Mimecast Buys Segasec To Safeguard Against Credential Harvesting

The technology of early stage cybersecurity startup Segasec is engineered to actively monitor, manage, block and take down phishing scams or impersonation attempts on the web.


Mimecast has purchased early stage cybersecurity startup Segasec to help customers better defend against attacks that leverage fake websites and domains for credential harvesting.

The Lexington, Mass.-based email security vendor said its acquisition of Tel Aviv, Israel-based Segasec will extend protection beyond the perimeter to safeguard against brand exploits used to steal money and data. Mimecast said Segasec’s technology is engineered to actively monitor, manage, block and take down phishing scams or impersonation attempts on the web.

Attackers are increasingly using an organization’s brand and identity to attack customers, partners and supply chains, but organizations have struggled to get visibility into the use of their brand or online presence for nefarious means, according to Dan Sloshberg, senior director of product strategy for Mimecast.

Sponsored post

[Related: Mimecast Buys Email Security Firm DMARC Analyzer To Block Spoofing]

Segasec will help Mimecast customers discover and stop attacks that might only be going after third parties in their supply chain such as customers of a bank, Sloshberg said. Segasec had been a Mimecast partner and customers have praised the company for its ability to find online compromises quickly, according to Sloshberg.

Segasec’s experienced analysts work with hosting providers around the globe to request the takedown of illegitimate spoofing websites, and can also block specific domains or URLs on the Mimecast platform to prevent the targeting of employees, Sloshberg said.

“There’s demonstrated demand for this capability,” Sloshberg told CRN.” We see this as a super-exciting opportunity to go to market with a solution and a trusted vendor that has significant differentiation.”

Terms of the deal were not disclosed, and Mimecast’s stock remains unchanged at $44.79 per share in pre-market trading Monday. Segasec was founded in 2017 and has raised $5 million in outside funding, according to the company’s LinkedIn page. All of Segasec’s roughly 25 employees will be joining Mimecast as part of the acquisition, according to the company.

“Segasec will allow our customers to take a proactive approach to identifying—and even potentially preventing—attacks that imitate their brands using domains they don’t own, while also offering the visibility required to understand how their brands are being misused for malicious intent,” Mimecast CEO Peter Bauer said in a statement.

The combination of Mimecast and Segasec will help customers better protect their employees, brands, customers and other external stakeholders, according to Segasec co-founder and CEO Elad Schulman.

“In today’s increasingly digital economy, we rely so heavily on websites and email to interact with businesses in both our professional and personal lives,” Schulman said in a statement. “As such, brand exploitation has been on the rise, as cybercriminals co-opt the brands we depend on and violate our trust.”

The acquisition of Segasec will allow Mimecast to provide brand exploit protection using machine learning to identify potential hackers at the earliest stages of an attack, the company said. Segasec provides a comprehensive approach to digital risk protection while also enriching Mimecast’s core perimeter defense systems with intelligence gained from analysis of threats in the wild.

Integrating Segasec with Mimecast’s email and web security services is expected to help Mimecast customers block any potentially malicious domains quickly, the company said. The Segasec offering can help uncover live attacks as well as detect upcoming ones at the earliest possible stages with machine learning as well as targeted scans that can identify unknown attack patterns, according to the company.

Segasec’s rapid takedown capabilities also serve to limit the use of stolen data in active attacks, Mimecast said. By marrying Mimecast and Segasec’s capabilities, employees, customers, partners and third-party vendors will be better protected against phishing scams attempting to trick them by abusing domains that are like their legitimate branding, according to the company.

The joint offering can also identify and protect against attacks where cybercriminals have cloned a website for malicious activities, Mimecast said. Plus the combined tool will be able to block and take down suspicious sites as well as active scams, according to the company.

This is Mimecast's sixth acquisition since being founded 17 years ago, according to Crunchbase. The company kicked things off in November 2016 with its purchase of Costa Mesa, Calif.-based email and internet security provider iSheriff.

Then in July 2018, Mimecast unveiled two acquisitions, buying Bethesda, Md.-based cybersecurity training startup Ataata to help customers mitigate risk and reduce employee security errors, as well as security software developer Solebit for $88 million to boost its protection capabilities against advanced cyberattacks, zero-day threats and malware.

In January 2019, Mimecast purchased data migration technology provider Simply Migrate to help customers and prospects move to the cloud more quickly, reliably and inexpensively. And in November 2019, Mimecast acquired Hilversum, Netherlands-based DMARC Analyzer to reduce the time, effort and cost associated with stopping domain spoofing attacks.