Help identify and resolve email threats
LogPoint collects, analyzes, and prioritizes security events to help analysts identify and resolve incidents quickly and keep businesses safe. LogPoint automatically gathers supporting information for each case to that help analysts quickly resolve incidents. Available in the cloud, or on-premises, LogPoint combines SIEM with SOAR capabilities. Analysts get one out-of-the-box solution for the entire threat detection, investigation, and response process. Ready-to-use playbooks for important use cases help guide analysts about which areas of the business to automate. Analysts can easily tailor and add their own playbooks to meet specific business processes and get up and running quickly.
Mimecast and LogPoint provide an integrated solution to improve detection, stop threats, augment security insights and centralize response across security functions. Email attack investigations usually require pivoting from one suspicious indicator to another to gather critical evidence, grabbing and archiving evidence and finalizing a resolution – manually running these commands traps analysts in a screen-switching cycle.
By integrating Mimecast with LogPoint, SecOps teams can standardize their incident response processes, execute repeatable tasks at scale, accelerate the time it takes to detect and protect against email-borne attacks and optimize resources.
Mimecast + LogPoint Use Cases:
- Automated email threat enrichment: Orchestrate and automate a variety of critical but repeatable Mimecast commands during an incident response to improve response times.
- Complex Email Threat Investigation: Analysts gain greater visibility and new actionable information about the attack through integrated Mimecast commands, with documentation per step and artifact reporting
- Alert prioritization: Increase efficiency and effectiveness by prioritizing the most pressing threats.
- Threat intelligence: Unifying aggregation, scoring, and sharing of threat intelligence with playbook-driven automation across the security estate.
- Malware Containment: Incorporate email into investigations to see if the threat originated via email. Run playbooks for malware containment, phishing investigations, report on anything investigations. Investigate a suspicious URL with Mimecast, search user mailboxes for the URL, and, if found, automatically remove it.
- Phishing: The LogPoint form will take an email subject from a user, search through the held message queue and send a Slack message to an analyst for review. The Slack message will contain context provided from Mimecast to allow the security team to Release or Reject the email directly from Slack and communicate the verdict to the original user.
- Search and Destroy: Automate search and email removal actions to any incident response playbook