SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
MFA
#
Cloud Security
#
SOC

CrowdStrike broadens Falcon threat hunting to third-party data

Today
Author image
By Melania Watson, Interview Editor

CrowdStrike has announced the extension of managed threat hunting capability to third-party data as part of its Falcon OverWatch Next-Gen SIEM offering.

The expansion involves Falcon Adversary OverWatch Next-Gen SIEM, which now enables managed hunting across third-party data ingested by Falcon Next-Gen SIEM.

This broadens its expert detection coverage beyond traditional environments such as endpoints, identity and cloud, addressing security across all attack surfaces.

The company stated that adversaries are increasingly exploiting gaps by targeting a range of systems, including unmanaged infrastructure, edge devices, and segmented environments such as firewalls, VPNs and email gateways. These are areas where existing tools may not provide full visibility.

Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, said: "Today's adversaries move incredibly fast and thrive on the complexity of modern environments."

"They exploit the sprawl of IT and security tools to give them an edge, while defenders are left to stitch together disjointed data to try and find signals in the noise. With OverWatch now hunting across third-party data, we're eliminating the blind spots that adversaries rely on, delivering unified visibility, expert-led detection and the early insight needed to stop breaches."

Falcon Adversary OverWatch Next-Gen SIEM uses threat intelligence together with expert-led analysis to uncover threats that may evade conventional controls. According to the company, by ingesting and analysing third-party data, the solution expands protection and detection across infrastructure that may fall outside of an organisation's core managed estate.

Complementing this extension, CrowdStrike has also introduced a series of enhancements to its Falcon platform. These include Charlotte AI Agentic Detection Triage for identity threats, capabilities for critical infrastructure through Falcon for XIoT, and broader managed detection and response features within Falcon Complete supported by Charlotte AI.

The security firm detailed several key aspects of its updated offering. Among them is expert-led threat hunting 24/7, now integrating with first-party endpoint, identity and cloud data alongside third-party systems. This attributes to greater coverage of unmanaged infrastructure frequently leveraged by threat actors.

An additional component is the introduction of User and Entity Behaviour Analytics (UEBA) and case management within Falcon Next-Gen SIEM. The system applies machine learning to user behaviour data in order to identify potential insider risks and adversaries. Features such as risk scoring, entity resolution and automation are included to help reduce false positives and speed up investigations by connecting activities across different datasets.

Another noted update is the integration between Falcon Identity Protection and Falcon Next-Gen SIEM. This combination is aimed at improving the detection and prioritisation of identity-based threats in real time, with automation functions for tasks such as disabling compromised accounts and enforcing multi-factor authentication via Falcon Fusion SOAR.

CrowdStrike has also introduced its Pulse Services, which are designed to help customers achieve security operations centre (SOC) transformation. Pulse Services are described as modular and expert-led engagements covering areas such as ransomware readiness, high-value asset protection and cyber resilience strategies.

The company noted that these engagements are intended to enhance operational resilience and assist teams in improving their response to incidents.

The Falcon platform, utilising the CrowdStrike Security Cloud and artificial intelligence, leverages indicators of attack, threat intelligence and telemetry from across an organisation to enable detection, protection, threat hunting and vulnerability observability.

The firm referenced adversary groups such as FAMOUS CHOLLIMA, known for embedding malicious insiders, and OPERATOR PANDA, which has targeted unmanaged infrastructure and niche systems. According to CrowdStrike, these examples reflect the need for visibility and detection that extends into environments traditional tools may not reach.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Kinetics Group expands IT services with OutSource merger
Varonis unveils AI Shield to defend sensitive data in real time
APAC CIOs face cyber threats despite rising security spend
Experts urge strong identity measures as password risks grow
Waratek names Rimini Street exclusive Pinnacle Partner globally
Top stories
Arctic Wolf doubles warranty to USD $3 million with new AI engine
Arctic Wolf & Anthropic to develop autonomous AI cyber SOCs
Arctic Wolf launches Cipher, AI-powered security assistant beta
BeyondTrust unveils free assessment to expose hidden identity risks
World Password Day reminds us: It’s time to rethink access security