Identify Threats Inform Response

Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is high value for the security operations team, enhancing the benefits of your Splunk Enterprise investment. Splunk can ingest Mimecast logs, along with other log sources, to obtain complete visibility across all environments. Correlate security events detected by Mimecast Targeted Threat Protection and the Secure Email Gateway with other security systems connected to Splunk Enterprise helping security analysts detect incidents and attacks quickly and accurately.

Developer: Mimecast

Contact: Mimecast

Documentation: View

Release Date: June 2024

Version: 5.0

Talk to a Specialist

GET STARTED

Solution Overview

1. Emails received by Mimecast are passed through a series of hygiene scanning techniques, to ensure that they are safe before delivery to the recipient.

2. Email intelligence provided by Mimecast is sent to Splunk for normalization.

3. Splunk uses the email intelligence to alert analysts and add context to data from other data sources.

Threat Correlation

Identify initial attack deployment methodology, characteristics, and subsequent access attempts without the need for manual effort or multiple toolsets.

Advanced Threat Detection

Improve your organization’s security posture and detect threats by augmenting email perimeter defense with user and entity behavior analytics.

Lateral Movement Detection

Detect and follow attackers even as they switch IP addresses, devices, or credentials.

Alert Prioritization

Increase efficiency and effectiveness by prioritizing the most pressing threats.

Threat Intelligence

Understand how your organization has been targeted and what attacks have been blocked for better protection at the email perimeter, inside the network and beyond its perimeter.

Threat Investigation

Analyze activity events before and after an attack across the entire attack chain to enhance analyst productivity and repair vulnerabilities.

Key Benefits

01.

Earlier detection and containment of attacks, with rapid response to phishing and business email compromise tactics

02.

Splunk analytics and threat intelligence enrichment detects threats within Mimecast events.

03.

Increase protection, reduce resource utilization, and improve analysis and knowledge of threats through built in dashboards and Mimecast regional threat intelligence.

04.

Correlation across Mimecast events, cloud, endpoint, and network data to quickly identify high-risk individuals and devices that may create future security breaches.