CrowdStrike Falcon XDR/Fusion SOAR

Developed By CrowdStrike

Consolidate data while improving threat visibility and remediation

CrowdStrike Falcon provides consolidated threat visibility, hassle-free detections and investigation, and end-to-end orchestration and response. CrowdStrike Falcon automatically prioritizes risks by leveraging CrowdStrike’s adversary intelligence to guide precise actions based on the most critical risks. Including natively integrating context of industry-specific risks, CVE scores for vulnerabilities on exposed assets, geolocation, attack history and asset type. Combined with powerful automation capabilities that auto-generate quick-to-implement, actionable remediation steps for real-time vulnerability mitigation.

Enable highly relevant and impactful Mimecast email response actions based on XDR detections within the CrowdStrike Falcon® Insight XDR console. With unified response actions across endpoint and email security domains, you can supercharge your team’s response time and accuracy. In addition, you can enable pre-defined XDR workflows with CrowdStrike Falcon® Fusion to automatically trigger integrated response actions across the Falcon platform and Mimecast Email Security, such as blocking an email sender or domain. By enabling Mimecast response actions from the Falcon console, you can quickly block malicious actors across endpoint and email domains before they cause damage.

Solution Overview

1. As inbound emails are received by Mimecast on behalf of the organization, they are subject to analysis by the Mimecast inspection funnel, where a series of email hygiene and advanced security scanning techniques are applied, to ensure that emails are safe before they are delivered to the recipient.

2. Email intelligence produced by Mimecast is sent to CrowdStrike.

3. CrowdStrike adds context to data from other sources and alerts analysts. 

4. Playbooks run corrective actions within Mimecast and other security tools. 

Mimecast + CrowdStrike Falcon XDR Use Cases: 

By integrating Mimecast with CrowdStrike’s Falcon® Platform, organizations can realize the full benefit of their cybersecurity investments and improve the organization's overall cyber resilience.

Protect against Phishing attacks

Ingest threat data, including email logs across the security estate to correlate threats and automated response actions. 

Simplify Threat Detection

AI-enabled detection simplifies threat 

Threat Intelligence Sharing

CrowdStrike identifies and prevents execution of a threat from the web

Post triage event, the threat information shared with Mimecast.

Mimecast blocks future threats matching the indicators received from CrowdStrike.

Mimecast performs a scan to find the threat across the user mailboxes.

                                             Key Benefits

01.

Detect and stop lateral movement threats through full visibility of detection and automated response.

 

02.

Multi layer Defense in Depth unifies prevention, detection, and response across email, endpoint, identity and cloud.

03.

Immediate Visibility and Context through visualization at every stage of the kill-chain.

 

04.

Improve Security Analyst Efficiency by leveraging a single user experience dashboard view.

05.

Enrich Threat Detection from Mimecast into stellar Cyber XDR detection analytics.

Related integrations

 
Back to Top