
Incydr
Email protection has reduced phishing incidents and provides clear visibility into mail flow
What is our primary use case?
I have been using Mimecast Insider Risk Management and Data Protection for five years.
My main use case for Mimecast Insider Risk Management and Data Protection is to trace phishing emails, block users, and create policies when necessary. We use Mimecast Insider Risk Management and Data Protection to manage our mail flow.
In a specific example of how I traced a phishing email using Mimecast Insider Risk Management and Data Protection, we have a sender address, and through that address, we enter it to see how many users received those emails. We check records including SPF, DKIM, and DMARC, along with the sender's IP address. If we find the IP address indicates that the sender is suspicious, we block the sender address to prevent future emails.
All aspects of my main use case with Mimecast Insider Risk Management and Data Protection function properly.
What is most valuable?
Mimecast Insider Risk Management and Data Protection offers several best features, including being a very user-friendly tool where we can easily create policies, add or remove users, and block sender addresses or links, making it very useful for email protection.
Integration is also easy with Mimecast Insider Risk Management and Data Protection, as we can easily implement this in our Outlook client to scan emails and protect our environment from phishing threats.
Mimecast Insider Risk Management and Data Protection has positively impacted my organization because we are using it in its full version. We receive notifications and reports if we encounter any issues. When users report emails, we can check whether they are legitimate or blocked and advise them not to accept suspicious emails, making it very useful for data protection.
What needs improvement?
Mimecast Insider Risk Management and Data Protection can be improved by enhancing policies and rules.
One improvement I would suggest is to create a dashboard where we can view all data, such as how many emails we receive and how many get blocked, rather than having to go through subfolders. A dashboard would allow us to easily check everything on one screen.
For how long have I used the solution?
I have been working in my current field for nine years.
How are customer service and support?
Mimecast Insider Risk Management and Data Protection's customer support was good overall, but sometimes we did not receive timely responses, needing to wait two to three days for updates.
Which solution did I use previously and why did I switch?
We did not use a different solution before Mimecast Insider Risk Management and Data Protection. We started with the default Microsoft setup and then implemented Mimecast Insider Risk Management and Data Protection.
Which other solutions did I evaluate?
I did not evaluate other options before choosing Mimecast Insider Risk Management and Data Protection.
What other advice do I have?
I recommend considering Mimecast Insider Risk Management and Data Protection, as it is a very useful and user-friendly tool to protect our Exchange environment.
I can share specific outcomes where we have noticed a reduction in phishing incidents. Many times, we receive phishing emails in our environment. If emails reach user mailboxes, users can report any suspicious emails they encounter. When they report, we get the notification, and as admins, we scan those emails and check all relevant details.
I would rate this product an 8 out of 10.
Advanced protection has secured email, stopped phishing, and prevented data leakage
What is our primary use case?
I have been using Mimecast Insider Risk Management and Data Protection for around two years for data protection and risk management. It is used for email security protection against phishing attacks, malware, ransomware, and data leakage to protect the organization's email security.
What is most valuable?
Mimecast Insider Risk Management and Data Protection filters malicious emails, protects attachments and URLs, maintains email continuity during outages, and archives email for compliance. It protects from malicious URLs, credential theft, phishing websites, and newly created malicious URLs while preventing harmful attachments. The solution scans attachments before delivery and detects ransomware, trojans, and zero-day malware. Additionally, it protects from impersonation attempts; if someone impersonates a business email, it stops CEO fraud and business email compromise. It effectively prevents sensitive information from leaving the organization.
The best features Mimecast Insider Risk Management and Data Protection offers are URL protection, attachment management, impersonation attempts protection, and blocking senders. As I work in email security, URL protection and blocking senders are the most valuable features, and we use them day-to-day in our business.
Mimecast Insider Risk Management and Data Protection stops phishing by combining SPF, DKIM, and DMARC validation with anti-spam, impersonation protection, URL protection, attachment sandboxing, and machine learning-based threat protection to identify and block phishing attempts.
I track messages, release quarantined emails, manage policies, and investigate phishing incidents through Mimecast Insider Risk Management and Data Protection, which protects our organization positively.
What needs improvement?
Mimecast Insider Risk Management and Data Protection already provides data loss prevention through content examination and email encryption; however, the insider risk management and data protection could be enhanced by adding more intelligent, behavior-based detection and integration with enterprise security tools.
I wish for better integration with SIEM and XDR, specifically improved integration with platforms such as Splunk, Microsoft Defender, and Sentinel.
Mimecast Insider Risk Management and Data Protection is already providing strong email security and data loss prevention capabilities, but the insider risk management could be enhanced by adding advanced user behavior and analytics, including AI-based risk scoring and more context-aware data loss prevention policies. Deeper integration with SIEM and XDR platforms would improve visibility across the security system, and with better data classification and adaptive security policies, it would help reduce false positives and prevent sensitive data from leaving the organization.
For how long have I used the solution?
I have been working in the cybersecurity domain for almost four years.
What do I think about the stability of the solution?
Mimecast Insider Risk Management and Data Protection is stable for our organization.
What do I think about the scalability of the solution?
Mimecast Insider Risk Management and Data Protection is delivered as a cloud-native SaaS architecture, so customers do not need to buy or maintain email security servers. As the organization grows, Mimecast scales its cloud resources to handle increased demand, providing easy user expansion and high email processing capacity.
How are customer service and support?
