Email-management provider Mimecast has confirmed that a network intrusion used to spy on its customers was conducted by the same advanced hackers responsible for the SolarWinds supply chain attack.
17 hours ago Mimecast Email Security 3.0 is designed to help security professionals achieve a new and more comprehensive form of protection by providing security controls in. Mimecast Frequently Asked Questions Why are we moving to Mimecast for email security?. Mimecast is an industry leader in email security and filtering, so we have partnered with them to enhance the state’s security posture. This transition will also remove the NoClick solution so you will be able to access legitimate links directly. Personal Portal - Mimecast. Mimecast Service Status. All Services Are Operating Normally. Updated a few seconds ago. Updated a few seconds ago. North American Grid. Operational United Kingdom Grid. South African Grid. Australian Grid.
The hackers, which US intelligence agencies have said likely have Russian origins, used a backdoored update for SolarWinds Orion software to target a small number of Mimecast customers. Exploiting the Sunburst malware sneaked into the update, the attackers first gained access to part of the Mimecast production-grid environment. They then accessed a Mimecast-issued certificate that some customers use to authenticate various Microsoft 365 Exchange web services.
Tapping Microsoft 365 connections
Working with Microsoft, which first discovered the breach and reported it to Mimecast, company investigators found that the threat actors then used the certificate to “connect to a low single-digit number of our mutual customers’ M365 tenants from non-Mimecast IP address ranges.”
The hackers also accessed email addresses, contact information, and “encrypted and/or hashed and salted credentials.” A limited number of source code repositories were also downloaded, but Mimecast said there’s no evidence of modifications or impact on company products. The company went on to say that there is no evidence that the hackers accessed email or archive content Mimecast holds on behalf of its customers.
In a post published Tuesday, Mimecast officials wrote:
While the evidence showed that this certificate was used to target only the small number of customers, we quickly formulated a plan to mitigate potential risk for all customers who used the certificate. We made a new certificate connection available and advised these customers and relevant supporting partners, via email, in-app notifications, and outbound calls, to take the precautionary step of switching to the new connection. Our public blog post provided visibility surrounding this stage of the incident.
Mimecast Login
We coordinated with Microsoft to confirm that there was no further unauthorized use of the compromised Mimecast certificate and worked with our customers and partners to migrate to the new certificate connection. Once a majority of our customers had implemented the new certificate connection, Microsoft disabled the compromised certificate at our request.
Advertisement The chosen few
The SolarWinds supply chain attack came to light in December. Attackers carried it out by infecting the Austin, Texas company’s software build and distribution system and using it to push out an update that was downloaded and installed by 18,000 SolarWinds customers.
Mimecast was one of a small number of those customers who received follow-on malware that allowed the attackers to burrow deeper into infected networks to access specific content of interest. White House officials have said that at least nine federal agencies and 100 private companies were hit in the attack, which went undetected for months.
Certificate compromises allow hackers to read and modify encrypted data as it travels over the Internet. For that to happen, a hacker must first gain the ability to monitor the connection going into and out of a target’s network. Typically, certificate compromises require access to highly fortified storage devices that store private encryption keys. That access usually requires deep-level hacking or insider access.
Underscoring how surgical the supply-chain attack was, Mimecast was among the small percentage of SolarWinds customers who received a follow-on attack. In turn, of the several thousand Mimecast customers believed to have used the compromised certificate, fewer than 10 were actually targeted. Limiting the number of targets receiving follow-on malware and launching the attacks from services located in the US were two of the ways the hackers kept their operation from being discovered.
When Mimecast first disclosed the certificate compromise in January, the similarities with parts of the SolarWinds attack generated speculation the two events were connected. Tuesday’s Mimecast post is the first formal confirmation of that connection.
Review
Snapshot
Mimecast blocks malware, spam and zero-day attacks.
Who it's for
Enterprise organizations that need strong, reliable protection from spam with an integrated archiving solution.
What is Mimecast?
Mimecast is one of the largest global email cyber security vendors. They have a large suite of cloud based security applications to protect organizations from email and web based security threats. Their Email Security product is aimed at enterprise level customers. It utilizes multiple detection engines to provide protection from phishing, malware, spam and zero day attacks. This platform is a Secure Email Gateway, meaning it blocks potentially dangerous emails before they enter your network.
What is Mimecast?
