A Year With CrowdStrike: Empowering Defenses and Driving Change

Discover the biggest milestones achieved in the first year of the Abnormal and CrowdStrike partnership and how we are helping joint customers improve their security posture with AI-powered technology.
March 29, 2024

A year ago, we launched a strategic partnership with CrowdStrike, aiming to enhance protection against email and endpoint attacks for our shared customers. This integration has proven to be highly beneficial, delivering comprehensive security, reduced cost, improved operational efficiency, and enhanced threat detection capabilities. Let's reflect on some of the biggest milestones achieved in the first year of this partnership.

The Evolution of Email + Endpoint Threats

Email and endpoint devices are prime targets for cybercriminals, leading to significant financial and reputational damage for organizations. Just one attack type—socially-engineered business email compromise attacks—has accounted for over $54B in exposed losses since 2013, with nearly $3 billion in actual losses last year alone, according to the 2023 IC3 Report.

Attackers are continually evolving their tactics, launching sophisticated, socially-engineered email attacks and account takeovers that often go undetected by traditional security measures. In the last year, this has been exacerbated by attackers using Generative AI to scale hyper-personalized attacks, uniquely taking advantage of human trust in digital communication.

Security teams also face challenges due to fragmented solutions that lack integration, forcing them to manually analyze thousands of alerts with disjointed security data or attempt to integrate systems themselves. It can take hours of focused work to normalize data between security tools before an analyst can even make thoughtful discoveries about indicators of attack. Not only does this take time, but this tangential work distracts analysts from their core mission of defending the organization.

Comprehensive Protection with Abnormal + CrowdStrike

To address this issue, Abnormal and CrowdStrike formed a bi-directional integration offering two key components:

  • Data integration to normalize information, with shared threat and attack data between consoles, for quick access to necessary information when and where it is needed.

  • Connected detection and response for compromised accounts and ongoing attacks impacting email platforms and endpoints.

The initial integration was created between Abnormal’s Email Account Takeover Protection and CrowdStrike’s Identity Threat Protection products to help security teams correlate meaningful events across identity, endpoint, and email solutions and respond quickly to incidents in progress. Security teams quickly saw value in the bi-directional integration, improving investigation speed and attack response time.

This partnership is unique in that Abnormal and CrowdStrike both leverage the power of machine learning to flag anomaly detections based on normal behavioral patterns, which enables the detection of more sophisticated attacks, including those generated by AI. Abnormal’s human behavior AI adds deep understanding to each individual associated with an organization, whether internal or a third-party vendor, and uses that business context to determine anomalous and malicious activity. This understanding enriches case timelines to give an analyst a more complete picture of ongoing attacks.

Enhanced Detection with Falcon Insight XDR Integration

Last November, we continued to build on this partnership ‌by launching a new XDR integration—Abnormal Security Data Ingestion for CrowdStrike Falcon Insight XDR. This integration allows teams to easily consolidate email attacks, account takeovers, and identity-based incidents into comprehensive views in order to quickly detect and respond to threats. Joint customers have benefited greatly from this integration, saving hours of internal security teams’ time and allowing them to focus on more pressing concerns.

Our Customers Are Seeing the Difference

In the past year, customers have seen the difference in their security posture as a result of the Abnormal and CrowdStrike partnership.

“The enhanced, integrated offerings from CrowdStrike and Abnormal further strengthen our security infrastructure and quickly orchestrate responses. These solutions provide enhanced protection for our organization as well as significant time savings and process efficiencies.” —Drew Robertson, Chief Information Security Officer, Finance of America Companies
“The Falcon platform has become the center of gravity for the critical security data needed to stop breaches. The partnership with Abnormal and CrowdStrike delivers industry-leading AI-powered protection to a growing number of customers. The powerful combination of the AI-native innovations of the Falcon platform and the human-behavior AI of Abnormal’s Email Account Takeover Protection delivers the high-fidelity detections that organizations need to detect and stop sophisticated attacks.”
– Amanda Adams, VP Americas Alliances, CrowdStrike

What’s Next

Looking forward, Abnormal and CrowdStrike will continue our joint focus to protect customers and make life easier for security analysts. The problems and pains for security teams aren’t going to dissipate. Endpoints and email will continue to be significant attack surfaces, and threats targeting employees will grow and evolve. Analysts will still have too many alerts from disparate tools. We’re working to do our part to streamline processes and alleviate manual efforts where we can.

Together, we will continue to provide high-fidelity alerts and information with context and correlation to help security analysts separate signals from noise - making more informed decisions to protect their businesses.

Interested in learning more about how Abnormal + CrowdStrike can improve your security posture? Schedule a Demo today!

A Year With CrowdStrike: Empowering Defenses and Driving Change

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B 07 22 24 MKT624 Images for Paris Olympics Blog
Threat actors are targeting French businesses ahead of the Paris 2024 Olympics. Learn how they're capitalizing on the event and how to protect your organization.
Read More
B Cross Platform ATO
Cross-platform account takeover is an attack where one compromised account is used to access other accounts. Learn about four real-world examples: compromised email passwords, hijacked GitHub accounts, stolen AWS credentials, and leaked Slack logins.
Read More
B Why MFA Alone Will No Longer Suffice
Explore why account takeover attacks pose a major threat to enterprises and why multi-factor authentication (MFA) alone isn't enough to prevent them.
Read More
Learn how Abnormal uses natural language processing or NLP to protect organizations from phishing, account takeovers, and more.
Read More
B DK Compromise 7 11 24
Discover the top five ways hackers compromise accounts, from exploiting leaked API credentials to SIM swapping partnerships, and more. Learn how these techniques enable account takeover (ATO) and pose risks to enterprises.
Read More
B Sans Recap 7 11 24
Discover trends among modern SOC teams, including misaligned budgets, increased automation, unsatisfactory AI tools, staffing issues, and more.
Read More