Mimecast Insider Risk Management and Data Protection provides technical support to help customers deploy, manage, and troubleshoot its email security services. Mimecast Insider Risk Management and Data Protection provides enterprise technical support through its support portal, phone, email, and an extensive knowledge base, so their support team assists with mail flow issues, email delivery, and policy management threat protection as well. Since it is a SaaS platform, software updates and security enhancements are managed by Mimecast, and I highly recommend Mimecast Insider Risk Management and Data Protection for email security.
Which solution did I use previously and why did I switch?
I did not previously use a different solution before Mimecast Insider Risk Management and Data Protection.
What was our ROI?
The main benefit is time saved; I am not sure about money saved, but it is definitely time saved.
Which other solutions did I evaluate?
Our client has chosen Proofpoint over Mimecast Insider Risk Management and Data Protection because they are highly recommended to the Proofpoint solution rather than Mimecast Insider Risk Management and Data Protection.
What other advice do I have?
Mimecast Insider Risk Management and Data Protection is using artificial intelligence and machine learning to improve email security by analyzing and identifying threats; for example, a new phishing email pretending to be from Microsoft 365 may be blocked because AI identified suspicious language and sender characteristics.
It can help detect phishing, business email compromise, spam, malicious URLs, and suspicious attachments by analyzing email content.
In the future, AI could further enhance Mimecast Insider Risk Management and Data Protection through advanced user behavior analytics and AI-assisted incident investigations. I provide this review with a rating of 8 out of 10.
Behavior correlation has improved insider risk detection and simplifies daily threat monitoring
What is our primary use case?
Mimecast Insider Risk Management and Data Protection serves as a risk management solution that monitors user activity signals across M365 services including email, SharePoint, OneDrive, Teams, and endpoint activity.
On a daily basis, I use Mimecast Insider Risk Management and Data Protection to monitor new risk threats, high severity cases, user flags, and level scores by checking the risk management dashboard. Currently, there are no primary use cases within my organization beyond this monitoring function.
What is most valuable?
Mimecast Insider Risk Management and Data Protection offers behavior correlation as one of its best features, which provides risk-based user profiling and rule-based triggers.
This functionality helps my team because it compiles signals from emails, Teams, SharePoint, and OneDrive endpoints more quickly. The solution connects multiple actions over time and builds a comprehensive risk picture of each user.
Mimecast Insider Risk Management and Data Protection has positively impacted my organization by enabling investigation of risk behavior and user behavior, reducing potential data leakages, improving awareness of sensitive data handling across users, strengthening compliance with internal policies and regulatory requirements, and streamlining incident investigation through centralized case management. Overall, it has enhanced my organization's ability to proactively identify insider threats while minimizing manual effort for the security and compliance team.
What needs improvement?
Improvements could be made through AI-based risk explanations to provide better guidance on necessary enhancements to the platform.
What other advice do I have?
I cannot provide specific metrics regarding the reduction of manual effort. Regarding Mimecast Insider Risk Management and Data Protection's AI capabilities, its governance capabilities are not as deep or unified as purpose-built insider risk platforms such as Microsoft Purview.
I have observed false positives because the solution is rule-based. My review rating for this solution is 9.
Email protection has reduced phishing and spam by enabling precise domain and user controls
What is our primary use case?
My main use case for Mimecast Insider Risk Management and Data Protection includes blacklisting the domain, privacy suppression, creating new groups, creating new rules, checking the domain, checking the conflict of the mails, and managing spam mails.
In my current organization, we receive a lot of spam mails and phishing mails, so we blacklist the domain name by going into Mimecast Insider Risk Management and Data Protection, accessing the privacy suppression feature, and adding that domain. Once we add that domain, it is blacklisted, and we will not receive any mails from that particular domain in our tenant.
Whenever unwanted mail is sent to our tenant, we receive a ticket to action, which involves going into Mimecast Insider Risk Management and Data Protection to blacklist the domain or add it to privacy suppression.
What is most valuable?
The best feature of Mimecast Insider Risk Management and Data Protection is that once I add the domains to be blacklisted or create an exclusion list or add domains in the privacy suppression, I never receive mails from similar domains, which safeguards our tenant effectively. Additionally, we can whitelist specific users from blacklisted domains, which is a great and helpful feature.
The flexibility of Mimecast Insider Risk Management and Data Protection helps my organization by ensuring we do not receive mails from unwanted domains that often carry fraudulent offers or phishing attempts, like those with fake domain names. If we have blacklisted a domain but need to receive mail from a particular user, we add that user's email ID to the allowed user list.
Mimecast Insider Risk Management and Data Protection handles incident response effectively by integrating with our ticketing system, allowing for timely action when unwanted mails are received. It integrates well with other security tools like CrowdStrike, SentinelOne, and Microsoft Defender, providing in-depth insights while safeguarding against unwanted and suspicious mails.
What needs improvement?
Everything in Mimecast Insider Risk Management and Data Protection is good, and nothing requires improvement. However, I would suggest adding features like AI and automation, as this application is used by various teams, and automating processes like blacklisting unwanted email domains could greatly benefit users and customers.
Mimecast Insider Risk Management and Data Protection should provide the flexibility to customize the application features based on the company's needs.
For how long have I used the solution?
I have been using Mimecast Insider Risk Management and Data Protection for four years.
What do I think about the stability of the solution?
Mimecast Insider Risk Management and Data Protection is stable.
