Discover and remediate compromised email accounts and endpoints

Abnormal integrates with the  CrowdStrike Falcon® platform to provide complementary protection across email, identity and endpoint threat vectors. Abnormal and CrowdStrike, offer analysts higher-fidelity detection of sophisticated threats with faster, more effective response playbooks to speed up remediation. CrowdStrike enhances Abnormal’s email attack detection by sending identity-based incidents to Abnormal for further investigation. Additionally, when Abnormal detects a potential active account takeover within Microsoft 365, Abnormal automatically adds the user to the Watched Users list within Falcon Identity Threat Protection, highlighting potentially high-risk users in your environment to accelerate threat detection and prevention. This bi-directional technology integration makes SOC teams more efficient by empowering them to swiftly discover and remediate compromised email accounts through Abnormal and endpoints through the Falcon platform. Best of all, it can be enabled in just a few clicks, providing better protection with no additional work.

• Detect email account takeovers When Abnormal detects an active account takeover within a Microsoft 365 account, CrowdStrike will automatically add that user to a Watched Users list within the CrowdStrike Falcon® Identity Threat Protection module

• Investigate CrowdStrike identity detections The Abnormal platform can ingest identity detections from CrowdStrike that indicate, for example, if a host’s endpoint device has been compromised. Based on this signal, the Abnormal platform automatically opens an account takeover case and shows details of the signal received from CrowdStrike

• Orchestrate responses Analysts can take automated response actions, such as logging the user out, terminating the user session, forcing re-authentication, and more either manually or by leveraging pre-built playbooks