Improve Threat Detection and Response with SIEM Integration

Email is a catch 22. It’s the number one business communication tool and the number one cyberattack vector. As the lifeblood that keeps business running, it must be protected against increasingly more sophisticated, motivated and determined attackers.

In the 2018 Mimecast State of Email Security Report, respondents cited a 56% increase in phishing attacks over the last year, and nearly 60% expected their organization to suffer a negative business impact because of an email-borne attack in 2018.

So, what can be done? A defense-only approach can only go so far. A cyber resilience strategy, which goes beyond a preventative approach to include adaptability to new threats, durability during an attack and an effective recovery plan is essential.

Detection and visibility is a key part of a resilience plan, and organizations are increasingly using SIEM (security information and event management) solutions to help consolidate and prioritize security alerts coming from various security systems across the business. This helps ensure action can be taken more quickly and with more certainty.

Why tie email security and SIEM together?

Top reasons why email security data should be brought into SIEM platforms include:

• There’s a growing need for inter-connected systems to help improve threat intelligence, detection and response. SIEM is the #1 use case for the Mimecast API.
• As the #1 attack vector, it’s critical to correlate email security data against data from other sources like endpoint, network and web.
• Greater visibility and centralised response reduces risk - e.g. a malicious domain detected in email can be blocked at the endpoint and firewall, and vice versa.

Mimecast now has out-of-the-box integrations with three of the four SIEM leaders as per the latest Gartner Magic Quadrant – Splunk, LogRhythm and now IBM QRadar.

Mimecast for IBM QRadar

Announced last week, Mimecast for IBM QRadar uses the Mimecast data logging API to correlate email data against multiple other data sources and conduct behavioural analysis that allows joint customers to better predict and prioritize what vulnerabilities to remediate. Improved threat visibility and highly focussed alerts help security practitioners act faster to avoid or limit the impact of an attack.

Without an integrated strategy, organizations can end up with siloed security products that make it virtually impossible to get the visibility needed to make rapid and informed decisions. Mimecast integrations with IBM QRadar, Splunk and LogRhythm give joint customers a single console view to help better understand and improve their overall security posture.

Get the new Mimecast for QRadar application through the IBM Security App Exchange. Information and access to all SIEM integrations is available through the Mimecast developer portal. From here you can also access the documentation needed to build integrations into other SIEM tools and other systems you may use.