What do I think about the scalability of the solution?
I would rate the scalability of Mimecast Insider Risk Management and Data Protection around 9.5, as it is highly scalable and widely used by many organizations, including large enterprises.
How are customer service and support?
The customer support for Mimecast Insider Risk Management and Data Protection is really good. I would rate the customer support a perfect 10.
Which solution did I use previously and why did I switch?
I have never used a different solution; we have always been with Mimecast Insider Risk Management and Data Protection. Before choosing Mimecast Insider Risk Management and Data Protection, we evaluated options such as Defender and Sophos, but found Mimecast Insider Risk Management and Data Protection to be the best.
How was the initial setup?
Integrating Mimecast Insider Risk Management and Data Protection with our existing systems was really easy and not difficult at all.
What was our ROI?
While I cannot quantify savings in money, Mimecast Insider Risk Management and Data Protection has significantly saved time and enhanced our environment's security from attacks and threats.
What's my experience with pricing, setup cost, and licensing?
I find the pricing, setup cost, and licensing of Mimecast Insider Risk Management and Data Protection to be reasonable; it is not overly high or low, given the quality of service and customer support provided.
What other advice do I have?
Mimecast Insider Risk Management and Data Protection is useful and beneficial for securing the environment and matching compliance policies, making it worth buying the license.
I find Mimecast Insider Risk Management and Data Protection to be a great application that safeguards the complete tenant and manages mail flow smoothly. Over the past four years of using this application, I have never encountered any conflicts between the mailing services and Mimecast Insider Risk Management and Data Protection, making it an excellent choice for security and threat intelligence.
Mimecast Insider Risk Management and Data Protection has positively impacted my organization by protecting us from a lot of unwanted spam and phishing mails, as users are often unaware of what to click on in emails. It has helped safeguard our complete tenant from these types of threats.
Since using Mimecast Insider Risk Management and Data Protection, the unwanted mails for our tenant have decreased by 95% compared to before we migrated to this application.
Currently, I work in a production company, and it is very useful in day-to-day life, such as blacklisting domains and safeguarding our tenant and users from spam mails, phishing mails, and vulnerability management. It quarantines unwanted mails quickly and easily, providing safety and protection from threat attacks.
Mimecast Insider Risk Management and Data Protection integrates well with other security tools like CrowdStrike, SentinelOne, and Microsoft Defender, providing in-depth insights while safeguarding against unwanted and suspicious mails.
I would rate Mimecast Insider Risk Management and Data Protection a nine out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Email protection has eliminated incidents and now secures sensitive data and insider risks
What is our primary use case?
I use it for email threat protection or DLP in my day-to-day work by enabling the impersonation protection, attachment protection, URL protection, and also enabling the DKIM, DMARC, and SPF record. I also enable all the spam filters, create the proper policies, profile group policies, and other things.
How has it helped my organization?
Since implementing Mimecast Insider Risk Management and Data Protection, I have seen specific outcomes such as achieving zero incidents over the last five years.
What is most valuable?
Out of all those features, I find preventing sensitive data leaks as well as inside threat detection and DLP the most valuable and essential.
What needs improvement?
Regarding Mimecast Insider Risk Management and Data Protection's AI capabilities, I think its governance and security are effective because it has reduced false positives in data protection as well as inside risk alerts, improved real-time detection of data exfiltration attempts, expanded monitoring to email, M365 teams, SharePoint, increased automation for incident response and remediations, and improved integration with SIEM and SOAR.
I find Mimecast Insider Risk Management and Data Protection's AI accuracy and reliability of its output to be consistent and trustworthy for my organization.
For how long have I used the solution?
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
How are customer service and support?
Which solution did I use previously and why did I switch?
I switched from Proofpoint to Mimecast Insider Risk Management and Data Protection because Proofpoint is not accurate, not user-friendly, and has more false positives compared to Mimecast Insider Risk Management and Data Protection.
How was the initial setup?
What about the implementation team?
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
Which other solutions did I evaluate?
What other advice do I have?
I observed that the AI-powered risk score has improved, with automation in place using AML, so that most threats are detected and there are fewer false positives. I gave this product a 10 out of 10 rating because of these capabilities.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Email defenses have stopped outsider threats and protect sensitive data with clear user guidance
What is our primary use case?
Mimecast Insider Risk Management and Data Protection is used to identify all risks that have been identified in my current client's environment. The solution is applicable at the gateway level and serves to stop outsider threats from invading our environment. Regarding data protection, we have implemented the DLP part so that insider employees do not share sensitive information with outsiders.
We have various DLP rules implemented into Mimecast Insider Risk Management and Data Protection. One such rule involves setting the email content to trigger on specific words. When any sensitive word from our defined set is detected, the DLP rule triggers and notifies our team. We have also implemented Mimecast secure email messaging, where any documents sent to external parties must be shared via the Mimecast secure email gateway only so that documents do not get leaked. Through Mimecast, we are working to secure our environment.
What is most valuable?
The best features Mimecast Insider Risk Management and Data Protection offers are the banner, which is the CyberGraph feature, and the DLP rules.
Regarding the CyberGraph feature, we recently implemented it. For a company with thousands of employees, it is quite difficult to make every user understand phishing emails, not to click on links, or open attachments, even with user awareness sessions. In that case, CyberGraph helped because it comes with a banner. When a user receives an email, a banner appears in different color codes before the email body. This makes the user aware and forces them to read what is written on the banner. This is what helps us rely on Mimecast Insider Risk Management and Data Protection, as we do not need to personally conduct user awareness. It has helped a lot. Regarding the DLP rules, they are quite efficient and very easy to understand from a Mimecast perspective. That is what I liked.
