Subscribe for our Newsletter

In order to comply with privacy regulations in the European Union we’ll need you to provide consent before confirming you to our email list:

I consent to receive newsletter emails about our content and services.

We’ll send you occasional emails about new episodes, blogposts, partnerships and they might contain promotional content.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Netskope Mimecast Integration

June 8, 2021

Protecting the data of an organization is a complex task. Data is the crown jewel of any organization which the adversaries continuously seek to put their hands on. Data is threatened both by external attackers and internal threats. Sometimes the threats are malicious, and in many cases, they are accidental. Both these cases have to be addressed by modern enterprise security departments.

Today, we will show you the new data leakage prevention (DLP) integration between two security solutions, Netskope and Mimecast, which enables security administrators to apply tight security controls to the outbound emails easily, and to stop multiple data exfiltration threats.

Data Leak Prevention has been a topic of interest of many companies.. Existing endpoint DLP was always resource intensive on the workstation and often disrupted the end user’s work. With the shift to the cloud, we have many other ways to detect insider threats and prevent the bad guys from exfiltrating sensitive data such as PII, CC, and PHI outside the organization's perimeter.

Netskope redefines the inspections providing multiple security controls helping the user to define and implement hardened policies that are managed from one central location. Netskope DLP is already doing a fantastic job with SaaS applications, inline Secure Web Gateway (SWG) inspection and HTTP-based protocols. However, many customers have to face the challenge of gaining control when it comes to email protocols, such as SMTP and getting the same level of DLP.

By enabling Netskope and Mimecast integration, users can now define one DLP policy for HTTP-based protocols and email, configuring it from a central place. Users also have one source of truth for email, web, and SaaS apps DLP-related alerts.

Netskope and Mimecast integration allows administrators to choose one of two routes. With the first route, email first goes through DLP inspection by Netskope using the existing Netskope policy, marked with the corresponding threat score, and then forwarded to Mimecast for additional email security inspections before being sent to the recipient or returned to the sender in case of violation.

With the second route, email is sent to Mimecast first, inspected for email security there and is then forwarded to Netskope for DLP policy inspection and marking. This flexibility allows administrators to choose the path most appropriate to their organization.

Netskope provides 99.999% SLA service to their customers, which with appropriate timeouts, retries and fallback mechanisms configured on both Netskope and Mimecast systems enables administrators to assure email delivery securely without interruptions.    

In the demo, we observe that an email that violated DLP policy has been rejected with the detailed explanatory message for the rejection reasoning. The configuration of the integration is straightforward, and you will see that there is no significant delay introduced in sending the email out to the recipient; the entire inspection flow takes around 20 to 30 seconds which is not significant for the vast majority of the organization’s emails.

During the demo you will also see how Netskope email DLP really shines in regard to their OCR capabilities. Netskope is capable of detecting DLP violation events based on image attachments of screenshot with PII data that was included in the sent email. In the demo, Netskope DLP immediately identified the incident, and the email bounced back with the warning and corresponding alert that appeared on the Netskope dashboard.

In order to enable the functionality, Netskope customers will need to add additional licenses. However, we have also seen the new CTI capabilities for IOC sharing between Netskope, Mimecast, and Crowdstrike, and these are included for any Netskope tenant as complementary features.

Netskope is working on extending the partnership with many other technology partners for the IOC exchange and email DLP capabilities.

Michael KoyfmanLaunch PadSeason 1Season 2Season 3
Michael Koyfman
Head of Global Solution Architecture
Michael Koyfman is the Head of Global Solution Architecture at Netskope. He and his team advise Netskope customers on best practices around Netskope deployments and integrating Netskope solutions within customer environment by leveraging integration with customer technology ecosystem. Michael also actively participates in helping drive and adopt new Netskope products, such as Netskope Private Access and Next-Generation Secure Web Gateway within Netskope customer base. Prior to Netskope, Michael spent almost 13 years at F5 Networks as Senior Global Solution Architect, where he was focused on the entire portfolio of F5 security products, and has been a key contributor to implementation, strategy, and evolution of F5 security solutions and portfolio. Michael helped architect, develop, and demonstrate various unique solutions and integration with various technology and players such as Microsoft, Citrix, Vmware, Okta, Ping, IBM, CrowdStrike, AWS, Azure.
FacebookYouTubeTwitterLinkedIn