Crowdstrike-Mimecast Integration Boosts Enterprise Cybersecurity

Cyberattackers are no fools. They stay abreast of the latest business and technology changes and take advantage of any vulnerabilities those changes create — or expose. (Hello, remote work.) They also hedge their bets, mounting not just singular, focused attacks, but rather coordinated attacks through multiple channels that increase the odds of penetrating their targets.

At that point, it doesn’t matter how good your defensive security tools are; if they’re not responding with coordinated information, it’s not a matter of if but when, how many times, and to what extent your corporate network will be compromised. That’s why one of the key components of any business’ cyber resilience approach has to be strong integration among all the different cybersecurity systems and controls defending it against cyberattack.

Whether those threats come in the form of ransomware, business email compromise or some other kind of malware, they almost always start with an email phishing attack. That simple fact was a key driver leading to the integration announcement this week by Crowdstrike and Mimecast — more on which below.

“As we think about how threats have evolved, a layered approach to email and web security is key to keeping an organization protected from threats it can and can’t see,” said Peter Bauer, chief executive officer of Mimecast.

Such integration efforts can help better protect businesses from the kind of business email compromise attacks that caused $1.7 billion in cybercrime-related financial losses in the U.S. during 2019 — nearly four times as much as any other category of cybercrime and 37% higher than the previous year, according to the FBI.[1]   

Fighting Cyberattacks on Multiple Fronts

Today, most large organizations use a combination of security information and event management (SIEM) and security orchestration, automation and response (SOAR) to identify and respond to threats. SIEM systems log and aggregate data from multiple sources, while SOAR takes things a step further by triggering a remediation response.

However, SIEMs and SOARs are only as good as the information they have available. To succeed, they must seamlessly integrate with all of an organization’s security tools and infrastructure. This is no small feat when most large organizations average more than 75 different point security solutions, including web and email gateways, anti-malware services and intrusion detection and prevention systems. If even one of these systems does not effectively communicate, a breach could be missed, and the organization and its customers could be compromised. 

Open APIs Connect Security Systems

Open APIs allow disparate security tools to share threat intelligence and indicators of compromise (IoC) with each other as a unified suite. They offer standardized, supported ways to handle tasks such as authorization and authentication, accessing logs, listing users or messages, creating or populating groups, or executing policies. 

Open APIs enable automation (as in SOAR systems) and reduce the time it takes to respond to a threat. These and other benefits of open APIs protect the business directly but also indirectly —  by helping organizations close the growing security skills gap and enabling IT and security personnel to focus less on mundane tasks and more on strategic efforts. 

Not all open APIs are created alike, however. The best open APIs give developers proven sample code to start from, full documentation, dedicated staging environments to help developers test their integrations, and support from the team that built the API and the underlying security tool. Some vendors offer solutions that have been retrofitted for the cloud and weren’t designed with APIs and integration in mind. Other companies design their products for the cloud from the start, using a multitenant architecture based on microservices that can be easily and quickly exposed via APIs. 

CrowdStrike-Mimecast Integration Illustrates Impact of Open APIs

An important new example of the latter more streamlined approach is the new integration between Mimecast’s Secure Email Gateway and CrowdStrike’s Falcon endpoint protection platform. Through the sharing of intelligence from the secure email gateway to the endpoint, this direct integration based on an open API protects devices through CrowdStrike’s threat detection capabilities coupled with Mimecast’s detection of email-borne threats.

Within minutes of new malware being detected by Mimecast, all CrowdStrike-managed devices will be aware of the threat and inform security analysts of additional attempts to compromise an endpoint. This integration protects the organization by preventing incidents that could take hours, days or even longer to investigate and recover from — often at great financial and reputational cost. 

The Bottom Line

Email gateways are often the first system to detect threats, while endpoint security is the organization’s last line of defense. The integration — via cloud-native open APIs — of the Mimecast Secure Email Gateway and CrowdStrike Falcon endpoint protection platform covers and connects both ends of the spectrum. It reduces complexity, minimizes risk and decreases demands on already over-taxed and often under-skilled security teams.

[1] 2019 FBI Internet Crime Report, Federal Bureau of Investigation