Blog

Top Moments at RSA Conference 2017

by Jamie Laliberte Whalen - Senior Manager, Digital Content and Social Media

February 28, 2017

Our promise to the industry was to engage, educate and provide valuable insight into major cybersecurity issues facing organizations around the world. 

Here is a small recap of what happened at RSA Conference, so you can feel like you were able to attend:

Moment 1: ‘Cyber Resilience Think Tank’ at the San Francisco NASDAQ Center

The Mimecast team hosted a great event at the San Francisco NASDAQ Center for an early morning ‘Think Tank’ lead by Mimecast’s CTO, Neil Murray, and moderated by Venable’s CEO, Ari Schwartz. Security thought leaders from various industries joined in one room to network and share the challenges organizations face today with cyber resilience. As organizations work to become adopt a more cyber resilient strategy there was consensus among the peers in the room that the diversity of the attack must equal the diversity of the defense.

 

 

 

 

Moment 2: Dark Reading Interview with Bob Adams

Lights, camera, action! What a moment for our very own senior cybersecurity strategist, Bob Adams, who was in front of the camera for an interview with Dark Reading. Bob highlighted the latest security gaps with internal email and the proposed solution, which Mimecast launched at the start of the show.  He also discussed how to gain valuable insight into the attacks being missed by many incumbent email security solutions. Interested in watching? Click on the image to watch the full interview below

.

 

 

 

Moment 3: Live Hacks at the Mimecast Booth

Full house, no problem. Security experts Bob Adams, Julian Martin, and Matthew Gardiner demonstrated onsite ‘LIVE HACKS.’ The gist of the hacks incorporated social engineering attacks, phishing attacks and the ease at which a hacker can use email as a primary hacking mechanism to own the target’s system, gain bank information and take over someone’s video camera without them knowing. You can view the live Periscope video below if you would like to take a look for yourself.

 

  

 

 

 

 

 

Moment 4: Insights into the latest Cyber Threat Plaguing email

Who doesn’t like working on solving problems with clients? At the event, we got to meet with many customers and new prospects. Thank you, to everyone who stopped by the booth. We were able to share the latest email security threats we see organizations face daily. This included 421 unknown malware threats, all of which were missed by a number of incumbent email security solutions. Check out a summary of these threats in our latest Email Security Risk Assessment infographic we had posted in the booth here.

 

 

 

 

Related Content:

Mimecast Events Page

 

 

FILED IN

GDPR + Cybercrime: Is Email Part Of Your Compliance Strategy?

by Achmad Chadran - Product Marketing Manager, Marketing

February 22, 2017

Crippling financial penalties and strict new privacy rules have grabbed most of the EU General Data Protection Act (GDPR) headlines so far. This is no surprise, given the sweeping nature of the act, but ahead of the May 2018 implementation date, it’s important to look at some of the more detailed compliance requirements, especially for email.  

GDPR and cybercrime

A key tenet of the GDPR – that organizations must respond in a timely manner to Subject Access Requests (SARs), inquiries from EU residents about the location and processing of their personal data, as well as to requests that it be erased – will likely force a sea-change in how organizations manage all data, personal or otherwise.

In the meantime, little’s been said about the challenges of overhauling privacy in the current era of phishing and ransomware. The two developments – growing regulatory burdens and the increasingly volatile threat landscape – put organizations in a double bind. The GDPR emerged in part as a response to the growing cybercrime threat, yet its directives to retool organizational policies, processes and structures stand to compound the burdens of well-intentioned organizations.

To manage the dual risks of GDPR compliance and cybercrime, you need to focus on email security and governance. Here are some guidelines for formulating such a strategy:

 

Review your email infrastructure

Over 90 percent of phishing cybercrime exploits begin with email, making it the single biggest threat vector to organizations and the data they manage. Furthermore, not only are emails a common vehicle to share and exchange personal data, email servers are prime repositories for such data as names, email addresses and associated contact information.

Managing GDPR risk starts with securing your data and infrastructure against the litany of email threats mentioned above.

 

Implement strong search and e-discovery

To suit GDPR mandates for reporting on and deleting personal data upon request, your email infrastructure needs to streamline search and e-discovery. A robust complement of case management tools – early case assessment, search and saved search, legal hold application, retention adjustments, and export, to name a few – will also expedite your ability to respond effectively to requests.

 

Educate and inform your mailbox holders

One careless click can undermine even the most capable security or governance infrastructure. This makes social engineering exploits such as phishing and impersonation attacks so devastatingly effective. A well-informed workforce is an essential component of an effective GDPR compliance strategy. Every user in your domain must be vigilant against the onslaught of email-based attacks, and play a vital role in notifying your Data Protection Officer (DPO) of any suspected privacy breaches.

