Combining the Power of Behavioral AI with Industry-Leading EDR Capabilities

Abnormal and CrowdStrike complement one another, offering analysts higher-fidelity detection of sophisticated threats and faster, more effective response playbooks.

Security Teams Shouldn't Have to Stitch Their Solutions Together

Email and endpoint devices are highly attacked entry points into an organization. Rapid detection and response is key, it has been limited by the manual effort required to integrate siloed data from multiple solutions.

CrowdStrike + Abnormal

Abnormal and CrowdStrike work together to help security teams stop sophisticated attacks in-progress with enriched context and automated response playbooks. This bi-directional technology integration between CrowdStrike and Abnormal combines the power of two best-in-class security platforms to empower analysts to discover and remediate compromised email accounts and endpoints swiftly. Best of all, the integration can be activated in just a few clicks, providing better protection with no additional work.

Bi-Directional Threat Detection and Response

Uncover Compromised Endpoints and Account Takeover Attacks

When the CrowdStrike Falcon platform detects risk, an account takeover case is automatically created within Abnormal. Security analysts or autonomous policies can then take rapid action: forcing step-up authentication, logging out users, terminating sessions or mandating a password reset.

Enrich CrowdStrike Detection with Email Account Takeover Signals

When Abnormal detects a compromised email account, a real-time alert automatically adds the targeted user to the Falcon Watched Users list for re-authentication and investigation. Security analysts may configure workflows for Watched Users that automate response actions to mitigate downstream risk of email account takeovers, such as enforcing multi-factor authentication.

Bi-Directional Behavioral Attack Detection and Response

Only Abnormal and CrowdStrike can tie together a consolidated view of employee behavior across endpoint, Active Directory, and email solutions—empowering high-fidelity, cross-functional security investigations.

Faster, More Effective Response with Abnormal + CrowdStrike

AI-Based Threat Detection

Identify when user activity deviates from behavioral baselines.

Enriched Context for Security Investigations

Merge risk signals from identity, endpoint, and email tools in one solution.

Automated Response Playbooks

Take swift action to mitigate risks once threats are detected.
“Comfort Systems USA builds, supports, and maintains our customers’ most critical building systems. I'm excited to see Abnormal Security and CrowdStrike working together to protect our employees against the types of attacks traditional solutions often fail to detect. With the ability to correlate user behavior events across endpoint, email, and authentication sources, our security team can quickly uncover account takeover attacks and take preventative measures.”
Christopher Chambers, Vice President of Information Security at Comfort Systems USA


Discovers compromised endpoints and email account takeover attacks that traditional security solutions often fail to detect.
Increases operational productivity by breaking down data silos and correlating endpoint, identity, and email events into consolidated views.
Accelerates incident response with automated response workflows that stop lateral movement and downstream risks.

Detect and Respond to Sophisticated Email Attacks

The CrowdStrike and Abnormal integration is available now. Request a personalized demo to learn more.
Request a Demo

Related Resources