In this article:
Use the Mimecast integration with SecurityScorecard to increase your visibility into email-based threats.
Meet Mimecast
Mimecast is a cloud-based, SaaS company that develops cyber-resilience solutions for email. Their Targeted Threat Protection (TTP) service protects organizations from email phishing, impersonation, and malware by live-scanning every email and replacing any external link, contact, or attachment with a safe link.
The Mimecast integration with SecurityScorecard leverages the TTP service to detect email-related incidents in your domain and provides a tally of these incidents in a private, informational signal:
Daily Number of Targeted Threat Protection (TTP) Incidents
Each finding for this signal represents the total number of times TTP triggered on a given day. An increased finding count over your organization’s baseline may indicate exposure to heightened phishing or malware activity or a targeted campaign.
This daily, informational signal appears with other issue types, but is only visible to the account of the SecurityScorecard user who installs the integration. It also has no impact on your Scorecard score.
What you need for the integration
Make sure you have the following before you start setting up the integration:
- A SecurityScorecard account
- A Mimecast administrative account or access to a Mimecast administrator
Set up the integration
Take the following steps integrate Mimecast with SecurityScorecard:
- Step 1: Prepare your Mimecast service account
- Step 2: Create a SecurityScorecard API integration
- Step 3: Add your Mimecast service account to Basic Administrator role
- Step 4: Add your Scorecard domain to Mimecast’s internal domain list
- Step 5: Install the Mimecast integration
Step 1: Prepare your Mimecast service account
- In Mimecast click the Directories tab, and select Internal Directories.
- In Internal Directories, select the domain where your service account will be created. Then click New Address.
- When you are redirected to a form for setting up your service account, create a password, provide any other necessary information, and click Save.
Step 2: Create a SecurityScorecard API integration
- In Mimecast, click the Services tab, and select API and Platform Integrations.
Note: Only Mimecast API 1.0 will work at this time. Do not use API 2.
- Click Application Integrations, and then click Add API Application.
- In the Details form, enter information as indicated in the following screenshot.
- Go to the Settings form, enter SecurityScorecard as the developer, and provide an email address.
Note: Wait 30 minutes before creating your keys in the next step.
- On the Summary page, click Create Keys.
- On the Account page, enter the email address for the account you created in Step 4.
- On the Authentication page enter the Mimecast service account password.
- On the Keys page, copy and safely store your keys, which you will need when you install the Mimecast integration in SecurityScorecard.
Step 3: Add your Mimecast service account to Basic Administrator role
- In Mimecast, click the Account tab, and select Roles.
- Select the Basic Administrator row.
- Click Add User to Role.
- When you are redirected to the next page, select your Mimecast service account, and confirm your selection.
Step 4: Add your Scorecard domain to Mimecast’s internal domain list
Follow Mimecast’s guidance for configuring internal domains and subdomains.
Step 5: Install the Mimecast integration
- Select Marketplace from the top menu in the SecurityScorecard platform.
- On the Marketplace page, start typing Mimecast in the search box and then select Mimecast to go to the installation page.
- View a description of the app, and click Install.
- When prompted, allow Mimecast to access your SecurityScorecard account.
- When prompted, enter your Mimecast bot integration keys and related information that you generated when creating your SecurityScorecard API integration.
The installation completes with a success message.
If the installation fails, do the following to troubleshoot and try again:
- Make sure the credentials and keys you entered were correct.
- Make sure you have added the domain of your Scorecard to the Mimecast internal domain list.
View Mimecast TTP signals in your Scorecard
Note: The integration generates new findings at a specific time each day, so you will see Mimecast signals within within 24 hours of completing the installation, if not immediately afterward.
- In the SecurityScorecard platform, click the Scorecard tab, and select the Information Leak factor. Any available Mimecast TTP signals appear in the Informational Signals section for that factor.
or
Click the Issues tab in the Scorecard. Any available Mimecast signal appears with their logo in the Informational rows of the table. - Click the signal to see a description of the signal and reference links for additional information or guidance.
- Scroll down to see the number of findings.
Learn more
See Mimecast's email threat protection page.
Give feedback or get help
If you need help, have questions, or would like to give feedback about this integration, submit a Support request.
Comments
0 comments
Please sign in to leave a comment.