Mimecast Insider Risk Management and Data Protection has had a great impact. It has helped us to manage outsider threats from invading our environment in a very effective way.
What needs improvement?
Mimecast Insider Risk Management and Data Protection is good, user-friendly, and has a nice UI. I do not think there should be any improvement at this time. Everything I have used has been user-friendly, so I do not think there is any improvement I need to suggest.
For how long have I used the solution?
I have been using Mimecast Insider Risk Management and Data Protection for almost one year.
How are customer service and support?
The customer support is amazing.
Which solution did I use previously and why did I switch?
We were using Mimecast Insider Risk Management and Data Protection from the beginning.
What was our ROI?
I have not seen a return on investment.
Which other solutions did I evaluate?
We did not evaluate other options. We were going with Mimecast only.
What other advice do I have?
My experience using Mimecast Insider Risk Management and Data Protection has been great. Before, I did not have any experience with Mimecast or any email security tools. When I first saw the interface and the UI of Mimecast, it was so user-friendly and simple to understand. A person with no background in email security can still learn and use Mimecast Insider Risk Management and Data Protection and practice on it within a few weeks. That is what makes Mimecast Insider Risk Management and Data Protection user-friendly.
Mimecast Insider Risk Management and Data Protection is amazing. I have found it very trustworthy. I would simply tell others to go with Mimecast Insider Risk Management and Data Protection because it is user-friendly and amazing. I rate this product nine out of ten.
Targeted phishing attacks have been managed efficiently and email threats are analyzed faster
What is our primary use case?
The main usage of Mimecast Insider Risk Management and Data Protection for me, coming from a security background, involves handling the daily phishing emails we receive. I use Mimecast message tracking and email preview features to determine whether emails are phishing and to take relevant actions accordingly.
A week ago, we received a phishing email in Defender, and Mimecast Insider Risk Management and Data Protection helped us handle it. I took the data to Mimecast and applied relevant filters in message tracking. I discovered that the framework values for SPF and DKIM were not matching, and the spam value was high. After pulling the header from Mimecast and analyzing it, I observed some delays that led me to conclude the email was likely phishing.
This is the primary function I perform with Mimecast Insider Risk Management and Data Protection.
What is most valuable?
The best features offered by Mimecast Insider Risk Management and Data Protection include message tracking and attachment information. If an email contains any attachment, the system displays it and allows me to download it for review. The email preview feature enables me to view incoming emails.
Message tracking is the game changer for me in Mimecast Insider Risk Management and Data Protection. I can filter any email information based on sender address, subject, and attachment information, and I can gather relevant data such as frameworks, whether they are passing or not, and the header.
Mimecast Insider Risk Management and Data Protection has positively impacted our organization because before implementing this tool, when we received phishing emails, we did not have an appropriate tool to check the framework. We only analyzed emails from a grammar perspective, and many phishing emails reached user inboxes. Since Mimecast has been introduced into our system, we have been very effective at tackling phishing emails and helping our organization remain secure.
What needs improvement?
Mimecast Insider Risk Management and Data Protection can be improved in the user interface. The UI is still very outdated and not functional, and there is no AI chatbot that would help us navigate through the interface.
I believe that Mimecast Insider Risk Management and Data Protection could improve the attachment info option. Sometimes it is glitchy, and occasionally the format is not proper, making it difficult to download the attachment and review it.
Regarding the AI capabilities of Mimecast Insider Risk Management and Data Protection, the governance and security features are very strong, but it is still lacking in AI features.
What do I think about the stability of the solution?
Mimecast Insider Risk Management and Data Protection has been very stable in my experience. The logs have been flowing through Sentinel without any log shortage, and all features are working very well.
What do I think about the scalability of the solution?
The scalability of Mimecast Insider Risk Management and Data Protection depends on the organization. If you purchase more features, it will be more scalable at that point.
How are customer service and support?
Customer support for Mimecast Insider Risk Management and Data Protection is adequate, but I would not say it is excellent. We raised a vendor ticket for one of the features, and the response was within 28 to 48 hours. While not quick, we do eventually receive a resolution.
Which solution did I use previously and why did I switch?
There was no solution before Mimecast Insider Risk Management and Data Protection. It was the first solution we used regarding email security.
What was our ROI?
I have seen a return on investment since using Mimecast Insider Risk Management and Data Protection. It has definitely saved us considerable time. Previously, everything had to be done manually, and we were still unable to achieve our goals of catching phishing emails. Since Mimecast has been introduced, it has been saving us significant time. Money has also been saved, as our stakeholders made an investment in the tool. If we properly secure the environment through this tool, it indirectly helps save money.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, setup cost, and licensing for Mimecast Insider Risk Management and Data Protection, these are decisions that stakeholders make, and I am the one actually using the tool, so I am not fully aware of these details. However, regarding licensing, in our team, everyone has separate roles we are working with, leading to limited access.
Which other solutions did I evaluate?
Before choosing Mimecast Insider Risk Management and Data Protection, I believe we evaluated Proofpoint as a comparison. However, because Mimecast has a strong reputation, we chose it instead.
What other advice do I have?
