Skip navigation
All Places > The Mimecaster Central Blog > Blog
1 2 3 Previous Next

The Mimecaster Central Blog

68 posts

My colleagues over at the Mimecast Threat Center have found and developed a technique that uses Power Query in Excel to dynamically launch a remote Dynamic Data Exchange (DDE) attack into an Excel spreadsheet and actively control the payload Power Query.


Mimecast worked with Microsoft as part of the Coordinated Vulnerability Disclosure (CVD) process to determine if this is an intended behavior for Power Query, or if it was an issue to be addressed. While they declined to issue a fix at this time, Microsoft published an advisory (4053440) that indicates steps and procedures to provide information regarding security settings for Microsoft Office applications. The advisory provides guidance on what users can do to ensure that these applications are properly secured when processing Dynamic Data Exchange fields. 


Note that if you are a Targeted Threat Protection user, you are protected from the use of this technique already.


You can check out the full story from my colleague Ofir Shlomo of Mimecast Threat Center over at the Mimecast blog, which details in depth a potential exploit using Power Query to launch a DDE exploit.

Michael Conley is the Director of Service Delivery Enablement at Mimecast. He has enjoyed assisting customers and growing a legendary support team since 2012. Michael was the FY16 Mimecaster of the Year.


Having been a member of the team since 2012, I have served in a variety of roles, from first line engineer to manager. My latest adventure aims to educate the thousands of great Mimecasters in our community, both internal and external. Mimecast is a powerful and diverse platform, and, as such, knowing where to begin educating yourself is not always easy.


Speaking from experience – the most beneficial area of the platform to start with is Track and Trace. Being able to determine a message’s journey through Mimecast, from receipt, through policy processing, to delivery, helps administrators determine the “where,” “when,” and “why” of email routing. 


Has an end user ever asked you why a message was blocked, delayed, or allowed through? That’s a rhetorical question, as we know they do! In the video below, I'll go through several of these scenarios and encourage both new administrators and long-time customers to take a look.


You will see me on the community helping out when I can, and creating posts just like this one, touting the latest and greatest education materials. 2017 is going to be a great year for Mimecast customers as education efforts are increasing around the globe. Mimecast is serious about Legendary Customer Success and positioning ourselves to be the most trusted and reliable vendor in the cloud.


If you have any ideas, questions, or just want to say hi – please follow my profile, or drop a comment below. I am passionate about learning and teaching, and hope to pass some of my enthusiasm on to you!


In this video, I’ll show you how to get started with Track and Trace (and stay tuned for future posts in this series):



Check out Mike's next Mimecast 101 video post in the series: Mimecast 101: Troubleshooting Authentication Issues [Video] 

The following blog is written byDan Sloshberg. Dan is the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.


In our cloud app and Internet-driven world, is there a better way to protect employees and your organization than using the cloud itself? This approach helps ensure that threats are detected and blocked before they ever reach your network. That’s better than waiting for something to land in your enterprise before it’s spotted, right?


This is the approach Mimecast has taken with our new web security service. It’s built on the same multi-tenant, cloud-native platform already used by tens-of-thousands of organizations for email security. 


Delivering security and monitoring at the DNS level, Mimecast Web Security helps to:

  • Protect against malicious websites and activity
  • Support the enforcement of acceptable web use policies
  • Consistently protect users both on and off the enterprise network
  • Minimize setup time, typically achieved in less than 60 minutes


These first two capabilities are respectively the #1 and #2 critical requirements of a web security service.[1]


How does Mimecast Web Security work?


  1. Employee web requests are sent to the Mimecast Web Security cloud service for inspection at the DNS level. The IP address is examined and either found safe or is blocked if deemed malicious or in violation of the acceptable use policy.
  2. Requests to suspicious sites are proxied to allow for deeper inspection including AV scanning of the site and contents (including file downloads).
  3. Office-based DNS traffic is sent via your internet gateway to Mimecast, while off-site requests (from roaming users) are sent to Mimecast using a locally installed security agent.
  4. Access logs and associated reports are generated by the Mimecast service and are available for review by appropriately privileged system administrators.


Multi-layered inspection


The Web Security service employs a multi-layered inspection system to protect against malicious sites and block inappropriate websites based on policy.



