CrowdStrike (NASDAQ: CRWD) announced Falcon OverWatch for Defender, a managed threat hunting service designed for organizations using Microsoft Defender endpoint security software.

The service provides continuous monitoring and expert-led threat hunting to identify sophisticated attacks that automated detection systems might miss. CrowdStrike's threat hunters analyze endpoint data from Microsoft Defender deployments to detect malware-free attacks and other evasive techniques.

"Today's attacks are stealthy, fast-moving, and designed to evade detection, making expert-led threat hunting essential," said Adam Meyers, head of counter adversary operations at CrowdStrike.

According to CrowdStrike's 2026 Global Threat Report, 82% of detections in 2025 were malware-free, with adversaries increasingly using legitimate tools and trusted identities to avoid detection. The company reports that some attacks can achieve breakout times as fast as 27 seconds.

The service leverages CrowdStrike's intelligence on over 280 threat groups and uses artificial intelligence to analyze up to 6.2 trillion events per day across its customer base. The company claims the service can reduce alert volume by up to 500 times with 98% true positives and up to 95% reduction in threat hunting staffing costs.

Falcon OverWatch for Defender builds on CrowdStrike's existing support for Microsoft environments, following the previous launch of Falcon Next-Gen SIEM for Defender. The service operates alongside existing Microsoft Defender protections without requiring replacement of current endpoint security infrastructure.

CrowdStrike is not affiliated with Microsoft Corporation, according to the company's statement.