Integration with WildFire from Palo Alto Networks Gives Mimecast Users a New Level of Protection.

Key Points:

  • Whether turnkey or customized, integration with WildFire delivers another level of threat intelligence.
  • Critical insights and diagnosis of novel attacks are essential skills needed to protect businesses today.
  • Integration also means sharing important security data with partners to improve defenses.

Contrary to the old proverb, what you don't know can hurt you. Especially when it comes to cybersecurity. So while understanding that email is the primary way hackers attack businesses is essential, it's critical to deploy a multilayered cyber defense, which is why the latest integration announcement between Mimecast and Palo Alto Networks' WildFire is so important.

In addition to the daily attempts to breach company systems through known phishing and ransomware attacks, hackers are relentlessly creative. Indeed, cybercriminals continue to find and exploit new vulnerabilities in existing software — unbeknownst to their developers — to generate zero-day attacks before patches can be issued. In fact, according to Google's Project Zero, there were no less than 24 major zero-day attacks last year that allowed entry to systems around the world.[1]

WildFire Email Integration Helps Build Layered Defense

Once a system has been breached, stealing data and deploying backdoors like Asnarok or launching ransomware like Ragnarok on infected hosts becomes a very real danger. In the face of such threats, it's clear that no one vendor can provide everything needed to build the best possible cybersecurity arsenal. So while secure email gateways can identify suspicious activity and shunt aside potential threats, getting additional support from a global security system can also be critical. Palo Alto Networks’ WildFire provides optimized malware detection, with cloud-based analysis, inline machine learning-based prevention, and globally crowdsourced intelligence to better protect your organization    

It's that defensive posture against new threats that's critical. It's not about known keyloggers and malware, it's about the threats individual companies may not have seen yet. WildFire has access to real-time threat intelligence across an extensive and varied user base, from which it is able to deploy cloud-based analysis and threat prevention capabilities and then diagnose zero-day threats before they get to users' systems.

Off-the-Shelf Integration Minimizes Risk & Complexity

The latest integration builds on Mimecast's open application programming interfaces (APIs) that already allow companies to create best-of-breed, multilayered defensive systems based on over 60 out-of-the box and custom integrations. These include a diverse set of security technology partners, ranging from ServiceNow to Splunk. By coordinating information and addressing threats at different levels, these integrations give enterprises greater insight into the threats they face while at the same time reducing the level of complexity they have to deal with in order to minimize risk and improve detection and response.

Moreover, the WildFire integration builds on an established relationship between Mimecast and Palo Alto Networks. For example, companies have already deployed systems that integrate Mimecast email security with Palo Alto Networks’ Cortex Data Lake in order to identify and block compromised email users. To support use cases with security orchestration, automation and response, Mimecast works with Palo Alto's Cortex XSOAR.

"The integration with WildFire reinforces the multilayered approach and a secondary sandbox where Palo Alto Networks can look for possible threats," says Jules Martin, Vice President of Ecosystem and Alliances at Mimecast.

Configuring WildFire-Mimecast Integrations

Making the integration with WildFire easy to manage for users has been a primary focus for Mimecast. Current users can quickly set parameters for what information they want pushed to WildFire and determine what they want to happen when malicious attachments or links are detected. Reports can be automatically generated, for example, and if Mimecast missed a possible threat it can be instructed to then automatically remove it from a user’s mailbox or first notify the user and then push the removal button.

"It's half a dozen steps, and you've configured it," notes Joseph Tibbetts, Senior Director, Tech Alliances and API at Mimecast.

Conversely, businesses can customize such integrations to whatever degree they require. Larger enterprises often want to leverage extensive investments they've already made in their own software tools and systems. In such cases, Mimecast's APIs can be used to work with a company's own specialized tools and software. It's about making security as efficient as possible so that companies will actually deploy these services, which can be critical to protecting the bottom line.

Future Enhancements for Mimecast WildFire Integration

While the biggest attack vector continues to be email, which accounts for 92% of malware coming into companies,[2] it's nonetheless important to share prevention data with every other part of an organization. So while the first integration enables downloading threat information from WildFire, Mimecast will soon be able to automatically upload its own threat and intrusion data to WildFire — which means any new threats Mimecast discovers will be shared with WildFire customers. That level of security information sharing and coordination can keep companies better protected by stopping such threats at multiple levels, from firewalls to endpoint and cloud security to intrusion detection programs.

Mimecast plans to automate the threat data sharing, as well. That will improve efficiency and threat response time, and means that the company’s existing base of 40,000 customers who use its secure email gateway will be able to contribute to even greater security across their organizations.

"Through our APIs we already have hundreds of enterprise customers using this integration," says Mimecast's Martin. "It's not a choice anymore, it's become a necessity."

The Bottom Line

Threat information sharing between Mimecast’s secure email gateways and Palo Alto Networks’ WildFire cloud-based analysis and malware assessment environment can help any enterprise boost cyber resiliency. Off-the-shelf integration makes that sharing relatively fast and easy to deploy for most organizations, while extensibility through Mimecast’s open APIs enables customization for those organizations that need it.

[1]Déjà vu-lnerability,” Google

[2]2020 Cyber Security Statistics: The Ultimate List Of Stats, Data & Trends,” PurpleSec

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Global Ransomware Surge Claims U.S. Oil Pipeline Victim

Nearly half the U.S. East Coast petroleu…

Nearly half the U.S. East Coast petroleum supply is disrupte… Read More >

Mike Azzara

by Mike Azzara

Contributing Writer

Posted May 10, 2021

Cyber Resilience Strategies Prove Their Worth

Companies that have implemented cyber re…

Companies that have implemented cyber resilience strategies … Read More >

Karen Lynch

by Karen Lynch

Contributing Writer

Posted May 04, 2021

5 Types of Phishing Attacks to Watch For

Phishing comes in many forms, as fraudst…

Phishing comes in many forms, as fraudsters work across emai… Read More >

Mercedes Cardona

by Mercedes Cardona

Contributing Writer

Posted May 10, 2021