惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
P
Privacy International News Feed
Security Latest
Security Latest
H
Hacker News: Front Page
T
Tenable Blog
The Hacker News
The Hacker News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Security @ Cisco Blogs
Project Zero
Project Zero
O
OpenAI News
AI
AI
Spread Privacy
Spread Privacy
C
CERT Recently Published Vulnerability Notes
The Last Watchdog
The Last Watchdog
G
GRAHAM CLULEY
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
NISL@THU
NISL@THU
A
Arctic Wolf
T
Threat Research - Cisco Blogs
PCI Perspectives
PCI Perspectives
N
News and Events Feed by Topic
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Cybersecurity and Infrastructure Security Agency CISA
Simon Willison's Weblog
Simon Willison's Weblog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Google Online Security Blog
Google Online Security Blog
罗磊的独立博客
L
LINUX DO - 最新话题
U
Unit 42
S
Security Affairs
有赞技术团队
有赞技术团队
WordPress大学
WordPress大学
博客园 - 【当耐特】
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
月光博客
月光博客
Engineering at Meta
Engineering at Meta
腾讯CDC
F
Full Disclosure
Cyberwarzone
Cyberwarzone
S
SegmentFault 最新的问题
Recorded Future
Recorded Future
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
The Cloudflare Blog

Blog

CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike Why AI Projects Stall and How CIOs Can Respond | CrowdStrike CrowdStrike Leads 2026 Frost Radar for Cloud Runtime Security CrowdStrike Expands Identity Leadership with OpenID and IDPro CrowdStrike 2026 Report: China Fuels Attacks on Tech June 2026 Patch Tuesday: Updates and Analysis | CrowdStrike CrowdStrike and Zscaler Bring Continuous Identity Security to Zero Trust Access 3 Principles to Safely Scale Agentic AI | CrowdStrike ISO 42001:2023 and the New Reality of Cloud AI Data Risk How to Stop AI-Driven Data Loss | CrowdStrike CrowdStrike and NVIDIA Bring Enterprise-Grade Security to AI Factory CrowdStrike and NVIDIA Collaboration Scales AI-Native Agents Secure Shadow AI at the Control Plane with Falcon for IT CrowdStrike Named Leader in 2026 Gartner Magic Quadrant for Endpoint Protection Shadow AI: The Hidden Risk Expanding Across the Enterprise CrowdStrike Named a Leader in Identity Threat Detection and Response Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet Measuring AI-Enabled Success: 3 Trackable KPIs New Claude Integration Brings Audit Data to Falcon Platform How to Protect Identities and Sessions from Infostealers Now Live: CrowdStrike 2026 Financial Services Threat Landscape Report Falcon AIDR Detects Threats at Prompt Layer in Kubernetes AI Apps May 2026 Patch Tuesday: Updates and Analysis | CrowdStrike AI Threat Detection with Automated Leads | CrowdStrike CrowdStrike Named a Leader in Gartner Magic Quadrant for Cyberthreat Intelligence CrowdStrike Technical Risk Assessments Reveal Common Exposure Patterns Tune In: The Future of AI-Powered Vulnerability Discovery Defending Against CORDIAL SPIDER and SNARKY SPIDER CrowdStrike Expands ChatGPT Enterprise Integration CrowdStrike Named a Leader in 2026 Frost & Sullivan Radar for CNAPP CrowdStrike Expands Real-Time CDR to Google Cloud CrowdStrike Falcon Cloud Security Delivers 264% ROI CrowdStrike Falcon Platform Achieves 441% ROI in Three Years CrowdStrike Introduces Shadow AI Visibility Service How Defenders Must Respond to Frontier AI | CrowdStrike Frontier AI for Defenders: CrowdStrike and OpenAI TAC April 2026 Patch Tuesday: Updates and Analysis | CrowdStrike How CrowdStrike Accelerates Exposure Evaluation Against Threats | Blog STARDUST CHOLLIMA Likely Compromises Axios npm Package Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Detecting CVE-2026-20929: Kerberos Relay Attack via DNS CNAME Abuse How Charlotte AI Agentworks Fuels Security's Agentic Ecosystem CrowdStrike Flex for Services Expands Access to Elite Security Expertise Falcon Data Security Secures Data Wherever It Lives and Moves CrowdStrike Advances CNAPP with Adversary-Informed Risk Prioritization CrowdStrike Services and Agentic MDR Put Agentic SOC in Reach
CrowdStrike Launches Falcon OverWatch for Defender
Counter Adversary Operations · 2026-05-05 · via Blog

CrowdStrike is excited to announce Falcon OverWatch for Defender, a new offering that extends our elite managed threat hunting to Microsoft Defender environments.

