Developed by Mimecast

Enhanced, integrated multilayered threat protection

By integrating Mimecast with CrowdStrike, organizations are protected against cyberattacks through an integrated threat sharing solution that provides email, web and endpoint device protection. By sharing intelligence between the two platforms, joint customers can be confident that their organization will be secured from zero-day threats detected by Mimecast and CrowdStrike’s Falcon® Platforms.

Solution Overview

  1. As inbound emails are received by Mimecast on behalf of the organization, they are subject to analysis by the Mimecast inspection funnel, where a series of email hygiene and advanced security scanning techniques are applied, to ensure that emails are safe before they are delivered to the recipient.
  2. Any infected messages detected are not delivered to the intended recipient, protecting the organization immediately.
  3. Key threat identifiers detected by Attachment Protection inspection funnel are shared with the CrowdStrike Falcon® platform.
  4. CrowdStrike uses this information in the threat detection service to alert the administrators and/or prevent the threat from executing on the managed Endpoint devices.
  5. Key threat identifiers from the CrowdStrike Falcon® platform are shared with Mimecast to provide consistent protection from threats, and automatically block future matching indicators.
  6. Mimecast uses the indicators from the CrowdStrike Falcon® platform to scan the mail boxes and automatically remove the affected emails from the recipients.



Mimecast + CrowdStrike Use Cases:

Mimecast and CrowdStrike provide continuous protection through:

Automated Protection

Prevent future email threats by blocking matching indicators and scanning mailboxes based on intelligence received from the CrowdStrike Falcon® Platform.

Extended Detection and Response

- Email telemetry logs are ingested by Falcon Insight XDR.

- CrowdStrike maps to common schema across data sources.

- XDR detection event created; analyst begin investigation within XDR console.

- Analysts determine remediation within Mimecast and/or other security tools

Threat Intelligence Sharing

Near real time bilateral threat sharing of indicators related to zero day threats detected by email endpoint or web download.

               Key Benefits


Protect the organizations devices from threats detected via Email


Automated remediation capabilities for the endpoint and secure email gateway


Enhance threat detection with best-in-class shared intelligence from the Mimecast Secure Email Gateway and CrowdStrike Falcon Platform


Gain a deeper understanding of the threats targeting the organization

Crowdstrike Falcon XDR

Enable highly relevant and impactful Mimecast email response actions based on XDR detections within the CrowdStrike Falcon Insight XDR console. With unified response actions across endpoint and email security domains, you can supercharge your teams response time and accuracy.

Crowdstrike LogScale

By integrating Mimecast and CrowdStrike LogScale, organizations gain search and correlation capabilities across all log types to detect and respond to cyber attacks. Live searches and near real time dashboards cut detection times and blazing fast search empowers incident response and threat hunting teams to uncover the full kill chain and proactively find potentially malicious activity.

Back to Top