Mimecast CEO Unveils Vision for Future of Email Security at Cyber Resilience Summit in Dallas
Bauer further explained that the future of email security is comprised of three distinct zones, alongside an API-led approach, that organizations need to recognize:
Zone 1 – Perimeter
The email security perimeter is focused on keeping users and data safe by protecting email against spam and viruses, malware and impersonation attempts, and data leaks. Organizations need global visibility that offers rapid detection of sophisticated threats to protect their entire customer, partner and vendor ecosystem.
Zone 2 – Inside the Perimeter
Compromised users whose accounts are being taken advantage of, lateral movement using credential harvesting links, social engineering and employee errors are threats and risks that manifest inside the perimeter. Organizations should combine security inspections of internal and outbound email traffic with capabilities to build a stronger human firewall through dynamic user awareness training and testing programs. They also need rapid remediation capabilities to extract threats and shut down access to compromised accounts. This will help to ensure that an organization’s internal network, made up of people and machines, is robust and capable of defending itself when attacks occur.
Zone 3 – Beyond the Email Perimeter – Pervasiveness
Organizations need the ability to protect their brands and domains from being explicitly spoofed or hijacked to defraud customers and partners. This requires the ability to implement DMARC efficiently as well as to hunt for and take action against threats where attackers present themselves fraudulently to an organization's customers or partners using deception and impersonation.
Beyond the Zones: API-driven Security Ecosystem Integration
To move from perimeter to pervasive email security requires an extensible architecture that allows organizations to fully integrate the value of the telemetry and intelligence gathered through observing email attacks with their existing technologies such as SOARs, SIEMs, endpoints, firewalls and broader threat intelligence platforms. An API-driven approach further helps deliver pervasive security throughout all zones. This allows organizations to make their teams and other security investments even more effective.
“The expanded attack surface, the proliferation of security vendors and the monetization of attacks have all increased the complexity of an organization’s security infrastructure. When you consider the cyber security skills gap that most organizations face today, the threat of business disruption due to a cyber incident is certainly on the rise,” said
“Addressing complexity is as much of a priority as increasing security. Adding new solutions to your security stack to help thwart new attacks may be counter-intuitive if those solutions don’t connect with each other. There’s power in platform-based solutions that can give organizations the visibility they need to help reduce risk and build a stronger proactive cyber resilience posture,” added Bauer.
In addition, Mimecast also announced it has engaged in strategic partnerships with DMARC Analyzer and Segasec to offer brand protection against threats outside the perimeter. Combining
These new technology partnerships in combination with Mimecast’s Cyber Resilience platform offers organizations full end-to-end detection and take down capabilities when a malicious actor conducts impersonation activities against an organization. Additionally, customers benefit from integrated, unparalleled visibility into inbound threats as well as those that exist beyond their visibility, helping to restore trust.
Source: Mimecast Limited