
    2017 CROWDSTRIKE, INC.ALL RIGHTS RESERVED. Questions? Please submit all questions in the Q&A chat right below the presentation slides Contact Us Additional Information Join Weekly Demos crowdstrike.com/productdemos Featured Asset: Proactive Hunting Whitepaper Link in Resource List Website: crowdstrike.com Email: info@crowdstrike.com Number: 1.888.512.8902 (US)