 

Beyond email

Bear in mind that the guidance above addresses compliance issues related specifically to email. To manage GDPR, you’ll need to transform your privacy and governance operations wherever personal data is stored or processed: customer records, databases, CRM systems, and ERP platforms, etc. But chances are good you’ve already considered these repositories; it’s email that’s often overlooked in the compliance conversation. In reality, nearly all email servers and archives contain personal data.

No matter where your organization is based, if you manage or process personal data associated with EU residents, you will be impacted by the GDPR. Managing against GDPR penalties involves securing and tightly controlling your email servers and archives. The countdown to prepare has begun.

To help inform your journey to GDPR compliance, download the Osterman Research White Paper, GDPR Compliance and its Impact on Security and Data Protection Programs.

FILED IN

February 14, 2017

  Would it surprise you to learn that in recent testing Mimecast has seen a 13.2% false negative rate for incumbent email security systems?  Does your current email security system let through an inordinate amount of spam, malware, malicious URLs, or impersonation emails? 

Security Risk Assessment

How would you find out if it did?  Is your primary source for detecting false negatives your users? Do you wonder how your email security performance compares with your peers?

The fact is, until now, there hasn’t been much data comparing or benchmarking the performance of email security systems. They all claim the ability to defend against spam, malware, spear-phishing, malicious links and other email attack techniques. But how good are they really? How do they compare in their ability to block opportunistic email-borne attacks as well as more targeted attacks?

In working with our more than 25,000 customers, Mimecast has seen firsthand that email security systems do not perform equally well. To address this lack of data head-on, Mimecast launched its Email Security Risk Assessment (ESRA).

 

The Mimecast ESRA has three goals:

  1. To test the Mimecast cloud security service against an individual organization’s incumbent email security system. To help the organization see in one report the number, type, and severity of email-borne threats that are currently getting into their organization.
  2. To inform the security industry with hard data on the effectiveness of various commonly-deployed, email security systems.
  3. To inform the security industry with hard data regarding the number, type, and severity of email-borne threats that are actively being used in attacks.

In an ESRA, Mimecast uses its cloud-based Advanced Security service to assess the effectiveness of other email security systems. The ESRA test passively inspects emails that have been inspected by the organization’s incumbent email security system and received by their email management system. In an ESRA, the Mimecast service re-inspects the emails deemed safe by the incumbent email security system and thus looks for false negatives, such as spam, malicious files, and impersonation emails.

The results we’ve uncovered so far are concerning:  Email attacks ranging from opportunistic spams to highly-targeted impersonation attacks are getting through incumbent email security systems both in large number and in various types.

To learn more and to see the results of the ESRA tests completed to date, please check out this paper.

 

FILED IN

A long time ago, a supercomputer named Deep Thought concluded that the answer to the ultimate question to the meaning of life, the universe, and everything was 42. Although it took Deep Thought 7 and a half million years to produce this answer, it concluded that finding the answer would have been much simpler had it known the question. Deep Thought didn't understand what the "ultimate question" was. And we'll agree; it's definitely hard to provide an answer without a question. Here at Mimecast though, we have the question…the ultimate question…42 of them to be exact!

Join us as we get to know our Mimecast experts in a new blog series called “42 Questions.” We may not find out the answer to life at the end, but we’ll definitely find the answer to what our expert thinks it means to be a Mimecaster, the top security threats they worry about, and even their favorite superhero just to name a few. That should hold us over while we come to a consensus on why 42 is the answer to the meaning of life, the universe, and everything! Enjoy!

 

Video Script below:

JLW: I’m Jamie Whalen, Social Media Manager at Mimecast and we’re here with J. Peter Bruzzese, a Mimecast employee and Microsoft MVP. We will be asking him a set of 42 quick rapid response questions to get to know who J. Peter is just a little bit more.  Are you ready for 42 questions?

J.PETER:  You bet- “Greetings Mimecast and Jamie!”

 

1. What is your MVP Technical expertise?

Awarded 7 times, first 4 times was for exchange 2nd two times was for Office 365. And to put it all into one bucket, the office service, and services bucket.

2. Favorite actress?

Amy Adams

3. Favorite movie?

Rocky I, II, III

4. Infrastructure or Software as a service? 

Software.  Infrastructure is very legacy facing which is still necessary for a hybrid move to cloud but with container and such along with SaaS really providing what most organization need… I see SaaS as the real future in 5 years’ time.