The advice I would give to others looking into using Mimecast Insider Risk Management and Data Protection is that there are many features in this tool. Make sure when you purchase this tool that you go through the catalog, and after buying, explore every field because not everything is in the dashboard itself. You need to go into depth to understand how those features can help you in your day-to-day security work. I would rate this product an 8 overall.
Email security has improved and real-time insights simplify managing complex mail flows
What is our primary use case?
I manage an organization with more than five thousand employees who are all in either on-site or hybrid environments and receive multiple emails every day. The email flow on a daily basis is too much to handle manually. Emails can be sent from approved domains, or they can be spam or other unwanted messages. I cannot reveal my customer's name, but I can say that they are in the shopping business. Since they are in the shopping business, they receive multiple mail flows from the sales team and regular communications, and it becomes very crucial to differentiate which emails are useful and which are not.
On a daily basis, I check whether the mail flow is within the established threshold. Unless there are end-of-season sales occurring, I do not see a high mail flow that exceeds the threshold we observe. I evaluate the detections I am seeing, and in Mimecast Insider Risk Management and Data Protection, I can see detections based on various time frames, such as twenty-four hours, forty-eight hours, or whatever custom time frame I choose. The maximum limit according to our enterprise is thirty days. Since I need to see activity in real time, I analyze whether all the respective mail flows are coming in and what category they fall under. The categories can include malware, spam, extortion campaigns, or multiple others.
I analyze that data by fetching the raw logs for my customer, checking the spam scores for their emails, and reviewing statuses such as accepted, rejected, held, deferred, and more. I analyze whether Mimecast Insider Risk Management and Data Protection's policies work properly. I cannot just rely on it being a SaaS-based product with enabled policies working correctly. There are many use cases where I have seen emails being delivered that should not have been delivered. That does not make Mimecast Insider Risk Management and Data Protection a bad product; it means that I have not fine-tuned the policy to my organization's expectations. Once I work on the tool daily, I understand the mail flow, recognize which emails fall into the spam category, and compare them not only on the Mimecast Insider Risk Management and Data Protection database but also with external comparison tools like MX Toolbox or VirusTotal to analyze things. This gives an overview of what my general scenario looks.
How has it helped my organization?
The way attachments are being read by Mimecast Insider Risk Management and Data Protection is crucial, especially concerning what data is sent outside the organization from the internal network and what kind of data is being sent from outside to inside. This can include URLs, file types, PDFs, and other content. The OEM team has blocked many widely recognized malicious file types themselves, which helps in rejecting emails that people try to send containing malicious content. For PDFs specifically, which are sent regularly, it becomes crucial that if an authorized user sends something for business purposes, it should go through; however, if Mimecast Insider Risk Management and Data Protection flags it as suspicious or the domain user is not whitelisted, that is completely fair.
Mimecast Insider Risk Management and Data Protection performs its share of detection, and I have even tested it with a very large file, such as an eight-hundred-page document where only one or two hyperlinks were malicious content. Mimecast Insider Risk Management and Data Protection detected that immediately. Comparatively, other specific technologies did not block it even when I temporarily removed the sending limit that some mail tools impose, for example, only sending up to five to twenty MB. In that testing scenario, Mimecast Insider Risk Management and Data Protection shines with how policy enforcement and data protection is implemented. Secondly, it shows the top malicious senders for the week or whatever time frame I desire, illustrating which users were targeted the most. It does not just present a list; clicking on a user reveals who exactly sent the emails, the sending mail category, and more specifically regarding the targeting of the user.
The emails can fall into categories such as ransomware, spam, or impersonation, indicating whether a legitimate email has failed DKIM or DMARC validation, which Mimecast Insider Risk Management and Data Protection detects efficiently. While other tools also identify these aspects, Mimecast Insider Risk Management and Data Protection clarifies how everything works quite well. In day-to-day work, one key point I would definitely highlight is log fetching. Many other tools make fetching logs tiresome and irritating; every log search requires so much hassle with filtering. In contrast, Mimecast Insider Risk Management and Data Protection enables me to just paste the mail ID, and it finds everything automatically, fetching all relevant logs in one place without needing to differentiate between statuses such as rejected or accepted. It offers specific groups including permitted senders, trusted senders, and blocked senders. It is all clean and sophisticated. Having worked with various tools and technologies before, I can say that tools such as this should exist; they ought not to be complex. During troubleshooting calls, I should not be figuring out why the tool does not provide the required logs; it should be quick.
The SSO integration in Mimecast Insider Risk Management and Data Protection works securely and smoothly, functioning across all browsers. However, I must mention that at times, the homepage of Mimecast Insider Risk Management and Data Protection takes too long to load, which I am personally not complaining about, but colleagues have reported slow loading on rare occasions.
What is most valuable?
Mimecast Insider Risk Management and Data Protection has a very clean interface, which makes it easy to use effectively once it is handed over to the organization. I can actually ask the Mimecast Insider Risk Management and Data Protection team how to understand the tool, and they have guidelines and documentation that provide all the necessary information. Mimecast Insider Risk Management and Data Protection offers several features beyond policies and digest notifications, such as message digest notifications that I receive. It helps in understanding trace paths very well. What I mean by trace path is that when a user is sitting inside the organization and wants to send an email to an outside domain, it will not be sent directly.
