Okta + Mimecast

Reduce risk and improve organizational control with integrated cloud platforms

Mimecast and Okta provide an integrated solution to improve detection, stop threats, and increase organizational controls. By integrating Mimecast with Okta, security teams can leverage advanced tools to contain and remediate attacks.

The Challenge

Threats exploit social engineering and often target individuals via email

Supply chain compromise accounts for the majority of system intrusion incidents 

Most organizations lack the controls required to detect and remediate attacks originating inside of their organization

The Solution

Detect and follow attackers as they switch credentials or devices

Understand how your organization has been targeted and what attacks have been blocked to enhance protection at the email perimeter and harden user credentials

Improve your organization’s response to data leakage detections by augmenting email security with identity-based actions

Protect assets and users from phishing and other security threats

How Okta + Mimecast Work Together

The integration offers a comprehensive solution to help secure access to cloud applications like Office365, G Suite, and the entire IT environment. Mimecast identifies at-risk users through zero-day attacks and phishing links targeted towards customers and supply chain partners coupled with Data Leak Prevention (DLP) incidents. Okta protects users and their access to resources through centralized access policies across cloud and on-prem apps and services, with Single Sign-On (SSO) and Multi-Factor Authentication (MFA) as critical security controls.

Through the identification of malicious content and DLP violations, automated responses aligned with the organization's risk posture and security policies are enforced. The actions available range from enforcing password resets, applying selective MFA to compromised users or applications, and ultimately locking user access. Leveraging identity, endpoint, application, email, and other tools, the integration helps shift organizations to identity-centric security by providing a comprehensive view of the threat landscape. This equates to less time resolving and recovering from incidents, freeing up analysts to focus on other cybersecurity challenges and stay ahead of the next attack. 

A Layered Security Defense 

This is how Mimecast drives automated tasks within Okta after a threat is detected: 

  1. Internal sender triggers a detection by sending an outbound email containing:
    • Phishing links
    • Malware
    • Sensitive data
  2. Mimecast communicates with the Okta APIs to determine the user ID from the email sender
  3. Mimecast adds the user ID to the specified Okta groups within the integration
  4. Now that Okta has an understanding of the potentially compromised user, an appropriate control can be applied e.g. locking the user account, terminating application sessions or forcing user password reset
  5. Notifications are sent to the nominated administrators and/or groups

Okta + Mimecast Use Cases

  • User Lockout: Control compromised users’ access to sensitive applications for compromised users
  • Prevent Logon: Stop users from accessing sensitive applications
  • Enforced Password Reset: Align with company password policy best practices and direct users to corporate policy pages with instructions on creating quality passwords
  • Selective MFA: Apply heightened security policies to attacked users, instead of the entire organization
  • Application-Based MFA: Apply heightened security policies to compromised users for sensitive applications
  • Just-in-Time Information: Assign compromised users to a bookmark application, e.g. emails, blogs, or bulletin boards, reminding users of best practices and company policies