The value of having email & web security together


99% of malware is deployed using email and the web. Thus, combining email and web security protection can help organizations better protect themselves. By integrating Mimecast Web Security and Secure Email Gateway, you'll benefit from:


  1. Shared intelligence
    • The same threat intelligence is used to secure both email and web traffic
  2. Consistent protection
    • Targeted Threat Protection-Managed URLs for email apply to web as well
    • Advanced Similarity Checks used for email domains also apply to web
  3. Simple setup and management
    • A single Administration Console for email and web makes it easy to manage both technologies
    • Existing AD integration for Mimecast email security applies to the web
    • User accounts, roles and permissions for email also apply to web
    • Branding from email notifications also applies to the web
    • Combined admin audit reporting
  4. One vendor, one bill, one support route & team


Mimecast now helps our customers by addressing the top two cyberattack vectors – email and web – with a single, fully integrated, 100% cloud-based solution. Watch the Web Security demo video to find out more about how it works.


If you’re an existing Mimecast customer, you can start a free 30-day trial today.



[1] TechValidate survey of Mimecast customers, March 2019

Mimecast recently conducted a survey of hundreds of our customers regarding their challenges with web security in general, and their current use of cloud-based web security systems, in particular. I also just posted a blog that goes into the results of this survey in more depth. We learned a number of interesting things, one of which was that the transition of web security controls to the cloud is not as far along as it is for email security. 


Gartner estimates that 65% of organizations already consume their email security services from cloud-based systems, such as Mimecast Secure Email Gateway. Our survey results showed that only 27% of our customers have made a similar transition for their web security controls. Interesting. But it does seem that a similar transition to the cloud is underway, just not as far along.


Just as we did for email, we are planning to help this transition along with our recently released Web Security service. To us, providing web security services is a very natural extension of our email security offering, in particular, URL Protect. Of course protecting against malicious or inappropriate websites needs to cover more than just links in emails!


What is your plan to start to use or expand your use of cloud-based web security controls?

We recently conducted a survey of Mimecast customers using our Internal Email Protect (IEP) service. As a reminder, IEP is the fourth member of our Targeted Threat Protection family. It focuses on inspecting, blocking, and removing malicious or otherwise unwanted emails and attachments that are internally generated (that is, internal-to-internal or outbound emails) or are inside your users' inboxes and archive. 


When used in conjunction with URL Protect, Attachment Protect, Impersonation Protect, and DLP, IEP completes the 360-degree protection for your email traffic. With it enabled, you have your inbound, outbound, and internal email traffic well secured.


The reality is that bad things do not just come from the outside. Sometimes compromised, careless, or malicious users or malware exists on the inside of your organizations. This is often how attacks spread or sensitive data can move to a place where it shouldn't.


We have summarized the results in an infographic here. And I have also provided an overview in a recent blog.


I would be interested to hear your comments, or better yet, your internal threat war stories that you are comfortable sharing with your peers here in the community!

Bob Adams is a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.


Hello, Mimecast Administrators. It’s been great going through Targeted Threat Protection's various capabilities over the past few weeks. If you’re just joining us, be sure to check out the Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP) Guide, as well as Part 1, Part 2, and Part 3 of this blog series.


As you may have noticed at the end of Part 3, I revealed that this will be the conclusion of my discussion on Targeted Threat Protection. And, as a thank you for sticking with me, I saved a bonus 11th optimization tip just for you!


One of the most important aspects of Mimecast, and really any products you use, is to understand its customizability. How can it be tailored for your organization? What are your options? In writing the Top 10 Ways to Optimize TTP Guide, my goal was to familiarize you with the ins and outs of some of the more intricate settings of TTP. As part of that understanding, I want to conclude by elaborating on some customizations of the service.


In Step 8, I highlighted that, with Impersonation Protect, you can do more than use a generic ‘External’ tag in all inbound emails. Administrators can choose to tag the Subject Line and Message Body with customized plain text.


Additionally, the Header of emails can be tagged, which allows users and/or administrators to create rules to take an automated action on the emails. But don’t stop there. Mimecast allows you to use HTML in the Message Body tag to grab your users’ attention. Use bold, italics, colored font, or even images on specific messages that are suspicious. You can even create different alerts for different users or groups of users. For example, you can configure the Message Body tag for emails addressed to anyone in Finance to:


Be Cautious of Fraudulent Wire Transfer emails – Follow the Proper Procedure!!!