First, the email goes to the Microsoft Outlook mail server. From there, an SMTP request is initiated to Mimecast Insider Risk Management and Data Protection. Once the SMTP connection is established, the email gets forwarded from the specific sender mail server to the receiver mail gateway, which is Mimecast Insider Risk Management and Data Protection. Now, from the Mimecast Insider Risk Management and Data Protection gateway, the email gets analyzed. It runs through policy checks, checks for permitted blocks, trusted senders, and frequent sender information, analyzing whether I have received some specific emails from this user and whether any of them were flagged. It goes through the database, and post all Mimecast Insider Risk Management and Data Protection internal checks, the email is verified as acceptable and is good to go.
Once verified, the email goes out to the recipient's mail server. There may be a mail server at the recipient's mail end as well, but that is not my concern since I do not manage that. It then reaches the user's inbox. Many times, the organization's control includes complaints such as not receiving the email, or the email was rejected or the attachment was missing. Why do those things happen? Mimecast Insider Risk Management and Data Protection provides a clear idea through the message delivery option, where I input the from ID and to ID for a specific timeframe, and I can see what headers were captured in the emails in a completely raw format, policies that were hit, the spam score, detections, and the exact reason for these events.
The theoretical aspects are acceptable, but the best part is the clarity it provides on the connection between the sender and recipient SMTP, such as start and end time. It shows when the connection was made to Mimecast Insider Risk Management and Data Protection, when the email got delivered, the time Mimecast Insider Risk Management and Data Protection took to establish that connection to the recipient's mail server, and when Mimecast Insider Risk Management and Data Protection sent that email. It provides thorough clarity for understanding exactly where the delay lies, including how much time Mimecast Insider Risk Management and Data Protection took for internal processing before the email went out. Many times, the blame is placed on the tool that it is not functioning properly, but those logs allow me to verify the problem's exact location. The report generation is quite easy. For policy creation, I cannot create a new policy, but almost all the policies that an organization could need are present. The interface is good—I am saying this again, but it is.
Moreover, the access level, such as the access matrix, is pretty clearly defined—basic administrator, read-only access, custom IT help desk, super administrator, and one in between, based on the plan taken for Mimecast Insider Risk Management and Data Protection. Mimecast Insider Risk Management and Data Protection learning community is something I recommend; I have done certification for them and am preparing for their advanced certification. The certification is really helpful; I learned through experience mainly, but anyone can start from the original OEM certification. There are helpful documentations and multiple tests as part of the courses, which range from ten to twelve hours for basic and advanced exams.
What needs improvement?
A con to mention is that Mimecast Insider Risk Management and Data Protection, at times, may not capture everything. For instance, the time that Mimecast Insider Risk Management and Data Protection took to process something such as incoming email is normally fifteen to twenty seconds, which is completely normal. Though the email is released, delays of ten to twenty minutes may be experienced, which does not get captured in Mimecast Insider Risk Management and Data Protection. It may show delays on the recipient's mail server end, but creates a contradiction since in Mimecast Insider Risk Management and Data Protection I do not see any delay, while the recipient's mail server indicates a delay occurring at Mimecast Insider Risk Management and Data Protection.
For testing, I whitelisted the specific domain for the sender's email. After whitelisting that, the delay disappeared, yet I wonder why Mimecast Insider Risk Management and Data Protection did not capture that in this specific log. This issue has not occurred often, maybe once or twice in the past six to seven months, but understanding that aspect has led me to reach out to OEM. They provided their views, but I was not very satisfied; they could show where it is getting captured and why it is not highlighted clearly. That is a con of Mimecast Insider Risk Management and Data Protection, but overall, it is a great tool. Mimecast Insider Risk Management and Data Protection is totally recommended. The policies are solid, they work effectively, the implementation time is not very long, integrations with SIEM are quite easy, and the Glassbreak account is something I have tested, making Mimecast Insider Risk Management and Data Protection better in this regard. Overall, it is a great tool.
For how long have I used the solution?
I have been using Mimecast Insider Risk Management and Data Protection for one and a half years.
What do I think about the stability of the solution?
Mimecast Insider Risk Management and Data Protection is definitely stable without fail based on my experience.
What do I think about the scalability of the solution?
Mimecast Insider Risk Management and Data Protection scales efficiently. In the last two months, I saw a high volume of inbound email, including spam and fraudulent emails. The tool effectively detected both malware and spam, ensuring that only a few emails categorized as malware reached user mailboxes. For malicious content, Mimecast Insider Risk Management and Data Protection performs adequately, blocking suspicious formats while still validating the email's content.
How are customer service and support?
Customer support for Mimecast Insider Risk Management and Data Protection is excellent. I rarely face issues, usually resolving in two to three business days when necessary.
Which solution did I use previously and why did I switch?
I am not certain about the primary solution used before switching to Mimecast Insider Risk Management and Data Protection, as I did not oversee its initial deployment. I can tell you that switching involved considerations regarding costs, particularly with DLP vendors and mail control.
What was our ROI?
I am not certain about specific time savings with Mimecast Insider Risk Management and Data Protection as technical observations can be vague. However, time is definitely saved in practices, as the tool requires less hands-on management after fine-tuning. I can generate specific reports, including top malicious senders and domain statistics, presenting them during customer review sessions, and those analyses help justify needed blocks.
What's my experience with pricing, setup cost, and licensing?