5. Favorite food?

Anything parmesan.  Chicken, eggplant, etc.

 6. Why do you consult for Mimecast?

When I was first looking at Office 365, I liked it but I felt like there was a need for something else to fix all of the gaps in Office 365. And so, in looking around, the only solution I found that could fill the gap of security, archiving, availability, was Mimecast. And so I decided to work for them.

(Want to see the sleep chambers?  They encourage napping!!! I’m a huge fan of napping.)

 7. Typical bedtime?

Good question. Any time after midnight.

8.  Bed attire?

Pajama bottoms and a t-shirt (either incredible Hulk shirt or some other superhero).

9.  Scariest place you’ve ever been? 

I lived in Ciudad del Este Paraguay for a year.  It’s on the border of Brazil and Argentina.  It had its scary moments.

10. Nicest place you’ve ever been?

Ariel de Cabo, an area right above Rio de Jenario.

11. How many languages do you speak? 

One – English.  But I can also hold conversations in Spanish, Portuguese and Mandarin.

12. Say something in Mandarin?  

Wo de mingze Li Xiao Lung.

13. What did you just say? 

My name is Bruce Lee.

14. Favorite sci-fi weapon? 

Lightsaber

15. Coolest career moment?  

First published book in my hands and the first time I was awarded the MVP for Exchange.

16. Favorite third party bolt-on solution for Exchange on-prem or online? 

Mimecast (look around!)

17. Facebook or Twitter?

Twitter. I don’t do Facebook.

18. Top 3 security threats you worry about?

Spear phishing, Ransomware, Impersonation wire transfer hoaxes. 

19. Coolest party game? 

Binary Code Conversion.  It’s where you take decimal numbers and convert them to binary and vice versa.  How’s that for geeky?

20. Favorite superhero?

Marvel- the Hulk. But if you’re talking about DC- Superman.

21. Coolest tech person you’ve met? 

(Take out iPhone and show picture of Steve Wozniak)  Steve Wozniak.

22. If you could go to Mars would you do it? 

Absolutely not… have you seen the Martian?  Yeah… no thanks.

23. What’s your favorite color?

Silver

24. Least favorite color?

Teal

25. Favorite tech gadget you can’t get enough of?

The Halolens.

26. Favorite comedian?

Kevin James

27. How would you describe the last election?

Well… I’m neutral but I did hear someone call it a Kobiyashi Maru… and that was funny.

28. Favorite number?

42

29. What’s your favorite part of Office 365?

Exchange Online

30. What’s your least favorite part of Office 365?

Yammer

 (Hey, I heard someone you knew made something here, what and where is it? – enter Parson’s Green)

31. Who built this table?

John Dickey, the owner of the Timberguys.  Really awesome stuff.

32. Favorite part of the Mimecast space?

This table in the Parson’s Green room. Believe it or not, the wood came from a boat that was owned by Louis Boxer.

33. How do you know him?

We went to school together.

34. How would you describe yourself?

Two words:  driven and passionate

35. Who makes you laugh?

My wife.

36. What’s keeping you busy these days?

A lot of traveling, talking about cyber resilience and risk mitigation. Specifically with Office 365. With the many threats that are facing the world, you need something on the front end of Office 365 to help provide mitigation and that resiliency. Speaking about here in the states, UK, and Canada.

37. What is a great enhancement a company can assist with, a third party bolt-on enhancement?

Mimecast is one. The enhancements that Mimecast can assist with is really amazing. It’s not just a siloed solution, Mimecast was developed in the cloud, not ported into the cloud. And, they hit upon security, archiving, continuity. Hitting on all things 0365, which really hits on everything you would need to be successful. Mimecast is the only solution I have found that can do that.

38. What’s something you can’t do?

Sing.

39. What do you like best about Mimecast?

Well as a solution, Mimecast is something that provides a full blanket of resiliency. Mimecast is security, archiving, continuity. It protects you from the bad guys, and if something goes wrong it’s the continuity that keeps you up and running. The fact that you can continue to be up and running no matter what is something that Mimecast can give you.

40. What’s the best gift you’ve received?

My two children.  A boy who’s 9 and a girl who’s 6.

41. Dogs or cats?

Dogs, I’m allergic to cats.

 42. Last question, what’s the best part about being a Mimecaster?

The best part is the people, the people at Mimecast they work hard, are very diligent. They are committed to providing cyber resiliency to their customers. I think it’s fantastic. But hands down, it’s the people that make Mimecast.

Stay tuned for a new 42 questions coming up in February. Where you’ll get to know Mimecast a little bit better.

 

 

FILED IN