Combining the Power of Behavioral AI with Industry-Leading XDR Capabilities

CrowdStrike and Abnormal share a common mission to prevent cybercrime and make the connected cloud a safer place for business. Learn how CrowdStrike and Abnormal work together to deliver behavior-based detection of anomalous user activity across endpoint, identity, and email systems — empowering security analysts to take swift action to remediate even the most complex attacks.

Security Teams Shouldn't Have To Stitch Their Solutions Together

Organizations face relentless email attack campaigns that bypass traditional security solutions and laterally spread across endpoints, cloud, and network assets. To stop these complex attacks, security analysts today must manually build a timeline of attacker activity across siloed security data in order to make meaningful judgments. When an adversary may take just 84 minutes to move from the initial compromise entry point to another host, security analysts need automated solutions that facilitate fast detection, triage, and remediation.

CrowdStrike + Abnormal

With CrowdStrike and Abnormal working together, security analysts can holistically determine whether an identity is behaving normally through continuous behavior analysis from email content, activity, and endpoint monitoring—breaking down siloed views. If a compromise is detected, even if the initial compromise did not occur through email, analysts can act quickly to remediate the connected email account, stopping attacks in progress and mitigating the risk of spreading through lateral phishing.

Integration Features

Discover and Remediate Compromised Email Accounts and Endpoints

When CrowdStrike detects a potential incident, such as a privileged user with failed authentication attempts signing in from a new location, CrowdStrike will trigger Abnormal to generate an Account Takeover (ATO) case for further investigation.

Enrich CrowdStrike Detection with Email Account Takeover Signals

When Abnormal detects a potentially compromised email account, CrowdStrike will automatically add the account to a Watched Users list. Security analysts may configure Falcon Fusion workflows for Watched Users that automate response actions to mitigate downstream risk of email account takeovers, such as enforcing multifactor authentication.

Enhance Threat Detections with XDR Ingestion

Seamlessly ingest Abnormal’s advanced email attack detections into the CrowdStrike platform to improve cross-domain visibility of email-based attacks. This integration ingests key indicators about Abnormal attack detections from Threat Log, alerts of new, potentially compromised vendors in Vendor Cases, and user-reported phishing emails within Abuse Mailbox Automation.

Discover and Remediate Compromised Email Accounts and Endpoints

Only Abnormal and CrowdStrike can tie together a consolidated view of employee behavior across endpoint, Active Directory, and email solutions—empowering high-fidelity, cross-functional security investigations.

Faster, More Effective Response with Abnormal and CrowdStrike

AI-Based Threat Detection

Identify when user activity deviates from behavioral baselines.

Enriched Context for Security Investigations

Merge risk signals from identity, endpoint and email tools in one solution.

Automated Response Playbooks

Take swift action to mitigate risks once threats are detected.
“Comfort Systems USA builds, supports, and maintains our customers’ most critical building systems. I'm excited to see Abnormal Security and CrowdStrike working together to protect our employees against the types of attacks traditional solutions often fail to detect. With the ability to correlate user behavior events across endpoint, email, and authentication sources, our security team can quickly uncover account takeover attacks and take preventative measures.”
Christopher Chambers, Vice President of Information Security at Comfort Systems USA

Deployment Outcomes

Uncovers compromised endpoints and email account takeover attacks that traditional security solutions often fail to detect.
Increases operational productivity by breaking down data silos and correlating endpoint, identity, and email events into consolidated views.
Accelerates incident response with automated response workflows that stop lateral movement and downstream risks.

Combine the Power of Behavioral AI with Industry-Leading Detection and Response

The CrowdStrike and Abnormal integration is currently available to select joint customers. Register now to see how it works and join the waitlist.
Request a Demo
Request a Demo

Related Resources