...while warning HR about people requesting employee information such as W2s, P60s, etc:


Warning – Attackers Often Request Personally Identifiable Information – Never Send Employee Data Through Email Insecurely!!! 


These are just some examples of the many ways in which you can customize Impersonation Protect and get more power out of the settings available. This is important because it allows you to do more than a blanket [EXTERNAL] tag on every inbound email, which users tend to stop noticing after a few days. These specific tags are added when your Impersonation Protect policy is triggered, which means only certain potentially suspicious emails (not all) are tagged, raising your users’ attention immediately.


There’s more than just customizing tags. You’ve guessed it, we’ve reached the Bonus 11th Optimization TipCustomization of the User Awareness pages!


As many customers of Mimecast’s URL Protect know, the User Awareness page is an important teachable moment that can give users an extra chance to make the right decision, as well as allow administrators to track user behavior. However, did you know that you can customize the User Awareness Page in multiple different ways?


By default, the User Awareness Page appears as follows:



You can customize the banner (color and logo) to represent your organization. Furthermore, instead of the default title “Do you think this link is safe?” and the Body Text beneath it, you can customize the text. In the example below, I’ve changed the text to deliver a slightly different message:



Additionally, you can choose what the various follow up pages detail as well. For example, if a user selects “It’s Safe” and the site is actually malicious, by default, users see:



As with the initial “Do you think this link is safe?” User Awareness page, the title and body text here can be customized. However, you can also edit the Safety Tips section. By default, Mimecast provides nearly two dozen tips, but you can add your own. Not only that, you can choose to display only Mimecast tips, custom tips, or both Mimecast and your custom tips, thereby giving users a broader set of informational guides to be more cautious and aware when clicking links.


Overall, Mimecast Targeted Threat Protection is more than just a set of check boxes to protect your organization. It’s a versatile solution that we’ve designed to allow administrators custom control across their environment and customizability in the complicated world of cybersecurity. I hope you have enjoyed learning about how you can optimize TTP, and that you’ve been able to implement some of this advice into your organization!


Check out the rest of the series here:


Optimizing Targeted Threat Protection Part 1: Introducing the TTP Optimization Guide and Blog Series 

Optimizing Targeted Threat Protection Part 2: Understanding Domain Detection and Impersonation 

Optimizing Targeted Threat Protection Part 3: Attachment Protect Is More than Just Sandboxing   


Also, our guide:


Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP) 

Bob Adams is a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.


Hello, Mimecast Administrators. I hope that you have found some helpful takeaways in the Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP) Guide, as well as in Part 1 and Part 2 of this blog series.


In Part 3, I will cover the various ways in which Mimecast Attachment Protect analyzes attachments and the different ways it can be configured to best protect your organization without compromising your security.


Before we discuss the different settings available to you and how Mimecast inspects files, it’s important to understand the evolution of malware attacks. Files don’t necessarily need to contain a virus or malware anymore, but simply the code to retrieve one. For example, in Mimecast’s Attachment Protect logs, you may see lines such as:


Deleting volume shadow copies

Disabling Windows Updates

Disabling installed firewalls

Disabling known security suites (AntiVirus, FireWall)

Stopping the Windows Security Center service

Attempting to download remote executable content

Connecting to server using hard-coded IP address


None of these are things a file should do to your users’ machines, but take a look at the level of depth these attacks go into. They delete your Windows backups (volume shadow copies), disable your security measures, connect to a hard-coded IP and try to download a remote executable file. Traditional anti-virus inspections, no matter how many signatures you’re checking against, are unable to detect this level of attack. To combat the evolution of attachment-based attacks, Attachment Protect has continuously evolved since it was released over three years ago.


