Announcing New Data Ingestion Integration for CrowdStrike Falcon Insight XDR

Discover how a new data ingestion integration from Abnormal Security and CrowdStrike helps organizations protect their data more efficiently while providing comprehensive visibility.
November 14, 2023

Protecting corporate data is essential for any organization. Endpoints and email are the two largest attack surfaces that need to be guarded against malicious activity. Unfortunately, most security products are not integrated, which makes responding quickly and effectively to threats a difficult task.

Abnormal Security and CrowdStrike have partnered together to develop an integration that can help organizations protect their data more efficiently—a data ingestion integration for CrowdStrike Falcon® Insight XDR extended detection and response. This integration allows security teams to consolidate email attacks, account takeovers, and identity-based incidents into comprehensive views for faster and better investigations so they can better protect their networks from sophisticated cyberattacks. Let’s take a closer look at the customer problems this integration is solving.

Why Organizations Must Protect Endpoints and Email

Email attacks are increasing in frequency and sophistication. The FBI Internet Crime Complaint Center (IC3) reported nearly $51 billion in exposed losses due to business email compromise (BEC) in 2022 alone. Additionally, Abnormal has seen attack volume double across our customer base. This data coupled with ‌new attack techniques like QR code phishing and the use of generative AI has security leaders concerned about vulnerabilities across their organizations. Attacks that initiate in email quickly have an endpoint impact. Per CrowdStrike, the average eCrime breakout time is now 79 minutes and the fastest observed breakout time is a mere 7 minutes.

Challenges Created By Unintegrated Security Products

When it comes to responding quickly and effectively to malicious activity, unintegrated security products can pose challenges. For too long, security solutions have remained in siloes, requiring analyst teams to stitch together context from their identity, email, and endpoint detection solutions in order to understand and remediate an attack. This lack of consolidation allows attackers to dwell undetected in email environments for far too long. This year, it took nearly 11 months (328 days) on average to identify and contain data breaches resulting from stolen or compromised credentials. In other words, organizations without integrated security solutions have no way of knowing that their data is potentially at risk until it’s too late.

Benefits of an Integrated Approach

Having the ability to detect malicious activity across endpoints, email, and networks is essential for comprehensive security. Without this capability, organizations are unable to gain full visibility into suspicious behavior which could lead them down a path of potential risks and threats that they may not even be aware of. By having all these different sources of data consolidated into one platform with integrated solutions such as Abnormal Security's integration with CrowdStrike Falcon® Insight XDR, organizations can now quickly detect suspicious activity and respond proactively with confidence.

It is important for organizations to understand the importance of integrating their security solutions in order to protect against attack vectors across multiple systems and platforms. With an integrated approach, teams can better monitor their environment while automating processes so they can react quickly should a threat arise.

The Abnormal + CrowdStrike Solution

In March 2023, Abnormal and CrowdStrike announced our mission and strategic partnership to give security teams better protection from sophisticated identity, endpoint, and email attacks. The initial bi-directional integration between Abnormal’s Email Account Takeover Protection and the CrowdStrike Falcon® Identity Threat Protection product helps security teams correlate meaningful events across identity, endpoint, and email solutions, and respond quickly to incidents in progress.

Abnormal and CrowdStrike are continuing to build on this strategic partnership by launching a new XDR integration—Abnormal Security Data Ingestion for Falcon Insight XDR, available now in the CrowdStrike Marketplace. This integration allows teams to easily consolidate email attacks, account takeovers, and identity-based incidents into comprehensive views in order to quickly detect and respond to threats.

How it Works

Security analysts can trigger or enhance their XDR workflows with email events, user-reported phishing emails, and vendor events detected by Abnormal Security. These allow security teams to surface, enhance, correlate, and automatically take actions on signals from the Abnormal platform.

An example of how this integration can be leveraged is to identify if end-users interacted with malicious URLs. Through Abnormal, security teams can extract payload information, such as links, that are part of malicious messages–even if these links are encoded within QR codes.

With the XDR integration, analysts can trigger CrowdStrike Falcon® Fusion automated workflows to correlate this information with other security solutions, such as EDR platforms, web proxies, or CASB solutions, to see if any users accessed the malicious URL. Using the XDR platform, it is possible to use features such as URL filtering and policy-based controls available in CASB solutions to block these malicious URLs across the organization.

Without this type of integration, security teams need to manually inspect siloed solutions and take actions across multiple platforms. With XDR, they can automate the collection of events and correlate these across multiple platforms in the security stack.

By combining Abnormal Security’s intelligence with CrowdStrike’s XDR solution, organizations can now benefit from faster incident detection times while reducing false positives due to better consolidation of information across multiple sources within one platform – resulting in enhanced threat visibility for improved protection against malicious actors.

Interested in learning more? Schedule a demo today!

Schedule a Demo
Announcing New Data Ingestion Integration for CrowdStrike Falcon Insight XDR

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B Complex Case of Account Compromise Blog
Discover how Abnormal helped one organization detect the sophisticated tactics an attacker used to compromise an employee's email account.
Read More
B Cross Platform Account Takeover
Discover the dangers of cross-platform account takeover, the challenges of detecting this attack, and how to implement proactive protection against ATO.
Read More
B 5 17 24 Legal
Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.
Read More
B Cybersecurity Influencers Blog 2024
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 15 innovative and influential thought leaders on social media.
Read More
B 5 13 24 Docusign
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams.
Read More
Abnormal employees honored as CRN 2024 Women of the Channel for their influential leadership in the tech industry.
Read More