Boardroom Insight

Consulting Sector News and Trends

CrowdStrike upgrades its managed threat hunting service with third-party data

CrowdStrike has introduced a new version of its managed threat hunting service that uses data from third-party software to detect cyberattacks.

CrowdStrike, one of the world’s largest cybersecurity companies, provides a platform called Falcon that helps enterprises identify and remediate breaches. The software vendor also offers a portfolio of professional services. Those offerings help clients with tasks such as hardening the configuration of their cloud environments.

In 2016, CrowdStrike launched a managed threat hunting service called Falcon OverWatch. A company that signs up can have the vendor’s professionals analyze cybersecurity data from its systems to identify malicious activity. After CrowdStrike uncovers a cyberattack, it gathers data about the incident that the affected organization can use to strengthen its cyber defenses. 

At the recently concluded RSA 2025 Conference, CrowdStrike debuted a new version of the service called Falcon Adversary OverWatch Next-Gen SIEM. Previously, the service used breach signals collected by CrowdStrike’s Falcon cybersecurity platform to detect cyberattacks. Thanks to the upgrade, it can also use third-party SIEM information. This information can come from sources such as edge devices, software-as-a-service applications and email security tools. The service is also capable of pulling data from the identity and access management tools that enterprises use to control how employees log into business applications.

CrowdStrike collects the third-party data using a component of its Falcon platform called Falcon Next-Gen SIEM. According to the company, the tool can aggregate up to one petabyte of data per day from a company’s containers, websites and other sources. It also timestamps and validates the data to prepare it for analysis.

Numerous cybersecurity consultancies offer MDR, or managed detection and response, services that promise to help enterprises respond to breaches more effectively. An MDR service allows a company to outsource much of the work involved in remediating cyberattacks. CrowdStrike’s newly upgraded threat hunting service also offloads key cybersecurity tasks from customers’ in-house IT teams, but the cybersecurity firm says that it has a different value proposition than MDR offerings.

CrowdStrike Chief Business Officer Daniel Bernard

“This is very different from managed detection and response (MDR) services,” CrowdStrike Chief Business Officer Daniel Bernard told Boardroom Insight. “Rather than competing with professional services partners who offer MDR, we see this innovation as a major opportunity to enhance partner offerings. Many partners and IT consultancies already rely on CrowdStrike’s OverWatch threat hunting to power their own MDR and managed services.”

According to the company, the data that OverWatch collects about hacker activity can help consulting partners enhance their MDR offerings. CrowdStrike tracks more than 200 hacker groups worldwide. When an OverWatch customer experiences a breach, the company’s professionals investigate whether one of those hacker groups may be behind the incident. The company says it can trace a cyberattack to a specific threat actor even when the hackers use previously unseen tactics.

“We have unique adversary expertise to share with the community – how they attack, where they attack from and how they move laterally across environments toward high-value targets post-exploitation,” Bernard elaborated. “Extending OverWatch visibility to the growing number of IT and security tools that today’s organizations use helps MDR and managed services providers deliver even stronger outcomes to their customers.”

The introduction of Falcon Adversary OverWatch Next-Gen SIEM comes a few weeks after CrowdStrike launched a new services partner program. It’s designed to help managed cybersecurity providers and other partners adopt Falcon Next-Gen SIEM, the technology that Falcon Adversary OverWatch Next-Gen SIEM uses to ingest third-party cybersecurity data. Participants will receive access to training, tools and other resources. “CrowdStrike remains committed to our partner-first strategy – empowering services providers to differentiate, consolidate and grow their practices using the CrowdStrike Falcon platform and our industry-leading threat intelligence at their core,” Bernard said.

text

text