Hello again Mimecast Administrators! I hope you’ve had a chance to review the Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP) Guide and Part 1 in this blog series.
Continuing the discussion, I wanted to delve into how Mimecast handles domains. In Part 2, we will cover the first set of tips in more detail, give some more background on the settings and offer additional tips.
I first covered how to display the destination domain of a Mimecast rewritten URL. Enabling this feature helps users specifically take notice of the website’s domain only instead of an entire URL. For example, what would a user think of the following?
They would likely only see facebook.com. This attack is specifically designed for users on mobile devices: They click a link, and instead of opening the Facebook application (remember that it is not actually Facebook), they'll only see what the attacker wants them to see in their browser. In this example, they completely miss that the URL is an unsafe site:
In reality, the domain within that URL is badsite.com, which a user would see as https://protect-us.mimecast.com/s/abc123xyz?domain=badsite.com in the Mimecast rewritten URL.
Did you also know that, as a Mimecast Administrator, you can decode URLs rewritten by Mimecast? Understanding how Mimecast rewrites URLs is important, which highlights one of the most important areas of focus for email security: domain identification. Within an inbound email or URL, you can detect and display the destination domain. However, it’s not just about identifying a domain, but also analyzing it for impersonation.
Mimecast recently added Advanced Similarity Checks which go beyond Anti-Spoofing and DNS Authentication (SPF, DKIM, and DMARC). With these checks, organizations can identify attackers attempting to use domains intended to appear like their own, as well as organizations they work with such as suppliers and customers. This functionality applies to both Mimecast URL Protect and Mimecast Impersonation Protect.
Attackers also attempt to use various character manipulation tactics to trick your users. As outlined in the Top 10 guide, these enhancements are explained in great detail in a recent Service Update.
Remember, Mimecast’s Targeted Threat Protection (TTP) is only going to protect your organization if it’s configured. A crucial part of domain detection will be to populate your Custom Monitored Domain list to ensure Mimecast is protecting your organization from both the Mimecast Managed Domains list as well as the domains you specify for your organization.
I hope you’re becoming more comfortable with your environment’s email security and have learned some of the new ways we're enhancing our products. Stay tuned for Part 3, where we’ll cover how to understand the various Mimecast Attachment Protect options, and how TTP features can be versatile by applying different settings across your environment.