Case Study: Mimecast

February 1, 2021

With Capsule8, Mimecast is able to strengthen their security posture and meet critical compliance standards.

Industry: Technology

Company Size: 1,700 + employees worldwide

Challenges: Lack of deep visibility and strict compliance requirements

Key Benefits:  Enhanced visibility, capability to respond in a systematic way to potentially malicious behavior, controls to meet compliance certifications

As a leading email security and cyber resilience company, there are thousands of organizations that trust Mimecast to increase their cyber resilience preparedness, streamline compliance, reduce IT complexity and keep their business running. For Dayo Adetoye, director of security architecture and engineering, visibility and effective attack detection were critical components of their defense-in-depth strategy and crucial for maintaining key compliance standards. We had a chance to sit down with Dayo to learn more about how his team is using Capsule8 to address some of the complex security and compliance needs. 

When the Mimecast team set out to strengthen their defense-in-depth strategy, they were looking for a comprehensive host-based intrusion detection and response system that was capable of providing deep visibility into what is happening within their environment and enabled them to respond in a systematic way to potentially malicious behavior. According to Adetoye, “On top of the list of capabilities that we desired was a practical application allow-listing technology that didn’t require hiring additional heads to configure and maintain in order for it to be effective.” 

 

“Capsule8 provides us with a powerful set of fundamental building blocks for hardening our security posture through its standard detection and custom detection capabilities that we can write. Additionally, Capsule8 offers us capabilities for automated response which we could integrate with our SIEM and SOAR technologies.

 

There were a number of important considerations that Adetoye and his team made when evaluating and selecting a technology to help, including the ability to be effective in detecting real attacks and be non-trivially bypassable, meaning it features a robust tamper-resistance technology. In addition to a focus on selecting a technology that generated low false positives, they were looking for a solution that fit well within their existing strategy.

 

“We needed a product that was easily configured, maintained and adaptable to our environment. We were looking for low operational overhead in terms of resources it consumes, to avoid significantly increasing cost-to-serve as we deploy across thousands of servers.”

 

“We needed a product that was easily configured, maintained and adaptable to our environment. We were looking for low operational overhead in terms of resources it consumes, to avoid significantly increasing cost-to-serve as we deploy across thousands of servers.” 

According to Adetoye, Capsule8 Protect met most of their requirements during the proof of concept and outperformed the alternatives that they considered in all the categories. 

“Capsule8 provides us with a powerful set of fundamental building blocks for hardening our security posture through its standard detection and custom detection capabilities that we can write. Additionally, Capsule8 offers us capabilities for automated response which we could integrate with our SIEM and SOAR technologies.”

With the constantly changing compliance requirements, the technology they chose also had to help Mimecast continue to maintain their various certifications. 

“We have a number of compliance requirements and certifications such as ISO 27001/22301/27018, SOC2 Type II, HIPAA/HITECH and IRAP, that we adhere to and we are on the journey towards FedRAMP Ready status. Capsule8 has played an important role in providing some of the controls that are necessary as we progressed towards achieving some of those certifications.”

Since deploying Capsule8 Protect, Mimecast has seen promising results in attack detection and has plans for integrating Capsule8 further into their security strategy. 

“Our internal offensive security team also tested a couple of attacks which show some promise in how we could use Capsule8 for defending our platform and for hardening our security attack detection and response posture.”

To learn more about how Capsule8 can help address your compliance needs, check out capsule8.com/compliance or request a demo today!

Hear more from Dayo during his appearance on the CISO/Security Vendor Relationship Podcast, “Security Is Suffering From DevOps FOMO” where hosts David Spark and Mike Johnson chat with him about how to include security in DevOps without disrupting operations.