Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is extremely high value for security operations teams, the Mimecast and Splunk integration provides security teams the data they need to identify incidents and attacks and inform how they need to respond, enhancing the benefits of the Splunk Enterprise investment and ultimately reducing the risk the organization faces.
For organizations concerned about cyber risk and struggling to attract and retain sufficient cybersecurity expertise and budget, Mimecast delivers a comprehensive, integrated solution that solves the #1 cybersecurity attack vector – email,
Mimecast’s Email Security 3.0 solution framework reduces the time, cost and complexity of achieving more complete cybersecurity, compliance and resilience through additional modules, all while connecting seamlessly with other security and technology investments to provide a coherent security architecture.
Installation Guide: https://community.mimecast.com/s/article/Mimecast-for-Splunk-Administrators-Guide-159829928
Email continues to be the most widely used attack vector. Data sourced from email activity and attacks is high value
Impersonation Protect Dashboard
The Impersonation Protect dashboard gives you an at-a-glance view of the types of phishing techniques targeting your organization and who is most at risk.
Attachment Protect Dashboard
Use the Attachment Protect Dashboard to view and investigate targeted malware attacks detected by Mimecast.
URL Protect Dashboard
Use the URL Protect Dashboard to gain insights into malicous or suspicious links clicked in emails.
Key Capabilities and Benefits
- Analyze logs from your Mimecast tenant in isolation using Splunk Enterprise's powerful search capability
- Correlate logs from your Mimecast tenant with data from other security systems to provide more context and actionable information
- Stay informed with out-of-the-box dashboards or by creating custom reports and alerts tailored to your organization's needs
- Track user activty and system changes in Mimecast and correlate this with data from other systems
- Leverage data to demonstrate regulatory compliance
- Mimecast logs event activity in real time. This includes email receipt, processing and delivery, and employees clicking on links within an email.
The events are then made available for integration into 3rd party systems via a REST API using industry standard JSON or pipe delimited, key-value pair formats.
- Log collection is achieved using modular inputs. For the greatest flexibility, each log type is separated into its own input, allowing you to choose what data you want to ingest.
- With modular inputs successfully configured, data is immediately ingested and indexed by Splunk Enterprise. Once indexed, data is searchable and displayed in the app's built in dashboards.
Mimecast Tech Connect
for the security operations team, enhancing the benefits of your Splunk Enterprise investment.
Correlate security events detected by Mimecast Targeted Threat Protection and the Secure Email Gateway with other security systems connected to Splunk Enterprise – helping security analysts detect incidents and attacks quickly and accurately.
High Value Data
Add high value email security data to Splunk Enterprise to help investigate and detect threats quickly and accuratley.