Announcing New Data Ingestion Integration for CrowdStrike Falcon Insight XDR

Protecting corporate data is essential for any organization. Endpoints and email are the two largest attack surfaces that need to be guarded against malicious activity. Unfortunately, most security products are not integrated, which makes responding quickly and effectively to threats a difficult task.

Abnormal Security and CrowdStrike have partnered together to develop an integration that can help organizations protect their data more efficiently—a data ingestion integration for CrowdStrike Falcon® Insight XDR extended detection and response. This integration allows security teams to consolidate email attacks, account takeovers, and identity-based incidents into comprehensive views for faster and better investigations so they can better protect their networks from sophisticated cyberattacks. Let’s take a closer look at the customer problems this integration is solving.

Email attacks are increasing in frequency and sophistication. The FBI Internet Crime Complaint Center (IC3) reported nearly $51 billion in exposed losses due to business email compromise (BEC) in 2022 alone. Additionally, Abnormal has seen attack volume double across our customer base. This data coupled with ‌new attack techniques like QR code phishing and the use of generative AI has security leaders concerned about vulnerabilities across their organizations. Attacks that initiate in email quickly have an endpoint impact. Per CrowdStrike, the average eCrime breakout time is now 79 minutes and the fastest observed breakout time is a mere 7 minutes.

When it comes to responding quickly and effectively to malicious activity, unintegrated security products can pose challenges. For too long, security solutions have remained in siloes, requiring analyst teams to stitch together context from their identity, email, and endpoint detection solutions in order to understand and remediate an attack. This lack of consolidation allows attackers to dwell undetected in email environments for far too long. This year, it took nearly 11 months (328 days) on average to identify and contain data breaches resulting from stolen or compromised credentials. In other words, organizations without integrated security solutions have no way of knowing that their data is potentially at risk until it’s too late.

Having the ability to detect malicious activity across endpoints, email, and networks is essential for comprehensive security. Without this capability, organizations are unable to gain full visibility into suspicious behavior which could lead them down a path of potential risks and threats that they may not even be aware of. By having all these different sources of data consolidated into one platform with integrated solutions such as Abnormal Security's integration with CrowdStrike Falcon® Insight XDR, organizations can now quickly detect suspicious activity and respond proactively with confidence.

It is important for organizations to understand the importance of integrating their security solutions in order to protect against attack vectors across multiple systems and platforms. With an integrated approach, teams can better monitor their environment while automating processes so they can react quickly should a threat arise.

In March 2023, Abnormal and CrowdStrike announced our mission and strategic partnership to give security teams better protection from sophisticated identity, endpoint, and email attacks. The initial bi-directional integration between Abnormal’s Email Account Takeover Protection and the CrowdStrike Falcon® Identity Threat Protection product helps security teams correlate meaningful events across identity, endpoint, and email solutions, and respond quickly to incidents in progress.

Abnormal and CrowdStrike are continuing to build on this strategic partnership by launching a new XDR integration—Abnormal Security Data Ingestion for Falcon Insight XDR, available now in the CrowdStrike Marketplace. This integration allows teams to easily consolidate email attacks, account takeovers, and identity-based incidents into comprehensive views in order to quickly detect and respond to threats.

Security analysts can trigger or enhance their XDR workflows with email events, user-reported phishing emails, and vendor events detected by Abnormal Security. These allow security teams to surface, enhance, correlate, and automatically take actions on signals from the Abnormal platform.

An example of how this integration can be leveraged is to identify if end-users interacted with malicious URLs. Through Abnormal, security teams can extract payload information, such as links, that are part of malicious messages–even if these links are encoded within QR codes.

With the XDR integration, analysts can trigger CrowdStrike Falcon® Fusion automated workflows to correlate this information with other security solutions, such as EDR platforms, web proxies, or CASB solutions, to see if any users accessed the malicious URL. Using the XDR platform, it is possible to use features such as URL filtering and policy-based controls available in CASB solutions to block these malicious URLs across the organization.

Without this type of integration, security teams need to manually inspect siloed solutions and take actions across multiple platforms. With XDR, they can automate the collection of events and correlate these across multiple platforms in the security stack.

By combining Abnormal Security’s intelligence with CrowdStrike’s XDR solution, organizations can now benefit from faster incident detection times while reducing false positives due to better consolidation of information across multiple sources within one platform – resulting in enhanced threat visibility for improved protection against malicious actors.

Interested in learning more? Schedule a demo today!