Coordinated, Automated and Efficient Incident Response

Mimecast and Tines provide an integrated solution to improve detection, stop threats, augment security insights and centralize response across security functions. Together, Mimecast and Tines share high-fidelity indicators to help analysts quickly and accurately identify the root cause of an attack and remediate the threat. This helps SecOps teams ward against initial infection and lateral spread that can lead to downtime, ransom demands, lost data and stolen passwords.

The Tines platform ingests rich Mimecast information from URL Logs, held message queue and sender management for analyst investigation or automated Story-driven response – from a single interface. An example story to manage hold message with mimecast is highlighted below.

Use Cases

Malware Containment

Incorporate email into investigations to see if the threat originated via email. Run playbooks for malware containment, phishing investigations, report on anything investigations. Investigate a suspicious URL with Mimecast, search user mailboxes for the URL, and, if found, automatically remove it.

Phishing

The Tines form connected to this Story will take an email subject from a user, search through the held message queue and send a Slack message to an analyst for review. The Slack message will contain context provided from Mimecast to allow the security team to Release or Reject the email directly from Slack and communicate the verdict to the original user.

Hold Queue Management

Tines receives a form submission from a user and will search for held messages on Mimecast based on those details. Tines will send a summary of the message details and spam scores to the user via Slack to enable them review and make a decision.

Search and Destroy

Automate search and email removal actions to any incident response playbook