A new bi-directional integration between industry leaders Abnormal and CrowdStrike has focused on looking at suspect account takeovers or identity compromises and sensibly automate parts of the remediation process. The result is better protection and increased operational productivity for security teams.
“We’re starting to see quite a lot of attackers using what Verizon are calling pretexting, which is this concept of sending an email that doesn’t actually have any kind of upfront payload or any risk, it’s coaching or trying to coerce people into taking bad action.
You might have seen ones where people get a WhatsApp saying, “Hi, mom, it’s me, my phone’s broken”. That’s an example of this kind of pretexting to evoke an emotional response. Attackers will often using these in business email compromise attacks, due to their evasion of Secure Email Gateways. Once they get initial access, they’ll often look to see how they can then compromise endpoints or move laterally.
A lot of the tactics that attackers are using to hit endpoints and email are actually the same.
The risks that we see that are impacting people via email, they’re trying to use the same tactics at endpoint, but at different times. And probably the best thing that people can do is look at the identity of the person being attacked, which will impact both their machine and their mailbox.
If you can look at how you respond to something like an account takeover, automating a part of that response action is on both parts of the puzzle, but can be done in one go by looking at the identity attributes of that person and that machine.
The biggest benefit is that you cut down the amount of work, essentially in half. If you have the right integration across email and endpoint, you’re combining signals that you would normally have to investigate separately.
And if you can sensibly integrate the two, you can look at all of the common signals across both and respond once. We are seeing that cut of customers response times by about 50% and massively free up the amount of effort needed by their teams to respond and remediate.
We’re running a webinar where we talk through some of these considerations together with experts from Abnormal and CrowdStrike. If you’re interested in hearing some of the learnings from that session, please get in touch.