Optimizing Targeted Threat Protection Part 4: How to Customize Your TTP User Experience

Blog Post created by user.OKpiB6a4Le Employee on Jan 16, 2019

Bob Adams is a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.


Hello, Mimecast Administrators. It’s been great going through Targeted Threat Protection's various capabilities over the past few weeks. If you’re just joining us, be sure to check out the Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP) Guide, as well as Part 1, Part 2, and Part 3 of this blog series.


As you may have noticed at the end of Part 3, I revealed that this will be the conclusion of my discussion on Targeted Threat Protection. And, as a thank you for sticking with me, I saved a bonus 11th optimization tip just for you!


One of the most important aspects of Mimecast, and really any products you use, is to understand its customizability. How can it be tailored for your organization? What are your options? In writing the Top 10 Ways to Optimize TTP Guide, my goal was to familiarize you with the ins and outs of some of the more intricate settings of TTP. As part of that understanding, I want to conclude by elaborating on some customizations of the service.


In Step 8, I highlighted that, with Impersonation Protect, you can do more than use a generic ‘External’ tag in all inbound emails. Administrators can choose to tag the Subject Line and Message Body with customized plain text.


Additionally, the Header of emails can be tagged, which allows users and/or administrators to create rules to take an automated action on the emails. But don’t stop there. Mimecast allows you to use HTML in the Message Body tag to grab your users’ attention. Use bold, italics, colored font, or even images on specific messages that are suspicious. You can even create different alerts for different users or groups of users. For example, you can configure the Message Body tag for emails addressed to anyone in Finance to:


Be Cautious of Fraudulent Wire Transfer emails – Follow the Proper Procedure!!!

...while warning HR about people requesting employee information such as W2s, P60s, etc:


Warning – Attackers Often Request Personally Identifiable Information – Never Send Employee Data Through Email Insecurely!!! 


These are just some examples of the many ways in which you can customize Impersonation Protect and get more power out of the settings available. This is important because it allows you to do more than a blanket [EXTERNAL] tag on every inbound email, which users tend to stop noticing after a few days. These specific tags are added when your Impersonation Protect policy is triggered, which means only certain potentially suspicious emails (not all) are tagged, raising your users’ attention immediately.


There’s more than just customizing tags. You’ve guessed it, we’ve reached the Bonus 11th Optimization TipCustomization of the User Awareness pages!


As many customers of Mimecast’s URL Protect know, the User Awareness page is an important teachable moment that can give users an extra chance to make the right decision, as well as allow administrators to track user behavior. However, did you know that you can customize the User Awareness Page in multiple different ways?


By default, the User Awareness Page appears as follows:



You can customize the banner (color and logo) to represent your organization. Furthermore, instead of the default title “Do you think this link is safe?” and the Body Text beneath it, you can customize the text. In the example below, I’ve changed the text to deliver a slightly different message:



Additionally, you can choose what the various follow up pages detail as well. For example, if a user selects “It’s Safe” and the site is actually malicious, by default, users see:



As with the initial “Do you think this link is safe?” User Awareness page, the title and body text here can be customized. However, you can also edit the Safety Tips section. By default, Mimecast provides nearly two dozen tips, but you can add your own. Not only that, you can choose to display only Mimecast tips, custom tips, or both Mimecast and your custom tips, thereby giving users a broader set of informational guides to be more cautious and aware when clicking links.


Overall, Mimecast Targeted Threat Protection is more than just a set of check boxes to protect your organization. It’s a versatile solution that we’ve designed to allow administrators custom control across their environment and customizability in the complicated world of cybersecurity. I hope you have enjoyed learning about how you can optimize TTP, and that you’ve been able to implement some of this advice into your organization!


Check out the rest of the series here:


Optimizing Targeted Threat Protection Part 1: Introducing the TTP Optimization Guide and Blog Series 

Optimizing Targeted Threat Protection Part 2: Understanding Domain Detection and Impersonation 

Optimizing Targeted Threat Protection Part 3: Attachment Protect Is More than Just Sandboxing   


Also, our guide:


Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP)