Executive Summary
For yet another year, OverWatch disrupted a record number of interactive intrusion attempts2 by identifying malicious activity early and stopping adversaries in their tracks. This report shares insights from OverWatch’s around-the-clock threat hunting from July 1, 2020 through June 30, 2021.
This year’s report starts with a close look at OverWatch’s extensive dataset covering observed interactive threat actor behaviors, which we will refer to in this report as “intrusion activity”. It uses this data to examine how threat actors are operating in victim environments, highlighting both rare and common techniques that adversaries are employing.
The mission of OverWatch is to augment the powerful autonomous protection of the Falcon platform with human expertise. With the combined power of human ingenuity and patent-protected work flows, OverWatch systematically sifts through 1 trillion daily events to find potential hands-on intrusions, on average 1 every 8 minutes.
OverWatch operates with speed and at scale to notify victim organizations of malicious activity in near real time, ensuring intrusion attempts that incorporate novel tradecraft are identified and disrupted before the breach.
