About the Abnormal + CrowdStrike Integration

The CrowdStrike and Abnormal integration delivers the capability security analysts need to discover and remediate compromised email accounts and endpoints swiftly.

Video Transcript

Organizations face relentless email attack campaigns that bypass traditional security solutions and laterally spread across endpoints, cloud, and network assets.

To mitigate and investigate these complex attacks, security analysts must manually build a timeline of attacker activity across siloed domains to make meaningful judgments. This complicates the incident response, increasing the risk of additional attacks and losses to the organization.

The CrowdStrike and Abnormal integration delivers the capability security analysts need to discover and remediate compromised email accounts and endpoints swiftly. When Abnormal's Account Takeover capability detects that an email account has potentially been compromised, it automatically sends a signal to CrowdStrike's Identity Protection Platform to be added to the Watched User list, which can be configured to allow analysts to contain hosts or force reauthentication on an endpoint device.

Now, when CrowdStrike's Identity Protection creates a new identity-based incident, it creates an account takeover case within the Abnormal platform. Security analysts can quickly remediate the email account by logging users out, terminating the session, or forcing a password reset.

Earlier today, Abnormal detected unusual activity and triggered a potential account takeover, opening a new case, and alerting the SOC team. Through the CrowdStrike integration, Abnormal will also add the impacted user to the Watched User list and CrowdStrike's Identity Protection Platform. Depending on how CrowdStrike is configured, analysts can now prompt the user for reauthentication, reset their AD password, or other response actions that limit the risks beyond cloud email.

In CrowdStrike, an identity-based incident was raised because the solution detected a password brute force attack. Through the integration, CrowdStrike created a new account takeover case in the Abnormal platform. Security analysts can see the source of the case as CrowdStrike and information from the incident is used as a signal in the activity timeline, facilitating investigation, remediation decisions, and response to endpoint-borne attacks.

Through this partnership, Abnormal and CrowdStrike are offering an integration focused on behavior detection of security incidents, combining world-class technologies that will provide joint customers with email attack detection and compromised account remediation capabilities that are unmatched in the industry.

This integration is the beginning of a multi-faceted partnership between the two companies. CrowdStrike and Abnormal Plan to announce XDR and Threat Intelligence integrations in the months to come.

For more information and to get started with the integration, visit the Abnormal + CrowdStrike partnership page.

About the Abnormal + CrowdStrike Integration

See Abnormal in Action

Schedule a Demo
 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Resources

Abnormal Landscape
See how Abnormal is working to make the cloud a safer place for business by protecting against all types of attacks across all types of cloud applications.
Watch Now
B TAG Cyber
Download the white paper to discover how to better secure your cloud email environment and choose the right security solutions provider.
Read More
B ESG
New survey reveals the latest trends shaping communication and collaboration application security.
Read More
B 1500x1500 Choice Hotels Bright Talk Demo Day L1 R1
Discover how Choice Hotels is simplifying their email security, streamlining their operations, and preventing email attacks with the highest efficacy.
Watch Now
B 05 01 23 MKT279 New Slack Data Sheet
Secure your messages and keep Slack from becoming an entry point for attackers.
Read More
B 05 02 23 MKT283 New Zoom Solution Brief
Protect your Zoom collaboration and prevent attackers from using the application to breach your business.
Read More
B Email Like SPM
Monitor high-impact changes to user privileges across collaboration apps with Email-Like Security Posture Management.
Read More
B Email Like Messaging Security
Detect malicious message content across collaboration apps with Email-Like Messaging Security.
Read More
B Email Like ATO
Detect compromised user accounts across your critical communication channels with Email-Like Account Takeover Protection.
Read More