One More Week for MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Someone to Watch Over You: A Review of CrowdStrike’s Falcon OverWatch

  • Tuesday, November 19, 2019 at 1:00 PM EST (2019-11-19 18:00:00 UTC)
  • Joe Sullivan, Scott Taschler


  • CrowdStrike, Inc.

You can now attend the webcast using your mobile device!



Threat hunting is a key function of any successful security operation, leveraging knowledge of attacker techniques, sources of threat intelligence, access to deep and broad telemetry, and round-the-clock vigilance to see and stop the most advanced attacks. Falcon OverWatch provides a team of expert threat hunters to uncover threats that can get past automated, machine-driven detection. This team engages on-premises security teams in real time, enabling response before the threats become full-on-breaches.

In this webcast, Joe Sullivan reviews OverWatch and how it responds to credential theft, lateral movement and defense evasion incidents. Specifically, attendees at this webcast will learn about:

  • Ways in which OverWatch can help organizations overcome threat hunting staffing concerns
  • How OverWatch can provide threat detection earlier in the attack flow, making incident response faster and more effective
  • How the feedback loop established between organizations and the OverWatch team works to address threats in real time

Register for this webcast to be among the first to receive the associated review written by SANS analyst Joe Sullivan.

Speaker Bios

Joe Sullivan

Joe Sullivan is a SANS community instructor for SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling, MGT512: Security Leadership Essentials For Managers and MGT514: Security Strategic Planning, Policy, and Leadership. He uses his knowledge and experience as a 20-year information security veteran to inform his teaching and writing. Joe is the principal security strategist for Crossroads Information Security and formerly served as the CISO for a privately held bank. He holds the GCFE, GCIH, GSTRT and CISSP certifications, as well as numerous other industry certifications.

Scott Taschler

Scott Taschler is a 20+ year veteran of the cyber security industry, with a strong focus on optimizing workflows in the security operations center. In his current role as Director of Product Marketing for CrowdStrike, Scott works with organizations all around the globe to understand the biggest barriers to productivity, and to drive thought leadership on optimizing incident response and threat hunting. Prior to CrowdStrike, Scott spent 14 years as a technical leader and Principal Engineer, gaining deep expertise in SIEM, incident response, threat intelligence and other building blocks to a successful SOC. Scott is based in Minneapolis, MN.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.