Just like there is no one way to catch a thief, there is no one way to catch malware. There are just so many ways to build, compile, pack, and otherwise obfuscate files to get past specific detection techniques. This is why the Mimecast email security service uses many analytic techniques, including multiple AV engines, file type blocks, static file analysis, and behavioral sandboxing, as well as multiple threat intelligence sources, to separate good files from malicious ones. And of course, users need their emails and good files without delay! You can read all about how we do this in our cloud security service in this technical paper.
In addition, there are multiple delivery vehicles for malware, which is why many security systems, whether they operate on email, the web, the network, in a cloud service, or on the endpoint, need sophisticated malware detection capabilities to be effective.
This brings me to our recently announced acquisition of the anti-malware specialist Solebit. If you are an existing customer of Mimecast and use Targeted Threat Protect (TTP) – Attachment Protect, you are benefiting from Solebit’s technology today! Approximately six months ago, we added Solebit’s static file analysis malware detection software to our email security inspection funnel in our global datacenters, and, as expected, saw a marked increase in performance and detection efficacy with average processing times in TTP Attachment Protect dropping from 44 to 23 seconds. A “two-for” benefit. Rarely does security performance and efficacy improve together, as they are typically in conflict with each other. But this is not true with Solebit.
Mimecast plans to further utilize this technology to differentiate in other product areas. Solebit helps differentiate Mimecast today via its efficacy (stops more advanced threats) and speed of detection (much faster than traditional methods – like sandboxing). Owning the company allows Mimecast to further innovate in the security detection area. We believe this technology is critical to helping our customers become more cyber resilient.
With one purchase, we get access to dozens of security experts and open up a new development office in the security engineering hot spot of Herzliya, Israel in one transaction.
On the technology side, the purchase of Solebit provides Mimecast with even more malware detection capabilities as we enter into security spaces beyond Secure Email Gateways (notably, our recent public disclosure of our early adopter program and entry into the web security cloud services market). Given that both email and the web - often working together - are used to deliver and operate malware, such as ransomware and trojans, owning and continuing to develop key anti-malware technology will be key to the continued success of the Mimecast offerings, both current and future.
So now you know. With the acquisition of Solebit, Mimecast takes another major step toward delivering on our vision of providing a “super category” of cyber resilience solutions from a global, cloud-based service.