API 2.0 Overview API 2.0 Reference API 1.0 Reference What's New
Alliance Partners
Become a Partner

Elastic Security

Developed by Mimecast

From Detection to Security Insights

By integrating Mimecast and Elastic Security, organizations gain search and correlation capabilities across data fabric to detect and respond to cyberattacks. Dashboards update in near-real time and get paired with security analytics to speed up detection times across the attack surface. New data can be added with Elastic Security integrations, Mimecast, community-built plug-ins, and custom connectors. Elastic Security is strong enough to analyze and monitor years worth of historical data. This data helps gain visibility across the global environment to remediate threats at a larger scale. The user can automate the detection of malicious threats and prioritize which threats to mitigate first. The integration ingests Mimecast logs relating to email activity, audit events, and DLP detections which trigger alerts within the Elastic Security Platform. The integration with Mimecast allows incident-response and threat-hunting teams to drill into events of interest and pivot through underlying data faster than ever.

Developer: Mimecast
Contact: Mimecast Support
Documentation: View
Release Date: July 2024
Version: 1.26.1
Talk to a Specialist
Get Started

Solution Overview

1. Emails received by Mimecast are passed through a series of hygiene scanning techniques, to ensure that they are safe before delivery to the recipient.

2. Email intelligence provided by Mimecast is sent to Elastic Security for normalization.

3. Elastic uses the email intelligence to alert analysts and add context to data from other Elastic data sources.

Mimecast + Elastic Use Cases:

Mimecast data ingested adds additional data and context within Elastic Security to aid: 

Threat Correlation

Identify initial attack deployment methodology, characteristics and subsequent access attempts without manual effort or multiple toolsets.

Advanced Threat Detection

Improve your organization's security posture and detect threats by augmenting email perimeter defense with user and entity behavior analytics.

Lateral Movement Detection

Detect and follow attackers even as they switch IP addresses, devices, or credentials.

Alert Prioritization

Increase efficiency and effectiveness by prioritizing the most pressing threats.

Threat Intelligence

Understand how your organization has been targeted and what attacks have been blocked for better protection at the email perimeter, inside the network and beyond its perimeter.

Threat Investigation

Analyze activity events before and after an attack across the entire attack chain to enhance analyst productivity and remediate vulnerabilities.

                                             Key Benefits

01. 

Earlier detection and containment of attacks, with rapid response to phishing and business email compromise tactics.

02.

Threat intelligence enrichment detects threats within Mimecast events.

03.

Improve analysis and knowledge of threats through built in dashboards and Mimecast regional threat intelligence.

04.

Correlation across Mimecast events, cloud, endpoint, and network data to quickly identify high-risk individuals and devices that may create future security breaches.

05.

Shared intelligence identities the original threat and targets.

Back to Top