CrowdStrike + Abnormal Security Partner to Deliver Joint AI-Based Threat Detection and Response

Evan Reiser:

I'm Evan Reiser, the CEO and founder of Abnormal Security. I’m pleased to be here today with Mike Sentonas to talk about our new partnership with CrowdStrike. Today we're excited to announce the first of its kind, a turnkey integration between two platforms that are stopping some of the most egregious threats for our joint customers.

Michael Sentonas:

And I'm really thrilled to be here. I'm Mike Sentonas, president of CrowdStrike. Evan, I'm really excited to chat with you about how our two companies are coming together to solve real needs for our customers.

What Are the Challenges in the Market Today?

Michael:

There are several challenges that organizations struggle with today. Firstly, from a security risk perspective, email and endpoint devices are two of the biggest entry points and attack vectors that contribute to cybercrime and cybercrime loss. There's a productivity cost issue. So today security teams are spending so much time and resources to go through volumes of security data to stitch them together. And a big part of that, which is the third issue to talk about, is just the sheer volume of security products that an organization uses.

Evan:

I'd also add that there's a big customer challenge around socially-engineered email attacks and account takeovers because they're really hard to detect. Social engineering business email compromise attacks account for more than $43 billion in losses since 2016. They're continuing to grow. As Mike mentioned, another challenge is the sprawl of security platforms. Point solutions are not well integrated. These signals don't natively flow between different security platforms for better faster protection against these types of attacks. On the contrary, customers are also expected to take on the whole cost of integrating that system all by themselves.

What Brought CrowdStrike and Abnormal Together?

Michael:

Every conversation we've had between the organizations has been focused around the customer and solving the hard problems, and I think this is why we were able to align so quickly. The integration ideas have been flowing rapidly ever since that first conversation. We believe in the idea of best-of-breed platforms coming together, which is why we were so excited to talk to you Evan, and to the team. So the other big thing is automation. Automation that reduces security spend and increases SOC productivity is just so incredibly important today. So as we think about security budgets largely staying flat, giving organizations better security outcomes is just so critically important today.

Evan:

I totally agree, Mike. I see that when our teams are working together, there are really three things that make me confident that we share the same DNA. We have a relentless focus on customer outcomes. We both have cloud-native platforms. We’re using AI next-gen technologies to go help those customers succeed in this new world. However, there's also additional evidence you can see for the need for this type of solution through the lens or through the eyes of industry experts. In the recent Market Guide for Email Security, Gartner recommends that security leaders prioritize the integration of email events into a broader XDR platform for even better protection. Our shared vision with CrowdStrike is to deliver a solution for the future that solves both current customer challenges and the ones that are gonna come across in the future.

Why is This Partnership Unique?

Evan:

So at its core, Abnormal is built on an architecture that's designed to ingest a really broad range of signals from diverse sources across different cloud applications. We pull them together to build a comprehensive understanding of the behavior of every identity in the organization. That rich context allows our platform to precisely stop different types of anomalies and attacks. CrowdStrike has the absolute best telemetry when it comes to understanding the behavior of identities from an endpoint perspective. So obviously there's a no-brainer for us to combine these two platforms together to get high-fidelity signals from CrowdStrike into Abnormal to even better protect our customers’ email.

Michael:

This is another example where the two companies are very much aligned. When you think of our strategic goal on our platform to bring together as many telemetry sources as possible, that really aligns very well with what you all are doing at Abnormal. Abnormal's platform has the highest fidelity signals on identities whose emails may be compromised. And then when you combine this with EDR signals from CrowdStrike in the form of a turnkey solution, we're going to create a one plus one equals three value effect for our customers, which is hugely valuable. And then with the joint solution, our customers’ SOC teams will have curated security incident information, which will allow them to have very quick remediation. That is the goal of what we're trying to build here.

What is the First Use Case for Customers?

Evan:

When we started this partnership, we wanted to start with something that was really impactful to our customers right off the bat. So we decided to focus on account takeovers, which are really difficult to detect. Now, the Abnormal platform can ingest signals from CrowdStrike that indicate that a host endpoint's been compromised. Based on signals, we can automatically create a new account takeover case inside Abnormal's platform. Those curated behavioral insights are all in one place, and that allows security analysts to take a bunch of different actions. They can immediately log the user out, terminate all active sessions, reset passwords, and do a lot more.

Michael:

So follow on from your comments, Evan. I think what makes Abnormal unique is that you are approaching the problem for a customer in a totally unique way. And through the first phase of this integration, the integration works in reverse where Abnormal will enhance CrowdStrike's identity protection capabilities with enriched data about account takeovers. So when Abnormal detects an active account takeover within a Microsoft 365 account, CrowdStrike will automatically add that user to a watched users list. And security analysts can configure workflows that automate response actions for watched users, such as containing hosts or forcing re-authentication. So we're taking identity protection capabilities from both CrowdStrike and Abnormal to baseline known behavior and then using that baseline to determine when anomalous activity may be occurring—no matter the source. So understanding behavioral risk is going to be a key effective cybersecurity countermeasure in the coming years. And one of the ways that we do that is by the two companies leveraging AI, like what your team and our team have built together.

What Does the Future Hold for Customers?

Michael:

Well, the world and the macroeconomic environment that we all hear about have changed dramatically over the last few years and certainly over the last few months. If we talk to CISOs, we talk to CIOs, they need the most effective protection possible, but they can't increase their budgets, they can't add more people always to their teams. So there's an increased need for seamless solutions that work together pretty much straight out of the box. This is the first step with this technology integration because we see this investment in Abnormal as a long-term and multifaceted partnership opportunity. And I think when we think about the partnership, it's leading the way for what's possible between email and endpoint security, and our goal is to showcase our gold standard XDR integration later this year. And as I mentioned, the industry is hungry not only for best-of-breed vendors but also for best-of-breed outcomes. Abnormal is clearly a leader in the email space and the CrowdStrike team is incredibly thrilled to be investing in the behavioral AI platform they're bringing to their customers.

Evan:

Mike, I totally share that vision and I feel so thankful to get to work with you and the greater CrowdStrike team on our joint mission to go help our customers. We know that XDR is the future, and I truly believe Abnormal has a part to play here to help customers integrate all their different security tools to create more comprehensive protection. I know that's just the beginning of what's possible for our two companies, and I'm really looking forward to providing our joint customers with this turnkey solution to correlate data across email and endpoint security.