Email Security

    Cybersecurity Mesh and the Evolution of Integration

    Gartner coined the term “cybersecurity mesh” to describe an integrated security approach that protects distributed assets. Is it right for you? Learn how it works. 

    by Devin Hamilton

    Key Points

    • Cybersecurity mesh architecture protects individual assets in a network and establishes a layer of security that connects all of the tools used across the system. 
    • According to Gartner, it’s a common-sense approach for enterprises that rely on more complex infrastructures and face more complex attacks. 
    • The cybersecurity mesh provides a common structure for integrating multiple tools from multiple vendors into a cohesive defense posture. 


    “Cybersecurity mesh” has become a new information security buzzword. Gartner coined the term in 2021 to describe a security approach that it says could lessen the financial impact of cyber breaches by 90% in the next two years.[1] 

    Cybersecurity mesh architecture (CSMA) is a framework that adapts security protections to each asset in an organization’s network, based on the risk and functions of each asset. A central layer sits between the business’s users and its assets — on-premises applications, web-based apps, and devices — that connects separate security tools, including those for access policies, identity management, and threat intelligence. According to Gartner, CSMA helps companies build a more flexible and resilient security posture that is more suitable for their complex environments.

    A cybersecurity mesh is the foundation of a zero-trust environment in which users are continuously verified as they move between assets based on the risk and value specific to that asset. The mesh enables user verification at each access attempt, checking and validating that access privileges are connected to a particular identity. Behavioral analytics also play a role to make sure users match their established behavior patterns, while threat analysis checks against emerging cybercrime tactics and actors. 

    Why Set Up a Cybersecurity Mesh?

    Gartner proposes CSMA as a common-sense security approach for modern enterprises, which typically have complex network infrastructures and face constantly evolving threats. It addresses three dynamics that traditional security doesn’t cover:

    • Attackers travel. As Gartner’s analysts pointed out, “Users, devices, applications and data have left the traditional office and data center,” so traditional security based on building firewalls around servers and trusting the users who can log in is obsolete. Indeed, Verizon noted in its latest annual data breach report that a common tactic among cybercriminals is to steal weak credentials, then use them to breach systems and move across the network to high-value targets.[2] 
    • Fragmented security is weak. “Attackers don’t think in silos,” according to Gartner, yet many organizations still defend their assets in a fragmented way, with security tools that are specific to a vendor or silo within the organization. At a time when hackers are increasingly exploiting supply chain attacks that rely on moving across a network, defenders need to look beyond the perimeter and, instead, at the big picture. 
    • Enterprise networks are increasingly complex. Nine out of 10 companies are using multicloud infrastructure, and more continue to mix legacy on-premises servers with public and private clouds to get work done.[3] Likewise, these organizations need to be able to mix and match best-in-class tools — their own and those provided by cloud vendors — to protect workflows. 

    The way to maintain security when assets and users can be anywhere is to rely on a trusted identity that moves with the user and can be checked at every access attempt. The cybersecurity mesh integrates all of the different solutions used by providing an organizing layer guided by the enterprise’s access policies.

    How to Weave a Cybersecurity Mesh

    Organizations are increasingly automating more security processes to help tackle growing operational complexity amid short-staffed teams. Many challenges can be handled with a security orchestration, automation, and response (SOAR) platform. A SOAR streamlines the combination of manual and automated security processes, both internal and from different vendors, to relieve the load on security staff. The tech automates security tasks, such as threat analysis and incident response, and frees up security analysts to pursue emerging threats and other, more proactive functions. 

    But structures like SOAR and its older sibling, security information and event management (SIEM), require an integrated framework to be effective. CSMA enables a modular approach that combines four layers of security infrastructure in one stack: 

    • Analytics: Gathers all of the data collected by the network tools, analyzes it and prompts security responses, such as multifactor authentication or other methods of identity verification.  
    • Identity: Connects functions such as decentralized identity management and entitlement management to validate an identity beyond just a user name or password. 
    • Policy: Translates the organization’s access policy for the configuration of individual security tools. 
    • Dashboards: Consolidates reports to provide an integrated view of security so staff can respond faster and more effectively to alerts. 

    Cybersecurity Mesh Best Practices

    There is no overstating the importance of security integration. For Mimecast’s part, in the wake of increased cyberattacks on healthcare during the COVID-19 pandemic, the company announced partnerships with Okta, Netskope and CrowdStrike that combines solutions from each into a “Quad Play” that works as a cybersecurity mesh layer for the industry.

    A few best practices can help in the transition to CSMA: 

    • When picking security tools, prioritize those that work well with others and save some budget for integrating them into a mesh. Choose solutions from vendors that have opened their policy frameworks, so access policies can be governed outside of their tools. 
    • Focus on vendors that have a track record of compliance with new and evolving security standards for identity and data protection.  
    • Secure buy-in from your organization and reset priorities for ongoing and future projects so they align with CSMA.  
    • Transition practices to adapt to zero-trust architecture, such as switching VPNs to zero-trust access using an identity access management (IAM) tool. Improve identity authentication to reduce friction by using adaptive access tailored for each asset and user.  

    The Bottom Line 

    Cybersecurity mesh architecture is a logical approach for organizations that need to tighten their security despite complexity in their own operations. CSMA can integrate best-in-class solutions to better secure workflows by connecting across silos and vendors. Read more about how Mimecast can help your cybersecurity mesh.



    [1]Top Strategic Technology Trends for 2022: Cybersecurity Mesh,” Gartner

    [2]2022 Data Breach Investigations Report, Verizon

    [3]Cloud Computing Trends: Flexera 2022 State of the Cloud Report,” Flexera  


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top