Okta + Mimecast

Mimecast and Okta provide an integrated solution to improve detection, stop threats, and increase organizational controls. By integrating Mimecast with Okta, security teams can leverage advanced tools to contain and remediate attacks.

Threats exploit social engineering and often target individuals via email

Supply chain compromise accounts for the majority of system intrusion incidents

Most organizations lack the controls required to detect and remediate attacks originating inside of their organization

Detect and follow attackers as they switch credentials or devices

Understand how your organization has been targeted and what attacks have been blocked to enhance protection at the email perimeter and harden user credentials

Improve your organization’s response to data leakage detections by augmenting email security with identity-based actions

Protect assets and users from phishing and other security threats

How Okta + Mimecast Work Together

The integration offers a comprehensive solution to help secure access to cloud applications like Office365, G Suite, and the entire IT environment. Mimecast identifies at-risk users through zero-day attacks and phishing links targeted towards customers and supply chain partners coupled with Data Leak Prevention (DLP) incidents. Okta protects users and their access to resources through centralized access policies across cloud and on-prem apps and services, with Single Sign-On (SSO) and Multi-Factor Authentication (MFA) as critical security controls.

Through the identification of malicious content and DLP violations, automated responses aligned with the organization's risk posture and security policies are enforced. The actions available range from enforcing password resets, applying selective MFA to compromised users or applications, and ultimately locking user access. Leveraging identity, endpoint, application, email, and other tools, the integration helps shift organizations to identity-centric security by providing a comprehensive view of the threat landscape. This equates to less time resolving and recovering from incidents, freeing up analysts to focus on other cybersecurity challenges and stay ahead of the next attack.

A Layered Security Defense

This is how Mimecast drives automated tasks within Okta after a threat is detected:

Internal sender triggers a detection by sending an outbound email containing:
- Phishing links
- Malware
- Sensitive data
Mimecast communicates with the Okta APIs to determine the user ID from the email sender
Mimecast adds the user ID to the specified Okta groups within the integration
Now that Okta has an understanding of the potentially compromised user, an appropriate control can be applied e.g. locking the user account, terminating application sessions or forcing user password reset
Notifications are sent to the nominated administrators and/or groups

Okta + Mimecast Use Cases

User Lockout: Control compromised users’ access to sensitive applications for compromised users
Prevent Logon: Stop users from accessing sensitive applications
Enforced Password Reset: Align with company password policy best practices and direct users to corporate policy pages with instructions on creating quality passwords
Selective MFA: Apply heightened security policies to attacked users, instead of the entire organization
Application-Based MFA: Apply heightened security policies to compromised users for sensitive applications
Just-in-Time Information: Assign compromised users to a bookmark application, e.g. emails, blogs, or bulletin boards, reminding users of best practices and company policies

Solution Brief

Reduce risk and improve organisational control with integrated cloud platforms

Learn more

Solution Brief

Reduce risk and improve organizational control