At RSA 2025, CrowdStrike introduced a major expansion of its Falcon Adversary OverWatch service, enabling expert-managed threat hunting across third-party data through Falcon Next-Gen SIEM. The new capability addresses a longstanding security gap by extending 24/7 detection and response beyond traditional endpoints, identity systems, and cloud environments into unmanaged attack surfaces like edge devices, firewalls, and VPNs. CrowdStrike aims to deliver faster breach detection and broader visibility to stop lateral adversary movements that often go undetected in siloed environments.
The Falcon Next-Gen SIEM platform also adds new user behavior analytics (UEBA), case management capabilities, and tighter integration with Falcon Identity Protection, creating a unified approach to stopping insider threats and identity-based attacks. Powered by the AI-native Falcon platform, the enhanced solution promises real-time intelligence, automated threat response, and comprehensive coverage across all data sources. CrowdStrike also announced Pulse Services, a modular consulting offering designed to help customers strengthen SOC resiliency and reduce active risk.
- Falcon Adversary OverWatch now performs 24/7 expert-led threat hunting across third-party data ingested by Falcon Next-Gen SIEM.
- Unmanaged infrastructure such as edge devices, VPNs, and firewalls are now part of CrowdStrike’s managed threat coverage.
- UEBA and case management in Falcon Next-Gen SIEM use machine learning for insider threat detection, entity resolution, and automated investigations.
- Falcon Identity Protection integrates with Next-Gen SIEM and Falcon Fusion SOAR to automate real-time responses to identity-based threats.
- Pulse Services offer targeted consulting engagements for ransomware readiness, cyber resiliency, and high-value asset protection.
- Powered by the AI-native CrowdStrike Falcon platform to unify native and third-party data, threat intelligence, and machine-speed automation.
“With OverWatch now hunting across third-party data, we’re eliminating the blind spots that adversaries rely on, delivering unified visibility, expert-led detection and the early insight needed to stop breaches,” said Adam Meyers, head of counter adversary operations at CrowdStrike.