3 Cybersecurity Integration Use Cases
 

In Mimecast’s State of Email Security 2022 (SOES) survey, four out of five security professionals expressed their preference for operating in an integrated cybersecurity environment to prevent data loss and other damage to their businesses. What does that look like? A new white paper from Mimecast and its partners provides three increasingly common use cases. 

First, the Case for Integration

Companies face a complex set of challenges as they fend off the growing volume, variety, and sophistication of today’s cyberattacks, namely:

• Explosive growth in the volume of data they must manage.
• Proliferation of apps and cloud services.
• Numerous, diverse devices on- and off-site.
• Increasing regulatory compliance obligations.
• Rising customer concerns about privacy.
• Tight budgets and staffs.

With this dynamic mix, security professionals need a coherent, comprehensive set of automated defense mechanisms working across their networks and beyond to prevent, detect, investigate, and respond to relentless cyberattacks. And they need to act faster than ever, as cyberattackers continue to innovate and expand their arsenal of exploits.

The case for integrated security controls rests on its ability to share the timeliest threat intelligence across all security systems, to cut back on repeating manual tasks from one system to the next, and to draw on machine learning and analytics tools for network-wide decision-making. 

Specifically, effective integration enables automated processes to extend from the email gateway and security service edge (SSE) to security information and event management/extended detection and response (SIEM/XDR) systems, and back. It helps security teams leverage their security controls as a unified whole, sharing and fully benefiting from rich logging (including apps and cloud services), metadata, indicators of compromise, malicious URLs, user activity, data movement, and advanced artificial intelligence/machine learning analytics, including individualized user risk scoring, in near real time. 

How Vendors Are Rising to the Integration Challenge

New partnerships are forming all the time among security system vendors, based on allowing their solutions to integrate via open APIs and, in many cases, providing those integrations together, as off-the-shelf offerings. Mimecast has played a leading role in driving API integration with dozens of partners in the market.

Most recently, Mimecast has teamed with Netskope and Rapid7 to offer end-to-end security and data loss prevention that far exceeds aging, siloed approaches in the strength of protection, speed of investigation, and effectiveness of remediation. The joint offering is designed for speed of deployment, with out-of-the-box, wizard-driven visual configurations that don’t require scripting or programming.

These kinds of capabilities address what Mimecast’s SOES survey showed to be the top five benefits security professionals hope to derive from API integrations:

• More streamlined IT security environment.
• Improved detection of threats.
• Faster threat remediation.
• Improved threat intelligence.
• Ability to automate certain tasks.

Learning from 3 Integration Use Cases

To bring the concept of integration to life, here are three real-world applications:

Blocking malicious websites: Decisions to block suspicious websites are made all day, every day, in many companies, but they’re not made in a vacuum. An incorrect blocking decision can inconvenience employees and customers. But failure to block a truly malicious URL — and to do so quickly — can lead to an all-too-common scenario: An employee clicks on the link, visits the site, compromises their device or shares credentials, and ultimately enables attackers to exfiltrate their company’s business data or plant ransomware. Prebuilt integrations from the Mimecast-Netskope-Rapid7 partnership facilitate decision-making and help automate the chosen course of action. Broadly speaking, they streamline otherwise time-consuming investigations and responses that often require multiple consoles, separate data sources, and many points of enforcement. Explore this use case further.

Confirming suspicious user activity: Various employee activities can trigger suspicious activity alerts, such as user logins from unexpected locations, numerous file downloads or violations of mailbox forwarding rules that could indicate data theft, or other employee behavior that diverges widely from that person’s normal routine. An integrated approach to assessing such activity and the appropriate response can draw upon machine learning models that score user risk and data sensitivity, for example. A security team member is simply presented with a policy choice, suggesting controls like user quarantines or limits to app usage. Explore this use case further.

Containing malicious activity: Email is the most common point of entry during a cyberattack, but the problem doesn’t stop there. If a malicious email (inevitably) gets through, cyberattackers can “land and expand” because of the implicit trust employees have for internal emails. Working together, the integrated technologies of Mimecast, Netskope, and Rapid7 improve the speed of response in these circumstances and improve security teams’ related decisions by providing contextual information on users, data assets, and indicators of compromise. Explore this use case further.

The Bottom Line

Security professionals are moving toward integrating their security systems to regain control in the face of persistent business risks and cyberthreats. There’s a growing consensus that integration can accelerate prevention, detection, investigation, and response to cyberattacks. Learn more in our white paper, The Rapid7-Mimecast-Netskope Triple Play: A Better Way to Protect Data, Everywhere.