chat
expand_more

Announcing New Data Ingestion Integration for CrowdStrike Falcon Insight XDR

Discover how a new data ingestion integration from Abnormal Security and CrowdStrike helps organizations protect their data more efficiently while providing comprehensive visibility.
November 14, 2023

Protecting corporate data is essential for any organization. Endpoints and email are the two largest attack surfaces that need to be guarded against malicious activity. Unfortunately, most security products are not integrated, which makes responding quickly and effectively to threats a difficult task.

Abnormal Security and CrowdStrike have partnered together to develop an integration that can help organizations protect their data more efficiently—a data ingestion integration for CrowdStrike Falcon® Insight XDR extended detection and response. This integration allows security teams to consolidate email attacks, account takeovers, and identity-based incidents into comprehensive views for faster and better investigations so they can better protect their networks from sophisticated cyberattacks. Let’s take a closer look at the customer problems this integration is solving.

Why Organizations Must Protect Endpoints and Email

Email attacks are increasing in frequency and sophistication. The FBI Internet Crime Complaint Center (IC3) reported nearly $51 billion in exposed losses due to business email compromise (BEC) in 2022 alone. Additionally, Abnormal has seen attack volume double across our customer base. This data coupled with ‌new attack techniques like QR code phishing and the use of generative AI has security leaders concerned about vulnerabilities across their organizations. Attacks that initiate in email quickly have an endpoint impact. Per CrowdStrike, the average eCrime breakout time is now 79 minutes and the fastest observed breakout time is a mere 7 minutes.

Challenges Created By Unintegrated Security Products

When it comes to responding quickly and effectively to malicious activity, unintegrated security products can pose challenges. For too long, security solutions have remained in siloes, requiring analyst teams to stitch together context from their identity, email, and endpoint detection solutions in order to understand and remediate an attack. This lack of consolidation allows attackers to dwell undetected in email environments for far too long. This year, it took nearly 11 months (328 days) on average to identify and contain data breaches resulting from stolen or compromised credentials. In other words, organizations without integrated security solutions have no way of knowing that their data is potentially at risk until it’s too late.

Benefits of an Integrated Approach

Having the ability to detect malicious activity across endpoints, email, and networks is essential for comprehensive security. Without this capability, organizations are unable to gain full visibility into suspicious behavior which could lead them down a path of potential risks and threats that they may not even be aware of. By having all these different sources of data consolidated into one platform with integrated solutions such as Abnormal Security's integration with CrowdStrike Falcon® Insight XDR, organizations can now quickly detect suspicious activity and respond proactively with confidence.

It is important for organizations to understand the importance of integrating their security solutions in order to protect against attack vectors across multiple systems and platforms. With an integrated approach, teams can better monitor their environment while automating processes so they can react quickly should a threat arise.

The Abnormal + CrowdStrike Solution

In March 2023, Abnormal and CrowdStrike announced our mission and strategic partnership to give security teams better protection from sophisticated identity, endpoint, and email attacks. The initial bi-directional integration between Abnormal’s Email Account Takeover Protection and the CrowdStrike Falcon® Identity Threat Protection product helps security teams correlate meaningful events across identity, endpoint, and email solutions, and respond quickly to incidents in progress.

Abnormal and CrowdStrike are continuing to build on this strategic partnership by launching a new XDR integration—Abnormal Security Data Ingestion for Falcon Insight XDR, available now in the CrowdStrike Marketplace. This integration allows teams to easily consolidate email attacks, account takeovers, and identity-based incidents into comprehensive views in order to quickly detect and respond to threats.

How it Works

Security analysts can trigger or enhance their XDR workflows with email events, user-reported phishing emails, and vendor events detected by Abnormal Security. These allow security teams to surface, enhance, correlate, and automatically take actions on signals from the Abnormal platform.

An example of how this integration can be leveraged is to identify if end-users interacted with malicious URLs. Through Abnormal, security teams can extract payload information, such as links, that are part of malicious messages–even if these links are encoded within QR codes.

With the XDR integration, analysts can trigger CrowdStrike Falcon® Fusion automated workflows to correlate this information with other security solutions, such as EDR platforms, web proxies, or CASB solutions, to see if any users accessed the malicious URL. Using the XDR platform, it is possible to use features such as URL filtering and policy-based controls available in CASB solutions to block these malicious URLs across the organization.

Without this type of integration, security teams need to manually inspect siloed solutions and take actions across multiple platforms. With XDR, they can automate the collection of events and correlate these across multiple platforms in the security stack.

By combining Abnormal Security’s intelligence with CrowdStrike’s XDR solution, organizations can now benefit from faster incident detection times while reducing false positives due to better consolidation of information across multiple sources within one platform – resulting in enhanced threat visibility for improved protection against malicious actors.

Interested in learning more? Schedule a demo today!

Schedule a Demo
Announcing New Data Ingestion Integration for CrowdStrike Falcon Insight XDR

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More