Fluency Security

Developed by Fluency Security

 

Fluency Security is a next generation - cloud based SIEM tool that commands a powerful new approach to managing the cyber health of your company. One that takes feeds from all your security layers, like Mimecast, plus your network and applies advanced analytics, correlating and fusing disparate data, while adding threat intelligence to create an enhanced risk scored record.

Fluency Security strives to substantially reduce false positives while providing sub-second query response times. The critical capability to integrate SOAR functionality is part of our fundamental foundation, such as working with Mimecast and their blocking capability. User behavior analytics provides deep visibility by tying together MAC to IP to user, regardless if you're using rotating IP's or split tunneling in your network. Our single pane of glass view immediately allows analysts to interrogate the consolidated data with exceptional pivoting, to reveal actionable intelligence. Reducing business risk in real-time, by analyzing all the data, regardless of size, allows for fast decisive action by your analyst teams.

 

Fluency Logo

Solution Overview

1. Emails received by Mimecast are passed through a series of hygiene scanning techniques, to ensure that they are safe before delivery to the recipient.

2. Email intelligence provided by Mimecast is sent to Fluency Security for normalization.

3. Fluency uses the email intelligence to alert analysts and add context to data from other Fluency data sources.

 

Mimecast + Fluency Security Use Cases:

Mimecast data ingested adds additional data and context within Fluency Security to aid: 

Phishing

Phishing email is sent, the user clicks on the link and then Mimecast identifies the link as malicious and blocks user access. SIEM ingests email telemetry from Mimecast including URL logs. SIEM analyzes phishing link for additional IOCs and identifies 10 matching emails. Analyst runs remediation process to remove the malicious email. 

Compromised Accounts

SIEM triggers an alert based on suspicious user behavior. SIEM enriches indicators from the alert in Mimecast and web security, looking for URL events. Events relating to malicious URLs are found in Mimecast and web security. Analyst resets user credentials. 

Lateral Movement

A user's laptop is connected to open Wi-Fi and infected with malware which phones home to a C&C server. The attacker uses it as a foothold to propagate malware via email. Mimecast identifies malware, blocks email and removes from user inboxes. SIEM correlates events from agents and email activity to gather a full timeline and TTPs of the incident. Analyst quarantines the laptop, creates firewall deny rule for the C&C server IP address.

                                             Key Benefits

01.

Earlier detection and containment of attacks, with rapid response to phishing and business email compromise tactics.

02.

Threat intelligence enrichment detects threats within Mimecast events.

03.

Improve analysis and knowledge of threats through built in dashboards and Mimecast regional threat intelligence.

04.

Correlation across Mimecast events, cloud, endpoint, and network data to quickly identify high-risk individuals and devices that may create future security breaches.

05. 

Shared intelligence identities the original threat and targets.

Back to Top