I am unsure about Mimecast Insider Risk Management and Data Protection's pricing, setup costs, and licensing details. However, I know that licensing details are user-specific according to the license purchased. Information on current license details is easily accessible through the right-most side of the interface under support, showing information such as account manager details for the firm and expiration timelines. I can say that the OEM escalation metrics are good, and I have never faced delays in calls to support, though sometimes CSR has business day delays.
Which other solutions did I evaluate?
I did not evaluate other options before choosing Mimecast Insider Risk Management and Data Protection as I am an engineer focused on technical aspects.
What other advice do I have?
My advice for those looking at Mimecast Insider Risk Management and Data Protection is to compare your use case comprehensively. Do not just rely on reviews, as they offer communal insight; evaluate from a technical perspective and consider the stability of your infrastructure and how well it aligns with your operational needs moving forward. Be thorough in understanding the features that other users find critical and ensure they align with your specific requirements. I give this review an overall rating of eight out of ten.
Advanced email filtering has reduced phishing incidents and protects users from malicious links
What is our primary use case?
Mimecast Insider Risk Management and Data Protection is relied upon primarily for email security, functioning as an email gateway within the company so that every email is processed through Mimecast, filtered, and then delivered to user mailboxes after security checks are completed.
Day-to-day operations involve handling tickets from users stating that their email has been held and they request release. We cross-check whether SPF is matching, if SPF has passed, and if DKIM has passed. Once everything is verified and we determine the sender is trusted, we release the email. We have different types of security gateways, including impersonation protection, which is created by establishing a profile group so that if it matches any keywords, it might flag potential impersonation. We have many policy options within the system. Based on our requirements, we can set up policies, and Mimecast helps us filter emails very effectively. We can clearly check whether emails are being delivered or not. If they are undelivered, we can check the reason for non-delivery. URLs are decoded through Mimecast, allowing us to scan links and determine whether they are safe or not. Many options exist within Mimecast for these purposes.
What is most valuable?
I have been using Mimecast Insider Risk Management and Data Protection for the past three years.
Whenever we block an email ID, we can do so from Mimecast profile groups, and we can add email addresses from which we no longer want to receive emails. For example, if a phishing email arrives, it stops and holds that email based on SPF, DKIM, and DMARC rules so that it does not reach the user and remains held. Mimecast also protects emails that contain URLs or links within them, as users may accidentally click on those links, which might affect the entire company. In this way, Mimecast helps us significantly.
Mimecast Insider Risk Management and Data Protection stands out the most. The URL protection, link scanning, blocking of users, and creation of multiple profile groups, gateways, and policies are valuable features. There have been many positive changes with Mimecast Insider Risk Management and Data Protection since implementation, and we feel it is working out positively. We also receive continuous support from the Mimecast team, with weekly calls to discuss technical issues within Mimecast.
What needs improvement?
Mimecast Insider Risk Management and Data Protection could be improved by providing more advanced features within the platform. If it collaborated with other different features, that would be more helpful.
For how long have I used the solution?
I have a total of ten years of experience in my current field.
What other advice do I have?
All functionality is performing well. There has been a reduction in phishing events. I would rate Mimecast Insider Risk Management and Data Protection an eight out of ten because sometimes it blocks or holds emails that are supposed to be unblocked. Occasionally, Mimecast does not work as effectively, which is the reason for this rating.
Behavior analytics have transformed insider threat detection and now streamline daily security work
What is our primary use case?
I have used Mimecast Insider Risk Management and Data Protection for almost four and a half years for one of my clients.
I use Mimecast Insider Risk Management and Data Protection for detecting and maintaining email security for my client. Mimecast gives us unmatched visibility and focuses on behavior analysis with file vector users, real-time nudges, and top-tier support.
Mimecast Insider Risk Management and Data Protection uses a file-vector-user framework. Instead of just blocking everything blindly, it examines the file value, how it is moving, and which users are moving it. I can provide a real-world example of how a company uses this product to stop insider threats.
My example involves departing employees and data theft. An employee resigns to take a job at a direct competitor. Before their access is cut off, they decide to download sales battle cards, customer leads, or product roadmaps to a personal USB or personal Google Drive to give themselves a head start at the new job. Mimecast manages this through HR integration by connecting to the company's HR system such as Workday or their particular HR system. The moment HR marks the employee as resigned, Mimecast automatically moves that employee to a high-risk departing employee watchlist. Additionally, behavioral monitoring tracks their activity over the last thirty days and monitors them going forward. If they suddenly try to transfer fifty gigabytes or a large amount of corporate data to a personal cloud drive or rename files to other formats to sneak them past security, Mimecast flags the mismatch instantly. The security team is alerted immediately with the exact file history, allowing them to freeze the user's account before they leave.
I can provide multiple scenarios. Another scenario involves Shadow AI leak. A well-meaning product manager wants to quickly clean up a piece of unreleased proprietary code or summarize a sensitive financial presentation to save time. They paste the entire raw text into an untrusted, unapproved public AI tool such as an unsanctioned GenAI web application. Mimecast manages this through vector detection by monitoring endpoints and browsers. It detects that corporate data is moving to an unapproved browser destination or shadow IT. A real-time nudge triggers an automated response instead of locking down the computer and creating a massive IT ticket. A pop-up appears on the employee's screen saying, 'You are trying to share internal code or data with an unapproved AI tool. Please use our secure corporate enterprise AI tool instead.' This stops the leak immediately while educating the user.
