Falcon OverWatch Cloud Threat Hunting is a new standalone threat hunting service in the market for hidden and advanced threats originating, operating, or persisting in cloud environments. It’s delivered by CrowdStrike (Nasdaq: CRWD), a global provider of cloud-delivered protection of endpoints, cloud workloads, identity, and data.
Rapid adoption of cloud-native architectures has expanded attack surfaces. According to Crowdstrike, IT security teams are sometimes left in the dark without visibility or the necessary skill sets to constantly monitor these intricate cloud environments for sophisticated attacks. As a result, attackers are locating cloud assets and taking advantage of them before security teams can do so.
The Falcon OverWatch Cloud Threat Hunting solution looks into suspicious and aberrant activities as well as unique attacker tradecraft by utilizing CrowdStrike’s agent-based and agentless Cloud Native Application Protection Platform (CNAPP) capabilities.
“Cloud complexity isn’t slowing down and the attack surface keeps growing exponentially – something adversaries have taken advantage of,” said Craig Robinson, Research Vice President, Security Services at IDC. “Having the right technology and processes in place are two legs of the cybersecurity stool, but organizations also need the right expertise as the third leg to combat sophisticated cloud threats.”
Protecting Cloud Environments
Falcon OverWatch Cloud Threat Hunting operates around-the-clock, 365 days a year, and may stop events and breaches while proactively warning clients about cloud-based assaults, including:
- Attacks on Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, and other cloud service providers are occurring within and across their infrastructure
- Sophisticated keyboard activity and zero-day vulnerabilities that exploit and jeopardize production-level cloud applications and containers
- IOAs that are cloud-based, include node breaches, control plane and serverless vulnerabilities, configuration errors, abnormal application behavior, container escapes, and more
- Attack routes that use traditional IT assets as a first point of access before switching to cloud apps, systems, and data
“CrowdStrike pioneered the concept of blending industry-leading technology with proactive threat hunting to deliver truly comprehensive protection that closes the gap between detection and response,” said Shawn Henry, Chief Security Officer (CSO) and President of CrowdStrike Services. “We’re bringing that same leadership to Falcon OverWatch Cloud Threat Hunting – a cloud-specific new service that no other vendor can offer. Organizations gain access to around-the-clock cloud expertise without the costly overhead or requisite investments in hiring, training, and tooling that’s required to succeed in combating adversaries. We believe that Falcon OverWatch Cloud Threat Hunting is a powerful force multiplier for organizations seeking a dedicated service to protect their cloud environments.”