Add email security data into SIEM solutions for improved threat intelligence and response.

3 Ways to take down an org 1.png

Email is a catch 22. It’s the number one business communication tool and the number one cyberattack vector. As the lifeblood that keeps business running, it must be protected against increasingly more sophisticated, motivated and determined attackers.

In the 2018 Mimecast State of Email Security Report, respondents cited a 56% increase in phishing attacks over the last year, and nearly 60% expected their organization to suffer a negative business impact because of an email-borne attack in 2018.

So, what can be done? A defense-only approach can only go so far. A cyber resilience strategy, which goes beyond a preventative approach to include adaptability to new threats, durability during an attack and an effective recovery plan is essential.

Detection and visibility is a key part of a resilience plan, and organizations are increasingly using SIEM (security information and event management) solutions to help consolidate and prioritize security alerts coming from various security systems across the business. This helps ensure action can be taken more quickly and with more certainty.

Why tie email security and SIEM together?

Top reasons why email security data should be brought into SIEM platforms include:

  • There’s a growing need for inter-connected systems to help improve threat intelligence, detection and response. SIEM is the #1 use case for the Mimecast API.
  • As the #1 attack vector, it’s critical to correlate email security data against data from other sources like endpoint, network and web.
  • Greater visibility and centralised response reduces risk - e.g. a malicious domain detected in email can be blocked at the endpoint and firewall, and vice versa.

Mimecast now has out-of-the-box integrations with three of the four SIEM leaders as per the latest Gartner Magic Quadrant – Splunk, LogRhythm and now IBM QRadar.

Mimecast for IBM QRadar

Announced last week, Mimecast for IBM QRadar uses the Mimecast data logging API to correlate email data against multiple other data sources and conduct behavioural analysis that allows joint customers to better predict and prioritize what vulnerabilities to remediate. Improved threat visibility and highly focussed alerts help security practitioners act faster to avoid or limit the impact of an attack.

Without an integrated strategy, organizations can end up with siloed security products that make it virtually impossible to get the visibility needed to make rapid and informed decisions. Mimecast integrations with IBM QRadar, Splunk and LogRhythm give joint customers a single console view to help better understand and improve their overall security posture.

Get the new Mimecast for QRadar application through the IBM Security App Exchange. Information and access to all SIEM integrations is available through the Mimecast developer portal. From here you can also access the documentation needed to build integrations into other SIEM tools and other systems you may use.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Blocking Impersonation, Phishing and Malware Attacks with DMARC

Combine DMARC Analyzer’s email cha…

Combine DMARC Analyzer’s email channel visibility and … Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Jul 11, 2018

Two Major Reasons We’re Failing at Cybersecurity

Good enough security is good enough no l…

Good enough security is good enough no longer. You use emai… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jul 24, 2018

Build Powerful Integrations with the Mimecast API

Mimecast launches new API Developer Port…

Mimecast launches new API Developer Portal What processes m… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Apr 10, 2018