Mimecast is one of the largest global email cyber security vendors. They have a large suite of cloud based security applications to protect organizations from email and web based security threats. Their Email Security product is aimed at enterprise level customers. It utilizes multiple detection engines to provide protection from phishing, malware, spam and zero day attacks. This platform is a Secure Email Gateway, meaning it blocks potentially dangerous emails before they enter your network.
Top alternatives
(2 Reviews)
(15 Reviews)
(7 Reviews)
Profile Mimecast
| Category | Email Security |
| Website | mimecast.com |
| Founded | 2003 |
| Headquartered | Boston, MA, US |
| Deployment | Cloud, MX Record Redirection |
| Starting Price | S1 = $4.00 user / month, M3R = $6.65 user / month, M3RA = $9.00 user / month |
| Suitable For | Enterprise |
Mimecast Features
- Impersonation Protection blocks phishing attempts and spam
- Popular email service, with high levels of customer satisfaction
- High – level threat protection features including attachment sandboxing and URL protection
- Large threat database monitoring billions of emails ensures that threat protection is up to date
- Robust spam filtering, with guaranteed 99% spam rate detection
- Comprehensive real time reports over your email network, including all inbound and outbound traffic
- Self-service tools for end users, such as allowing them to block senders
- Fully featured but easy to administer service, offering a web based dashboard from which all policies are managed
- Email Continuity available if the email network goes down, with 100% service availability SLA
- Includes an Email Archiving option, as well as secure messaging and large file sending
Mimecast North America
Resources
Expert Insight
Mimecast offers a market leading Email Security platform. This platform works as a secure gateway, meaning that it blocks threats before they enter an email network. This is a very robust service, which offers a range of advanced features that will help businesses to secure themselves against email threats. This is platform offers strong protection against malware, spam and zero-day attacks. It offers real time malware defence and attachment sandboxing. Spam filtering is strong, with Mimecast offering an SLA on 99% of spam blocked. Mimecast offers a range of logs to give you real time visibility over your email network. With this platform administrators have fine-grade control over all levels of email security. End users also get controls to block senders, helping to reduce the burden on IT. Email Archiving, and Continuity and Large File Sending can be purchased as add-ons.
This platform is very popular among customers, with high levels of customer satisfaction and retention. The service is expensive and so is more suitable for larger enterprises who need the strongest level of email protection. However, the adage of ‘you get what you pay for’ rings true with Mimecast Email Security, as it is one of the strongest, fully featured email security platforms available. Organizations with a big security budget, looking for the strongest protection they can get, should consider this service.
User Reviews
Network Support Specialist
Existing Customer
Legal, 100-250 employees
Used the product for: 2+ years
May 09, 2019
'Excellent Service All Round'
What did you like best when using this solution?This platform has great functionality for end users, helping them to do a lot themselves that previously we would need to do for them. It's extremely easy to use and monitor email traffic. It's a very fast service and the archiving is extremely useful. We have barely recieved any spam since implementing this service.
Mimecast For Outlook
What did you dislike about using this solution?The system is feature rich and is complex to learn, but all platforms are and this is well worth it.
Describe your overall experience with Mimecast. Did you find this product solved your business needs?Mimecast is a great solution. It's helped us with email security, archiving and compliance. It does a great job of keeping spam out and it's easy to manage once you learn everything. The end user Outlook plugin is very helpful and easy for end users to use.
Quality & Project Manager
MSP
MSP, 100-250 employees
Used the product for: 2+ years
Oct 10, 2019
'Not the cheapest, but easily the best I've used'
What did you like best when using this solution?It does exactly what you think it will do and want it to do - stop email based threats and junk. Onboarding is great too, a phased approach where Mimecast check what you've done to ensure all is well before you move on to the next stage.
What did you dislike about using this solution?The admin console could be easier to navigate, however once you're used to where things live it's fine.
Describe your overall experience with Mimecast. Did you find this product solved your business needs?Yes, it stopped unwanted email, without too many false positives.
Mimecast Email Login
Top alternatives
(2 Reviews)
(15 Reviews)
(7 Reviews)
Profile Mimecast
Mimecast Admin Login
| Category | Email Security |
| Website | mimecast.com |
| Founded | 2003 |
| Headquartered | Boston, MA, US |
| Deployment | Cloud, MX Record Redirection |
| Starting Price | S1 = $4.00 user / month, M3R = $6.65 user / month, M3RA = $9.00 user / month |
| Suitable For | Enterprise |