CrowdStrike Foundry

Developed by CrowdStrike

Coordinated, automated,
and efficient incident response

By integrating Mimecast and Foundry SOAR, organizations gain search and correlation capabilities to detect and respond to cyberattacks from a central location, without having to pivot between consoles. Foundry SOAR is designed to help the security team augment the analyst experience, allowing SOC teams to respond to cyberthreats confidently, automate intelligently and collaborate consistently. It guides the team in resolving incidents by codifying established incident response processes into dynamic playbooks.

crowdstrike-logo.png

Solution overview

  1. As inbound emails are received by Mimecast on behalf of the organization, they are subject to analysis by the Mimecast inspection funnel, where a series of email hygiene and advanced security scanning techniques are applied, to ensure that emails are safe before they are delivered to the recipient.
  2. Email related data from Mimecast ingested into the Foundry SOAR platform to help with analyst investigations.
  3. Coordinate response actions across security tools based on Mimecast data.
  4. Adjust Mimecast policies, search and destroy malicious emails, or prevent future threats.
Resources_117.jpg

Mimecast + CrowdStrike use cases

Coordinated response aiding in:

Icon_Bcircle_application-mfa.png

Complex email threat investigation

Develop playbooks to quickly pull together contextual data around an email threat discovered in Mimecast and coordinate next step actions to remediate or flag for further investigation.
05BLOG_1.jpg
icon_BCircle_DataLoss.png

Automated email threat enrichment

Orchestrate and automate a variety of critical but repeatable Mimecast commands during an incident response to improve response times.
05BLOG_1.jpg
icon_Bcircle_compass.svg

Enhanced visibility

Analysts gain greater visibility and new actionable information about the attack through integrated Mimecast commands, with documentation per step and artifact reporting.
05BLOG_1.jpg
icon_threat_intelligence_hub.png

Threat intelligence

Unifying aggregation, scoring, and sharing of threat intelligence with playbook-driven automation across the security estate.
05BLOG_1.jpg
05BLOG_1.jpg
05BLOG_1.jpg
05BLOG_1.jpg
05BLOG_1.jpg

Key benefits

01.

Supercharge your SOC

Create powerful apps with high-fidelity data, cloud infrastructure, and advanced development tools.

02.

Unlock cybersecurity innovation

Deploy more use cases faster with custom apps that extend the capabilities and power of the platform.

03.

Unify security and IT

Bridge the gap across security and IT with collaborative apps that bring unified data visibility.

Back to Top