Mimecast + D3 Smart SOAR
Automated Response to Email Security Threats
Mimecast’s cloud-based Secure Email Gateway protects organizations and employees using any cloud or on-premises email platform. D3’s integration with Mimecast connects advanced email security capabilities to automation-powered analysis and response.
Benefits and Capabilities
D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We have closely studied Mimecast to produce a powerful integration that enables you to:
- Ingest Mimecast alerts and detailed information on suspicious emails into Smart SOAR for analysis and response
- Enrich Mimecast alerts with contextual information, including threat intelligence and correlations across previous incidents
- Update policies, manage groups, and block senders
- Trigger automated playbooks to orchestrate rapid response across other tools
Use CAse
Phishing Alert Enrichment and Response
When a suspicious email is detected by Mimecast, the alert is escalated to Smart SOAR and triggers a phishing playbook, which extracts all the elements of the email, including any attachments, URLs, and the sender’s domain. All those elements are then checked against integrated threat intelligence tools as well as past incidents to identify known malicious IOCs. If the incident is confirmed as a genuine threat, Smart SOAR can orchestrate a response through Mimecast and the rest of the security infrastructure, such as searching for the malicious file hash across other inboxes, blocking the sender, and retrieving any related emails that might be part of the same campaign.
- Detonated attachments in an integrated sandbox.
- Aggregate related alerts into a single incident for efficient investigation and response
- Quickly identify and eliminate genuine threats while spending less time on false positives
Use Case
Event-Level Automation
With so many alerts in the typical environment, security teams need a way to filter out the noise without missing dangerous alerts. Analysts don’t have time to investigate every alert, so meaningful incidents are left in the queue while endless false positives take up all the time. By running all events from Mimecast and other detection tools through Smart SOAR’s Event Pipeline, security teams can automate data normalization, threat triage, and dismissal of benign events—eliminating up to 98% of events and keeping analysts focused on real threats. For email alerts ingested from Mimecast, this will include artifact extraction and correlation, de-duplication, threat intelligence enrichment, and assignment to the appropriate analyst if necessary.
- Completely automate triage without wasting analysts’ time
- Ensure full coverage, no matter how many alerts you handle
- Trigger automated playbooks to resolve genuine threats
Why Smart SOAR?
Joint users of Mimecast and D3 Smart SOAR don’t just get automated phishing response and event-level automation, they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Mimecast Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
