Identify Threats Inform Response
Now supports Mimecast Cloud Integrated, Cloud Gateway & Engage
Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is high value for the security operations team, enhancing the benefits of your Splunk Enterprise investment. Splunk can ingest Mimecast logs, along with other log sources, to obtain complete visibility across all environments. Correlate security events detected by Mimecast Targeted Threat Protection and the Secure Email Gateway with other security systems connected to Splunk Enterprise helping security analysts detect incidents and attacks quickly and accurately.
Solution Overview
1. Emails received by Mimecast are passed through a series of hygiene scanning techniques, to ensure that they are safe before delivery to the recipient.
2. Email intelligence provided by Mimecast is sent to Splunk for normalization.
3. Splunk uses the email intelligence to alert analysts and add context to data from other data sources.
Mimecast and Splunk Use Cases:
Mimecast data ingested adds additional data and context within Splunk to aid:
Threat Correlation
Advanced Threat Detection
Lateral Movement Detection
Alert Prioritization
Threat Intelligence
Threat Investigation
Key Benefits
01.
Earlier detection and containment of attacks, with rapid response to phishing and business email compromise tactics
02.
Splunk analytics and threat intelligence enrichment detects threats within Mimecast events.
03.
Increase protection, reduce resource utilization, and improve analysis and knowledge of threats through built in dashboards and Mimecast regional threat intelligence.
04.
Correlation across Mimecast events, cloud, endpoint, and network data to quickly identify high-risk individuals and devices that may create future security breaches.