Abnormal Security Data Connector
Enhance threat detection with Abnormal Security attack detections in Falcon Insight XDR
Abnormal Cloud Email Security
Discover and remediate compromised email accounts and endpoints
With CrowdStrike and Abnormal Security working together, security analysts can holistically determine whether an identity is behaving normally through continuous behavior analysis from email content, activity, and endpoint monitoring, breaking down siloed views. If a compromise is detected, even if the initial compromise did not occur through email, analysts can act quickly to remediate the connected email account, stopping attacks in progress and mitigating the risk of spread through lateral phishing.
- 01
Detect email account takeovers
When Abnormal detects an active account takeover within a Microsoft 365 account, CrowdStrike will automatically add that user to a Watched Users list within the CrowdStrike Falcon® Identity Threat Protection module
- 02
Investigate CrowdStrike identity detections
The Abnormal platform can ingest identity detections from CrowdStrike that indicate, for example, if a host’s endpoint device has been compromised. Based on this signal, the Abnormal platform automatically opens an account takeover case and shows details of the signal received from CrowdStrike
- 03
Orchestrate responses
Analysts can take automated response actions, such as logging the user out, terminating the user session, forcing re-authentication, and more either manually or by leveraging pre-built playbooks
