How to Bring Email and Web Security Together

Blog Post created by user.RZYHBOK9oJ Employee on Apr 23, 2019

The following blog is written byDan Sloshberg. Dan is the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.


In our cloud app and Internet-driven world, is there a better way to protect employees and your organization than using the cloud itself? This approach helps ensure that threats are detected and blocked before they ever reach your network. That’s better than waiting for something to land in your enterprise before it’s spotted, right?


This is the approach Mimecast has taken with our new web security service. It’s built on the same multi-tenant, cloud-native platform already used by tens-of-thousands of organizations for email security. 


Delivering security and monitoring at the DNS level, Mimecast Web Security helps to:

  • Protect against malicious websites and activity
  • Support the enforcement of acceptable web use policies
  • Consistently protect users both on and off the enterprise network
  • Minimize setup time, typically achieved in less than 60 minutes


These first two capabilities are respectively the #1 and #2 critical requirements of a web security service.[1]


How does Mimecast Web Security work?


  1. Employee web requests are sent to the Mimecast Web Security cloud service for inspection at the DNS level. The IP address is examined and either found safe or is blocked if deemed malicious or in violation of the acceptable use policy.
  2. Requests to suspicious sites are proxied to allow for deeper inspection including AV scanning of the site and contents (including file downloads).
  3. Office-based DNS traffic is sent via your internet gateway to Mimecast, while off-site requests (from roaming users) are sent to Mimecast using a locally installed security agent.
  4. Access logs and associated reports are generated by the Mimecast service and are available for review by appropriately privileged system administrators.


Multi-layered inspection


The Web Security service employs a multi-layered inspection system to protect against malicious sites and block inappropriate websites based on policy.



The value of having email & web security together


99% of malware is deployed using email and the web. Thus, combining email and web security protection can help organizations better protect themselves. By integrating Mimecast Web Security and Secure Email Gateway, you'll benefit from:


  1. Shared intelligence
    • The same threat intelligence is used to secure both email and web traffic
  2. Consistent protection
    • Targeted Threat Protection-Managed URLs for email apply to web as well
    • Advanced Similarity Checks used for email domains also apply to web
  3. Simple setup and management
    • A single Administration Console for email and web makes it easy to manage both technologies
    • Existing AD integration for Mimecast email security applies to the web
    • User accounts, roles and permissions for email also apply to web
    • Branding from email notifications also applies to the web
    • Combined admin audit reporting
  4. One vendor, one bill, one support route & team


Mimecast now helps our customers by addressing the top two cyberattack vectors – email and web – with a single, fully integrated, 100% cloud-based solution. Watch the Web Security demo video to find out more about how it works.


If you’re an existing Mimecast customer, you can start a free 30-day trial today.



[1] TechValidate survey of Mimecast customers, March 2019