A Year With CrowdStrike: Empowering Defenses and Driving Change

A year ago, we launched a strategic partnership with CrowdStrike, aiming to enhance protection against email and endpoint attacks for our shared customers. This integration has proven to be highly beneficial, delivering comprehensive security, reduced cost, improved operational efficiency, and enhanced threat detection capabilities. Let's reflect on some of the biggest milestones achieved in the first year of this partnership.

Email and endpoint devices are prime targets for cybercriminals, leading to significant financial and reputational damage for organizations. Just one attack type—socially-engineered business email compromise attacks—has accounted for over $54B in exposed losses since 2013, with nearly $3 billion in actual losses last year alone, according to the 2023 IC3 Report.

Attackers are continually evolving their tactics, launching sophisticated, socially-engineered email attacks and account takeovers that often go undetected by traditional security measures. In the last year, this has been exacerbated by attackers using Generative AI to scale hyper-personalized attacks, uniquely taking advantage of human trust in digital communication.

Security teams also face challenges due to fragmented solutions that lack integration, forcing them to manually analyze thousands of alerts with disjointed security data or attempt to integrate systems themselves. It can take hours of focused work to normalize data between security tools before an analyst can even make thoughtful discoveries about indicators of attack. Not only does this take time, but this tangential work distracts analysts from their core mission of defending the organization.

To address this issue, Abnormal and CrowdStrike formed a bi-directional integration offering two key components:

• Data integration to normalize information, with shared threat and attack data between consoles, for quick access to necessary information when and where it is needed.

• Connected detection and response for compromised accounts and ongoing attacks impacting email platforms and endpoints.

The initial integration was created between Abnormal’s Email Account Takeover Protection and CrowdStrike’s Identity Threat Protection products to help security teams correlate meaningful events across identity, endpoint, and email solutions and respond quickly to incidents in progress. Security teams quickly saw value in the bi-directional integration, improving investigation speed and attack response time.

This partnership is unique in that Abnormal and CrowdStrike both leverage the power of machine learning to flag anomaly detections based on normal behavioral patterns, which enables the detection of more sophisticated attacks, including those generated by AI. Abnormal’s human behavior AI adds deep understanding to each individual associated with an organization, whether internal or a third-party vendor, and uses that business context to determine anomalous and malicious activity. This understanding enriches case timelines to give an analyst a more complete picture of ongoing attacks.

Last November, we continued to build on this partnership ‌by launching a new XDR integration—Abnormal Security Data Ingestion for CrowdStrike Falcon Insight XDR. This integration allows teams to easily consolidate email attacks, account takeovers, and identity-based incidents into comprehensive views in order to quickly detect and respond to threats. Joint customers have benefited greatly from this integration, saving hours of internal security teams’ time and allowing them to focus on more pressing concerns.

In the past year, customers have seen the difference in their security posture as a result of the Abnormal and CrowdStrike partnership.

“The enhanced, integrated offerings from CrowdStrike and Abnormal further strengthen our security infrastructure and quickly orchestrate responses. These solutions provide enhanced protection for our organization as well as significant time savings and process efficiencies.” —Drew Robertson, Chief Information Security Officer, Finance of America Companies

“The Falcon platform has become the center of gravity for the critical security data needed to stop breaches. The partnership with Abnormal and CrowdStrike delivers industry-leading AI-powered protection to a growing number of customers. The powerful combination of the AI-native innovations of the Falcon platform and the human-behavior AI of Abnormal’s Email Account Takeover Protection delivers the high-fidelity detections that organizations need to detect and stop sophisticated attacks.”
– Amanda Adams, VP Americas Alliances, CrowdStrike

Looking forward, Abnormal and CrowdStrike will continue our joint focus to protect customers and make life easier for security analysts. The problems and pains for security teams aren’t going to dissipate. Endpoints and email will continue to be significant attack surfaces, and threats targeting employees will grow and evolve. Analysts will still have too many alerts from disparate tools. We’re working to do our part to streamline processes and alleviate manual efforts where we can.

Together, we will continue to provide high-fidelity alerts and information with context and correlation to help security analysts separate signals from noise - making more informed decisions to protect their businesses.

Interested in learning more about how Abnormal + CrowdStrike can improve your security posture? Schedule a Demo today!