
Combining the Power of Behavioral AI with Industry-Leading EDR Capabilities
Abnormal and CrowdStrike complement one another, offering analysts higher-fidelity detection of sophisticated threats and faster, more effective response playbooks.
THE PROBLEM
Security Teams Shouldn't Have to Stitch Their Solutions Together
Email and endpoint devices are highly attacked entry points into an organization. Rapid detection and response is key, it has been limited by the manual effort required to integrate siloed data from multiple solutions.
THE SOLUTION:
CrowdStrike + Abnormal
Abnormal and CrowdStrike work together to help security teams stop sophisticated attacks in-progress with enriched context and automated response playbooks. This bi-directional technology integration between CrowdStrike and Abnormal combines the power of two best-in-class security platforms to empower analysts to discover and remediate compromised email accounts and endpoints swiftly. Best of all, the integration can be activated in just a few clicks, providing better protection with no additional work.
Bi-Directional Threat Detection and Response
Uncover Compromised Endpoints and Account Takeover Attacks
When the CrowdStrike Falcon platform detects risk, an account takeover case is automatically created within Abnormal. Security analysts or autonomous policies can then take rapid action: forcing step-up authentication, logging out users, terminating sessions or mandating a password reset.
Enrich CrowdStrike Detection with Email Account Takeover Signals
When Abnormal detects a compromised email account, a real-time alert automatically adds the targeted user to the Falcon Watched Users list for re-authentication and investigation. Security analysts may configure workflows for Watched Users that automate response actions to mitigate downstream risk of email account takeovers, such as enforcing multi-factor authentication.
Bi-Directional Behavioral Attack Detection and Response
Only Abnormal and CrowdStrike can tie together a consolidated view of employee behavior across endpoint, Active Directory, and email solutions—empowering high-fidelity, cross-functional security investigations.
Faster, More Effective Response with Abnormal + CrowdStrike
AI-Based Threat Detection
Identify when user activity deviates from behavioral baselines.
Enriched Context for Security Investigations
Merge risk signals from identity, endpoint, and email tools in one solution.
Automated Response Playbooks
Take swift action to mitigate risks once threats are detected.
“Comfort Systems USA builds, supports, and maintains our customers’ most critical building systems. I'm excited to see Abnormal Security and CrowdStrike working together to protect our employees against the types of attacks traditional solutions often fail to detect. With the ability to correlate user behavior events across endpoint, email, and authentication sources, our security team can quickly uncover account takeover attacks and take preventative measures.”
Christopher Chambers, Vice President of
Information Security at Comfort Systems USA

Benefits
Discovers compromised endpoints and email account takeover attacks that traditional security solutions often fail to detect.
Increases operational productivity by breaking down data silos and correlating endpoint, identity, and email events into consolidated views.
Accelerates incident response with automated response workflows that stop lateral movement and downstream risks.
Detect and Respond to Sophisticated Email Attacks
The CrowdStrike and Abnormal integration is available now. Request a personalized demo to learn more.