Mobile
5/8/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CrowdStrike Expands Its Market-leading Managed Threat Hunting Service

CrowdStrike Falcon OverWatch now offers additional services levels for customers who want guided response and remote incident management

Irvine – CrowdStrike, a cloud-delivered endpoint protection company, today launched new service levels for its Falcon OverWatch managed threat hunting solution. The new offerings add guided remediation and remote incident management options for customers and the flexibility to choose the best response and remediation strategy that meets their needs.

CrowdStrike is offering a managed threat hunting service (referred to as Managed Detection and Response (MDR) Services by Gartner) supported by the CrowdStrike Falcon Platform to help companies detect threats and prevent the mega breach. Leveraging CrowdStrike’s threat telemetry, collecting more than 40 billion events a day, the Falcon OverWatch team has insights into the modern-day threat landscape and aims to take managed hunting to a new level of fidelity and precision. With real-time backing by CrowdStrike Falcon Insight, CrowdStrike’s endpoint detection and response (EDR) solution, and threat intelligence, the Falcon OverWatch team has deep visibility, rapid investigation and remediation capabilities to support customers with threat hunting, alert prioritization and real-time response.

According to Anton Chuvakin, research vice president at Gartner for Technical Professionals (GTP) Security and Risk Management group, “In addition to uncovering the hidden threats in your environment, ongoing threat hunting will improve your knowledge of your IT environment, reveal unmanaged and rogue systems, and deliver other side benefits. It will also enrich your internal threat intelligence efforts if any.” [1]

CrowdStrike is releasing new service levels for its Falcon OverWatch managed threat hunting service. These service levels provide flexible options for organizations of all sizes:

  • OverWatch Standard – Built for organizations that elect to handle the response to security alerts internally, OverWatch Standard provides all the advantages of 24x7x365 managed threat hunting, with prioritized actionable alerts that include recommendations for remediation, enabling efficient and effective internal incident response.
  • OverWatch Essential – Developed for organizations that prefer assistance with OverWatch alerts, OverWatch Essential includes all the benefits of OverWatch Standard and adds closed loop communication and 24/7 follow-up in the event of a detection. OverWatch Essential also includes the ability to engage directly with CrowdStrike experts who can provide guidance and expert advice.
  • OverWatch Elite – For organizations that want incident hunting and response handled by CrowdStrike, OverWatch Elite provides the highest level of support, including fully-managed OverWatch alert response, custom response to incidents, and effective remediation implementation.

With Falcon OverWatch, CrowdStrike stops more than 15,000 breach attempts every year across its global customer base located in 176 countries. In addition, customers benefit from the crowdsourcing power of CrowdStrike’s fully cloud-based platform as each attack detection feeds into defenses for the entire community.

"Earlier this year, we expanded our CrowdStrike Falcon portfolio to enable customers to implement our endpoint security technology in a flexible and modular manner that best meets their needs," said Dmitri Alperovitch, CrowdStrike’s co-founder and chief technology officer. "Following this same model, the new Premium Support levels will deliver the expertise and benefits of our managed hunting and response at the service levels fit for customers of every size. We couldn’t be more pleased to expand our service tiers as our customers see our OverWatch team as a critical line of defense to stop the mega breach."

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.