CrowdStrike has introduced Falcon OverWatch for Defender, which extends its managed threat hunting capabilities to organizations utilizing Microsoft endpoint security solutions. This new offering aims to enhance security outcomes for Microsoft Defender users by providing advanced visibility, real-time detection, and continuous expert monitoring to identify and neutralize sophisticated threats.

The introduction of Falcon OverWatch for Defender addresses the limitations of automated detections within Microsoft Defender environments, which, according to CrowdStrike, can leave vulnerabilities susceptible to exploitation by AI-accelerated adversaries. CrowdStrike asserts that its continuous, expert-led hunting closes these gaps, preventing threats from escalating. This development follows CrowdStrike’s ongoing support for Microsoft environments, including the prior launch of Falcon Next-Gen SIEM for Defender.

Adam Meyers, head of counter adversary operations at CrowdStrike, emphasized the necessity of expert-led threat hunting due to the stealthy and fast-moving nature of contemporary attacks designed to evade detection. “OverWatch for Defender extends proven threat hunting to Microsoft environments, delivering the security outcome customers need most: stopping the breach,” Meyers stated. The CrowdStrike 2026 Global Threat Report indicates that 82% of detections in 2025 were malware-free, highlighting a trend where adversaries increasingly use AI, trusted identities, and legitimate tools to accelerate attacks and blend into normal activity. With adversary breakout times potentially as fast as 27 seconds, alert-driven approaches alone are often insufficient to keep pace with these evolving threats.

Falcon OverWatch for Defender is designed to uncover subtle attack patterns, escalate high-confidence threats, and guide response actions without disrupting existing protections. Key features include adversary intelligence-driven hunting, where CrowdStrike’s threat hunters leverage intelligence on over 280 sophisticated groups to deliver high-confidence detections. The platform also employs AI-powered threat hunting at machine speed and scale, with the OverWatch team analyzing up to 6.2 trillion events daily using patented AI and proprietary detection patterns. Furthermore, the “Power of the Crowd” aspect enables OverWatch to apply new techniques identified across CrowdStrike’s global customer base to other environments, enhancing early detection and response.

Customer results for Falcon OverWatch have demonstrated significant benefits, including a reduction in alert volume by up to 500 times, a 98% true positive rate, and up to a 95% reduction in threat hunting staffing costs. These proven outcomes are now being extended to Microsoft Defender customers through Falcon OverWatch for Defender.