Mimecast for Splunk

Cyberattacks can come from many different vectors, but they most commonly arrive via email. By using email to conduct phishing, business email compromise (BEC) attacks, brand impersonation and more, attackers leverage an organization’s weakest security link — its people — to wreak havoc. As a result, email is the No. 1 attack vector for security teams to secure. By integrating Mimecast with Splunk, security teams can leverage advanced threat detection, enhanced investigation, and faster response to increase their overall level of protection through proactive actions that identify at-risk users and devices. Together, the platforms share high-fidelity indicators to help analysts quickly and accurately identify the root cause of an attack and remediate the threat. This helps security teams ward against initial infection and lateral spread that can lead to downtime, ransom demands, lost data, and stolen passwords. Splunk can ingest Mimecast logs, along with other security tools, to obtain complete visibility across environments. Out-of-the-box detection templates created by Mimecast’s team of security experts based on known threats, common attack vectors and suspicious activity reduce detection times to make analysts aware of a threat the moment it occurs. Mimecast regional threat intelligence data can power analytics to generate actionable alerts and incidents, allowing security teams to easily investigate and triage incidents based on the severity and status of detected threats. Additionally, Mimecast provides a Splunk SOAR application as well as a comprehensive Application Programming Interface (API) to make it easy for the platform to be integrated with Splunk’s leading security orchestration, automation, and response (SOAR) for efficient, automated response actions. Installation Guide: https://community.mimecast.com/s/article/api-and-integration-mimecast-for-splunk