defend-against-insider-threats-technical-case-studypdf.pdf (2 MB)

CrowdStrike’s case study links FAMOUS CHOLLIMA to insider-threat activity where trusted employees, contractors, or partners can abuse legitimate access to steal data or harm an organization. The excerpt emphasizes the detection challenge: these operators can bypass traditional controls because their activity originates from accounts and access paths that appear authorized. Falcon Adversary OverWatch is presented as combining endpoint telemetry with human-led analysis to identify FAMOUS CHOLLIMA insider activity quickly enough for customers to respond before serious damage occurs.