State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Lexington, MA – March 5, 2019 – Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today announced the Mimecast Threat Center, a group of hands-on, cybersecurity experts focused on providing threat intelligence that helps organizations convert threat information into value for the business. Led by Joshua Douglas, the newly hired Vice President of Threat Intelligence, the Threat Center will leverage email, web and anonymized user data to offer threat intelligence insights to security professionals to manage today’s evolving threats. In addition, the Threat Center today announced a new bug that chains to unfixed exploits and bypasses security systems to gain control of compromised systems.
The mission of the Threat Center is to provide customers with actionable insight that can be used to better manage and prioritize today’s evolving threats. The Threat Center will produce a wide variety of reports including threat research on vulnerabilities, analysis on targeted malware, deeper insights on targeted threats hitting specific industries and quarterly Email Security Risk Assessments (ESRAs).
Mimecast blocks more than one billion unwanted emails every working day – these include spam, phishing, directory harvest attacks, and malware emails ranging from nuisance to extremely dangerous emails, offering the team a unique view of threat landscape from email-based attacks. As part of the Threat Center, Douglas will be responsible for overseeing Mimecast Labs, the operational security and threat intelligence teams. The threat intelligence that the team provides is gleaned from the analysis of billions of emails and web traffic across global data grids, which provides insights on targeted attacks and other malware embedded in documents and URLs. This information is shared to inform organizations and the cybersecurity ecosystem on emerging tactics, techniques
Today, the Mimecast Threat Center unveiled threat analysis about a new bug discovered within Microsoft Word, which chains itself to another vulnerability to achieve advanced stealth capabilities. This bug was found in Microsoft Office, which incorrectly handles integer overflow and is used to bypass security systems and fool parsers to deliver remote code that can take complete control over a compromised machine. Just last month, Mimecast Research Labs discovered another Microsoft Office vulnerability, CVE-2019-0560, which affected millions of documents created under vulnerable versions of Microsoft Office, potentially leaking sensitive data unwillingly. Mimecast’s threat detection engines are designed to identify exploitation techniques, and we continuously research attack techniques and methodologies whether used in the wild or not to help our customers and the greater cybersecurity ecosystem.
“Threat intelligence insight helps our customers focus their efforts and their resources on the right threats at the right time,” said Douglas. “A successful strategy helps reduce both
In a recent e-book on threat intelligence from the Cyber Resilience Think Tank, Stephen Ward, chief information security officer at a Fortune 50 company stated, “Threat intelligence tends to produce a lot of data alerts that are irrelevant, and as a result, bog down operations teams and create exhaustion. We’re still talking about bad URLs and hashes – those days are over. We should be focusing on the entire story of how something is done.”
More information on this new vulnerability can be found on Mimecast’s Cyber Resilience Insights blog.
Attending RSAC? Come to Mimecast’s booth 935 in Moscone South to learn more about actionable intelligence from Joshua Douglas.
Mimecast is a cybersecurity provider that helps thousands of organizations worldwide make email safer, restore trust and bolster cyber resilience. Mimecast’s expanded cloud suite enables organizations to implement a comprehensive cyber resilience strategy. From email and web security, archive
Disclaimer: Press releases are provided for historical purposes only. The information contained in each is accurate only as of the date the press release was originally issued.