Another scenario involves hijacking accounts with a compromised insider. For example, a customer support agent falls for a spear-phishing email and inputs their credentials into a fake portal. A malicious external hacker now logs into that agent's account from a different country. The hacker appears to be an insider using legitimate credentials and begins silently harvesting customer personal identifiable information. Mimecast manages this through anomaly detection. Mimecast notices that this specific user is suddenly logging in at three in the morning from an unusual IP address and downloading customer data at ten times the normal rate. The system identifies that this behavior heavily deviates from the user's standard historical profile or data through context analysis. Because this is high-risk, the platform triggers an automated workflow via integration with the company's EDR tool such as Defender or CrowdStrike or an identity provider to isolate the device and force a password reset, instantly locking out the attackers.
What is most valuable?
There are many features that come with Mimecast Insider Risk Management and Data Protection. The absolute hero feature that makes Mimecast Insider Risk Management and Data Protection incredibly valuable to a business is a no-policy trust activity model, which I understand to be inferred trust.
Traditionally, data loss prevention tools are a nightmare because IT teams must manually write thousands of strict rules trying to guess every way an employee might steal data. Mimecast turns this on its head. Instead of writing rules, the system monitors everything and uses AI to automatically build a map of your corporate ecosystem. The magic happens when an employee downloads a file from corporate Google Drive and uploads it to corporate OneDrive. Mimecast cross-references both endpoints simultaneously. It recognizes that both sides are corporate-owned, so it silently marks the activity as trusted and ignores it. If some employees take that exact file and upload it to a personal Google Drive, Mimecast instantly flags it as untrusted because it cannot verify the destination container. This is the most useful feature that Mimecast Insider Risk Management and Data Protection has.
What needs improvement?
I would highlight reporting and analytics improvement. While the dashboard looks great, getting highly customized reports out of the system without using an external API can be difficult. The daily dashboards are very intuitive, but native executive report features could be enhanced. If you want to create highly customized reports for C-level presentation or high-level reviews, you often have to rely on their API to export data into a third-party SIEM or BI tools. Having more out-of-the-box templates for quarterly risk summaries would be a huge time-saver and advantage for this tool.
I would also mention virtual or shared environment support. It is technically specific, and there is a struggle in particular virtual desktop infrastructure environments where multiple users share a single host. One area of improvement is better out-of-the-box support for multi-user shared host environments such as Azure Virtual Desktop or AVD setups. When multiple active users share a single host simultaneously, the endpoint tracking can sometimes face performance bottlenecks or require complex workarounds to report individual data flawlessly. These are the areas where this product can improve.
For how long have I used the solution?
I have been a part of SOC operations for eight or nine years.
What do I think about the stability of the solution?
Mimecast Insider Risk Management and Data Protection is stable.
How are customer service and support?
Customer support has been impressive. I raise a ticket or task number for any query or issue I have, and I have been receiving great support from the customer service team.
Which solution did I use previously and why did I switch?
Previously, I had O365 for email security. I was not getting the centralized view that I am getting with Mimecast Insider Risk Management and Data Protection. The AI-enabled capabilities in Mimecast Insider Risk Management and Data Protection are truly impressive. It gives me behavioral analysis and allows me to monitor real-time logs. I was able to get analysis of user behavioral patterns. Because of these reasons, it helps me maintain less headcount in security engineers for this product.
How was the initial setup?
The initial setup is great.
What was our ROI?
Mimecast Insider Risk Management and Data Protection does provide ROI. It saves a lot of time. Instead of having multiple people managing DLP, I have a Mimecast Insider Risk Management and Data Protection monitoring team. The biggest positive impact has been the sheer amount of time my IT and security team has saved. Legacy DLP tools used to require a dedicated engineer just to manage daily alerts and constantly tune policies. With Mimecast Insider Risk Management and Data Protection, our investigation time for high-risk incidents has been cut in half, and overall management now takes us less than four hours a week. It provided immediate ROI within the first few months by automating our response workflows. Mimecast Insider Risk Management and Data Protection AI response is integrated directly with our HR and identity systems, which allows a smaller security team to do more. It has saved time, saved cost, and reduced the number of people in that particular security project.
What's my experience with pricing, setup cost, and licensing?
It has been a great journey for me with the pricing and setup. I do not have to think about reducing the cost. My experience has been great with Mimecast Insider Risk Management and Data Protection so far.
Which other solutions did I evaluate?
I was considering Defender, but I wanted a solution purely dedicated to insider risk management and data protection. I heard from other clients that Mimecast Insider Risk Management and Data Protection is a truly good product, and I received a demo as well. It impressed me at the first point, so I went for it.
What other advice do I have?
Mimecast Insider Risk Management and Data Protection provides behavioral pattern analysis and gives me a centralized alert. It helps me maintain less headcount for security engineers. It saves time and cost.
The accuracy of Mimecast Insider Risk Management and Data Protection detection is highly impressive because it moves away from rigid keyword matching and examines the true behavioral context. By utilizing over two hundred fifty built-in risk indicators, it successfully separates everyday employees' collaboration from actual malicious exfiltration. For example, it tracks when the file extension is renamed or when an unusual large volume of files is moved to a personal cloud browser tab, giving the alert high fidelity. In terms of reliability, the endpoint agent is incredibly lightweight and stable. It operates silently across both Windows and macOS setups with almost zero performance impact, ensuring it does not slow down employees' machines or crash. The system is highly dependable. I give this product a review rating of nine out of ten.