2020 THREAT HUNTING REPORT INSIGHTS FROM THE CROWDSTRIKE OVERWATCH TEAM
Falcon OverWatchTM is the CrowdStrike® managed threat hunting service built on the CrowdStrike Falcon® platform. OverWatch provides deep and continuous human analysis on a 24/7 basis to relentlessly hunt for anomalous or novel attacker tradecraft designed to evade other detection techniques.
OverWatch comprises an elite team of cross-disciplinary specialists that harness the massive power of the CrowdStrike Threat Graph®, enriched with CrowdStrike threat intelligence, to continuously hunt, investigate and advise on sophisticated threat activity in customer environments. Armed with cloud-scale telemetry of over 3 trillion endpoint events collected per week, and detailed tradecraft on 140 adversary groups, OverWatch has the unparalleled ability to see and stop the most sophisticated threats, leaving adversaries with nowhere to hide.
This report provides a summary of OverWatch’s threat hunting findings from the first half of 2020. It reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. The report’s findings relate to the targeted and interactive intrusions that OverWatch tracks and are not necessarily representative of the full spectrum of attacks that are stopped by the Falcon platform.