Email Security

    WildFire-Mimecast Integration Can Raise Enterprise Cyber Resilience

    Integration with WildFire from Palo Alto Networks gives Mimecast users a new level of protection.

    by Mike Azzara
    gettyimages-1141538020.png

    Key Points

    • Whether turnkey or customized, integration with WildFire delivers another level of threat intelligence.
    • Critical insights and diagnosis of novel attacks are essential skills needed to protect businesses today.
    • Integration also means sharing important security data with partners to improve defenses.

    Contrary to the old proverb, what you don't know can hurt you. Especially when it comes to cybersecurity. So while understanding that email is the primary way hackers attack businesses is essential, it's critical to deploy a multilayered cyber defense, which is why the latest integration announcement between Mimecast and Palo Alto Networks' WildFire is so important.

    In addition to the daily attempts to breach company systems through known phishing and ransomware attacks, hackers are relentlessly creative. Indeed, cybercriminals continue to find and exploit new vulnerabilities in existing software — unbeknownst to their developers — to generate zero-day attacks before patches can be issued. In fact, according to Google's Project Zero, there were no less than 24 major zero-day attacks last year that allowed entry to systems around the world.[1]

    WildFire Email Integration Helps Build Layered Defense

    Once a system has been breached, stealing data and deploying backdoors like Asnarok or launching ransomware like Ragnarok on infected hosts becomes a very real danger. In the face of such threats, it's clear that no one vendor can provide everything needed to build the best possible cybersecurity arsenal. So while secure email gateways can identify suspicious activity and shunt aside potential threats, getting additional support from a global security system can also be critical. Palo Alto Networks’ WildFire provides optimized malware detection, with cloud-based analysis, inline machine learning-based prevention, and globally crowdsourced intelligence to better protect your organization    

    It's that defensive posture against new threats that's critical. It's not about known keyloggers and malware, it's about the threats individual companies may not have seen yet. WildFire has access to real-time threat intelligence across an extensive and varied user base, from which it is able to deploy cloud-based analysis and threat prevention capabilities and then diagnose zero-day threats before they get to users' systems.

    Off-the-Shelf Integration Minimizes Risk & Complexity

    The latest integration builds on Mimecast's open application programming interfaces (APIs) that already allow companies to create best-of-breed, multilayered defensive systems based on over 60 out-of-the box and custom integrations. These include a diverse set of security technology partners, ranging from ServiceNow to Splunk. By coordinating information and addressing threats at different levels, these integrations give enterprises greater insight into the threats they face while at the same time reducing the level of complexity they have to deal with in order to minimize risk and improve detection and response.

    Moreover, the WildFire integration builds on an established relationship between Mimecast and Palo Alto Networks. For example, companies have already deployed systems that integrate Mimecast email security with Palo Alto Networks’ Cortex Data Lake in order to identify and block compromised email users. To support use cases with security orchestration, automation and response, Mimecast works with Palo Alto's Cortex XSOAR.

    "The integration with WildFire reinforces the multilayered approach and a secondary sandbox where Palo Alto Networks can look for possible threats," says Jules Martin, Vice President of Ecosystem and Alliances at Mimecast.

    Configuring WildFire-Mimecast Integrations

    Making the integration with WildFire easy to manage for users has been a primary focus for Mimecast. Current users can quickly set parameters for what information they want pushed to WildFire and determine what they want to happen when malicious attachments or links are detected. Reports can be automatically generated, for example, and if Mimecast missed a possible threat it can be instructed to then automatically remove it from a user’s mailbox or first notify the user and then push the removal button.

    "It's half a dozen steps, and you've configured it," notes Joseph Tibbetts, Senior Director, Tech Alliances and API at Mimecast.

    Conversely, businesses can customize such integrations to whatever degree they require. Larger enterprises often want to leverage extensive investments they've already made in their own software tools and systems. In such cases, Mimecast's APIs can be used to work with a company's own specialized tools and software. It's about making security as efficient as possible so that companies will actually deploy these services, which can be critical to protecting the bottom line.

    Future Enhancements for Mimecast WildFire Integration

    While the biggest attack vector continues to be email, which accounts for 92% of malware coming into companies,[2] it's nonetheless important to share prevention data with every other part of an organization. So while the first integration enables downloading threat information from WildFire, Mimecast will soon be able to automatically upload its own threat and intrusion data to WildFire — which means any new threats Mimecast discovers will be shared with WildFire customers. That level of security information sharing and coordination can keep companies better protected by stopping such threats at multiple levels, from firewalls to endpoint and cloud security to intrusion detection programs.

    Mimecast plans to automate the threat data sharing, as well. That will improve efficiency and threat response time, and means that the company’s existing base of 40,000 customers who use its secure email gateway will be able to contribute to even greater security across their organizations.

    "Through our APIs we already have hundreds of enterprise customers using this integration," says Mimecast's Martin. "It's not a choice anymore, it's become a necessity."

    The Bottom Line

    Threat information sharing between Mimecast’s secure email gateways and Palo Alto Networks’ WildFire cloud-based analysis and malware assessment environment can help any enterprise boost cyber resiliency. Off-the-shelf integration makes that sharing relatively fast and easy to deploy for most organizations, while extensibility through Mimecast’s open APIs enables customization for those organizations that need it.

    [1]Déjà vu-lnerability,” Google

    [2]2020 Cyber Security Statistics: The Ultimate List Of Stats, Data & Trends,” PurpleSec

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top