The need for proactive threat hunting is increasingly urgent as adversary operations evolve: 82% of intrusions observed in 2025 were malware-free, the CrowdStrike 2026 Global Threat Report revealed, and the fastest eCrime breakout time was a mere 27 seconds. Adversaries using AI increased their attacks 89% year-over-year. 

Security tools remain essential, but not every sophisticated intrusion can be reliably detected through automation alone. Techniques including credential abuse, hands-on-keyboard activity, misuse of legitimate tools, and in-memory tradecraft are too subtle, novel, or context-dependent to automate high-fidelity detections for them without generating too much noise.

This is where Falcon OverWatch for Defender comes in. Powered by the AI-native CrowdStrike Falcon® platform, Falcon OverWatch for Defender adds continuous, expert-led threat hunting to Microsoft Defender environments. It helps organizations uncover stealthy attacker behavior, escalate high-confidence threats, and guide response before an intrusion becomes a breach. 

Threat Hunting In the Era of Frontier AI

Frontier AI models are poised to accelerate vulnerability discovery and exploitation, sparking concerns of a surge in vulnerabilities adversaries can target. But exploits shouldn’t be the extent of their concerns — after all, they’re only one step in the attack chain.

Adversaries using an exploit to gain initial access must take additional steps, such as privilege escalation or lateral movement, to achieve their goals. This is why post-exploit threat hunting is essential: It focuses on the critical window after entry, when attackers are in the environment but haven’t yet made an impact. In the frontier AI era, stopping a vulnerability exploit is ideal, but stopping post-exploitation activity is vital.

The problem is, adversaries are becoming harder to catch. Many blend into legitimate business activity by abusing trusted identities, admin tools, remote access software, and native system processes. They’re using AI to scale phishing attacks, automate reconnaissance, and quickly generate malicious scripts. In this environment, important signals are often new, too subtle, or lack key context to convert into reliable detections right away.

This is why continuous, intelligence-driven hunting is indispensable. The Falcon OverWatch team is built for this mission. Our combination of real-time intelligence, expert human hunters, and AI at scale uncovers post-exploit activity to stop attackers before an intrusion becomes a breach.

Extending CrowdStrike’s Open Approach to Microsoft Environments

Falcon OverWatch for Defender builds on CrowdStrike’s open approach to Microsoft environments. With the lightweight Falcon sensor running alongside Microsoft Defender, organizations can strengthen security outcomes without disrupting existing protections or operations.

This added visibility enables Falcon OverWatch hunters to uncover subtle patterns of attack that might otherwise remain hidden, validate suspicious activity, and escalate high-confidence threats. The result is a stronger security outcome for Microsoft Defender customers without requiring them to replace their endpoint deployment.

Below are the differentiated capabilities it provides: 

  • Threat hunting informed by deep adversary intelligence: CrowdStrike tracks more than 280 sophisticated nation-state, eCrime, and hacktivist adversaries. Falcon OverWatch hunters use this intelligence to identify threat actor behavior, investigate subtle indicators, and deliver high-confidence escalations. 
  • AI-powered hunting at machine speed and scale: Falcon OverWatch uses AI, proprietary hunting patterns, and adversary expertise to analyze up to 6.2 trillion events per day and uncover stealthy and novel threats. 
  • Visibility across millions of endpoints: With visibility across CrowdStrike’s broad global customer base and millions of endpoints, Falcon OverWatch can identify uncommon activity at scale and quickly operationalize new discoveries. When hunters identify a new technique in one environment, that knowledge is turned into new hunting patterns and applied across others. This improves detection posture and helps customers find evidence of both current and prior adversary activity. 

Real Outcomes, Proven at Scale

Falcon OverWatch operationalizes the latest threat intelligence to improve detection, analyzes 14 million detection leads annually, adds more than 1,800 new hunting patterns each year, and detects 100 high- to critical-severity intrusions every day.

With Falcon OverWatch for Defender, CrowdStrike extends our proven hunting model to Microsoft Defender customers to deliver the expertise, scale, and intelligence required to identify and stop sophisticated threats earlier.

 Additional Resources