The constant evolution and rise of digital technologies is increasing the amount of sensitive information stored online. That is, motivation for attackers to look for new and creative ways to breach security systems and steal data.
The result? Multi-channel cyberattacks.
Multi-channel cyberattacks refer to attacks that leverage multiple methods of attack across various digital channels to target victims. In other words, rather than relying on a single vector of attack, attackers use a combination of tactics to achieve their goals.
Here is an example. A multi-channel cyberattack starts with a phishing email that contains a link to a fake login page. Once the victim enters their login credentials, the attacker can gain access to their account and use it to send more phishing emails to the victim's contacts or spread malware across the victim's network.
To protect against these attacks, organizations need to implement a multi-layered security strategy. (Possibly a strategy that combines XDR with behavioral AI.)
To make that happen, CrowdStrike and its strategic investment vehicle, CrowdStrike Falcon Fund, have invested in Abnormal Security.
But that’s not all.
CrowdStrike and Abnormal are also entering into a strategic technology partnership that integrates the CrowdStrike Falcon platform with the Abnormal platform to offer email and endpoint attack detection and response with automated account remediation.
But before diving into the partnership’s integration, let’s take a look at a long-story-short version of the organizations involved.
CrowdStrike is a provider of cloud-delivered protection of endpoints, cloud workloads, identity and data. The CroudStrike Falcon Fund is focused on global, cross-stage investments in companies that provide differentiated capabilities. The Fund does not lead rounds, but does co-invest as a strategic partner alongside lead investors.
Abnormal Security, on the other hand, is a company that offers a security platform using machine learning to stop sophisticated email attacks that bypass traditional solutions. The platform analyzes the risk of every cloud email event using identity and context and detects compromised accounts, prevents inbound email attacks, and remediates emails in milliseconds.
“Abnormal Security’s innovative risk-aware, AI-based security platform offers high-efficacy protection against sophisticated email attacks and automatic remediation of compromised accounts, making them both an attractive investment and technology partner,” said Michael Sentonas, president at CrowdStrike. “Their behavioral AI vision is closely aligned with CrowdStrike’s AI/ML approach.”
The initial technology integration between Abnormal and CrowdStrike delivers bi-directional threat detection and response. Here is how the process works. When the CrowdStrike Falcon platform detects risk, an account takeover case is automatically created within the Abnormal platform. Security analysts or autonomous policies then act. This includes forcing step-up authentication, logging out users, terminating sessions and even mandating a password reset. When Abnormal detects an email account compromise, a real-time alert automatically adds the targeted user to the Falcon Watched Users list for re-authentication and investigation.
“Email and endpoint devices are highly attacked entry points into an organization, and while rapid detection and response is key, it has been limited by the manual effort required to integrate siloed data from multiple solutions,” said Evan Reiser, co-founder and CEO at Abnormal Security. “The partnership between our two businesses will break down data silos and deliver consolidated solutions for the XDR era.”
And customers are already validating the partnership.
Comfort Systems USA, which builds, supports and maintains critical building systems, will have better protection against attacks that are often not detected by traditional solutions because of the Abnormal and CrowdStrike partnership.
“With the ability to correlate user behavior events across endpoints, email and authentication sources, our security team can quickly uncover account takeover attacks and take preventative measures,” said Christopher Chambers, Vice President of Information Security at Comfort Systems USA.
Besides delivering better protection across a broad attack surface, the partnership also puts Abnormal into the CrowdXDR Alliance.
Edited by Alex Passett