Application Security

10/2/2018
04:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Mimecast Announces Web Security

75% Of Organizations Lack Complete Confidence That Their Security Defenses Will Stop Targeted Spear-Phishing With Malicious Web Links

IP Expo, London – Mimecast Limited today announced the general availability its new web security service. The cloud-based service is designed to guard against malicious activity initiated by user action or malware while blocking access to websites deemed unsafe or inappropriate based on each organization’s policies.

Mimecast Web Security is engineered to be managed with the same administration console that customers use to manage Mimecast's existing email services. This offers an easy-to-deploy and manage defense against advanced phishing and malware attacks being delivered to employees by both email, web, instant messaging systems, social network sites, and ad networks.

During the early adopter program, customers around the world tested the service which is now immediately available globally.

Jamie Fernandes, director of product management for web security at Mimecast, said: "Commonalities between email and web threat intelligence and detective analytics help improve the security defenses against both vectors whether used by attackers separately or together. The new web security service is designed to allow customers to broaden and improve their protection from attacks occurring via email and the web, using a single integrated service. We're excited about our ability to significantly expand our customers’ defense systems by extending the power of our Mime|OS threat detection technologies and the global grid powered by 30,000+ customers we’re protecting around the globe."

Vanson Bourne research* found 32% of organizations were not confident that their employees could spot and defend against malware or ransomware attacks via direct web downloads. Only 25% were completely confident their security defenses would stop targeted spear-phishing with malicious links.

Ascend Learning, a network of K-12 public charter schools serving 4,800 students in 12 schools across Brooklyn, were a member of the customer early adopter program. Emeka Ibekweh, managing director of technology at Ascend, commented: "It’s critical to our primary educational objectives that our staff and students are protected from malicious email attacks and web sites or inappropriate web content."

Scott Crawford, research director of Information Security, 451 Research, commented: "Organizations often struggle to enforce security for two of the most common attack vectors: email and the web. Many security professionals seek to consolidate and use integrated cloud services that make management and operation simpler and more effective. Mimecast's move to expand outside of its core email focus mirrors the growing need for a more integrated defense to combat advanced attacks."

The combined cyber resilience offering is also supported by the Mimecast Security Operations Center (MSOC) team and is enriched with all the global threat intelligence, analytics, and infrastructure that supports Mimecast’s current services.   

Mimecast's CEO, Peter Bauer, added: "We can now protect our customers with a more complete threat detection offering that will work the way organizations do—anytime and anywhere, doing business through the email and web at global scale. Our homegrown research and development into the high-growth web security market is designed to apply our recent acquisitions of Solebit for advanced malware detection and Ataata for a new approach to employee risk scoring, training and awareness. Together, these strategic investments are helping us move toward our vision of providing an integrated super-category of cyber resilience solutions from a global, cloud-based service."

The service is available for a free 30-day trial for existing Mimecast customers.

*Research was conducted in March 2018 by Vanson Bourne on behalf of Mimecast. Respondents were IT decision makers at 800 organizations around the world with more than 250 employees.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
2018 Was Second-Most Active Year for Data Breaches
Jai Vijayan, Freelance writer,  2/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8948
PUBLISHED: 2019-02-20
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
CVE-2019-8950
PUBLISHED: 2019-02-20
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
CVE-2019-8942
PUBLISHED: 2019-02-20
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image c...
CVE-2019-8943
PUBLISHED: 2019-02-20
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...
CVE-2019-8944
PUBLISHED: 2019-02-20
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.