As I mentioned in Tips 5 and 10 from the Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP) Guide, Mimecast’s Attachment Protect is not a singular feature. There are multiple options that allow administrators to control how different users, groups, or even divisions of the organization receive and interact with files:


  • Safe File: Transcribe vulnerable file types to a different file format to ensure they are safe.
  • Safe File with On-Demand Sandbox: Transcribe vulnerable file types to a different file format to ensure they are safe and allow the user to request the original versions via the On-Demand Sandbox.
  • Pre-Emptive Sandbox: Analyze all vulnerable file types in the Pre-Emptive Sandbox, before delivering the mail and attachments to the user.
  • Dynamic Configuration: Allows users to toggle between delivery options for individual senders. By default, Safe File with On-Demand Sandbox is used. For trusted senders, Pre-Emptive Sandbox is used.


Safe File is versatile as it can be configured to convert a file into another format (e.g. a Word document to PDF). However, also note that it can convert a file into a safe copy of itself (e.g. Word to Word) thereby removing any macros, malicious code and any potential delivery delay.


Do your receptionists ever need to work with macro-enabled files, or receive external attachments that are editable? Perhaps not, so configure a Safe File Definition against their AD Group. Maybe some users will need an editable file, so convert files for those users to their original file format, and have another definition for others to simply convert to PDF only.


Meanwhile, your legal and finance teams may heavily use macro-enabled files. Depending on their needs, you can leverage a Dynamic Configuration or simply a Pre-Emptive Sandboxing approach to ensure they receive their files safely without needing to perform On-Demand Sandboxing each time.


Overall, Attachment Protect contains very powerful and flexible capabilities that allow you to both layer your security (through Mimecast’s multiple AV engines, Static File Analysis, Safe File Conversion and Behavioral Sandboxing) as well as customize the experience for different users across your organization.


For those interested in the granularity of Mimecast’s inspection funnel for email, I recommend reviewing the Cyber Resilience for Email Technical Deep Dive that my colleague, Matthew Gardiner, wrote.


Lastly, if you’re still reading this, then you’re one of the first people to find out that Part 4, the final blog in this series, will cover a bonus 11th Tip to optimize your TTP. It’s an important setting that I want more Mimecast customers to be aware of, so stay tuned. As always, please feel free to share with others and/or comment below!


Read the next blog in the series:

Optimizing Targeted Threat Protection Part 4: How to Customize Your TTP User Experience 

On behalf of everyone on the Mimecaster Central community team, a very Merry Christmas, Happy Holidays, and Happy New Year to all of you and your loved ones!


We are grateful for all of the wonderful conversations shared over the past year in our community. May you have more wonderful conversations spent with friends and family during this season.


We'll see (many of) you in 2019 (with some even bigger plans for community) 

Bob Adams is a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.


Hello again Mimecast Administrators! I hope you’ve had a chance to review the Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP) Guide and Part 1 in this blog series.


Continuing the discussion, I wanted to delve into how Mimecast handles domains. In Part 2, we will cover the first set of tips in more detail, give some more background on the settings and offer additional tips.


I first covered how to display the destination domain of a Mimecast rewritten URL. Enabling this feature helps users specifically take notice of the website’s domain only instead of an entire URL. For example, what would a user think of the following?



They would likely only see This attack is specifically designed for users on mobile devices: They click a link, and instead of opening the Facebook application (remember that it is not actually Facebook), they'll only see what the attacker wants them to see in their browser. In this example, they completely miss that the URL is an unsafe site:



In reality, the domain within that URL is, which a user would see as in the Mimecast rewritten URL.


Did you also know that, as a Mimecast Administrator, you can decode URLs rewritten by Mimecast? Understanding how Mimecast rewrites URLs is important, which highlights one of the most important areas of focus for email security: domain identification. Within an inbound email or URL, you can detect and display the destination domain. However, it’s not just about identifying a domain, but also analyzing it for impersonation.


Mimecast recently added Advanced Similarity Checks which go beyond Anti-Spoofing and DNS Authentication (SPF, DKIM, and DMARC). With these checks, organizations can identify attackers attempting to use domains intended to appear like their own, as well as organizations they work with such as suppliers and customers. This functionality applies to both Mimecast URL Protect and Mimecast Impersonation Protect.


Attackers also attempt to use various character manipulation tactics to trick your users. As outlined in the Top 10 guide, these enhancements are explained in great detail in a recent Service Update.


Remember, Mimecast’s Targeted Threat Protection (TTP) is only going to protect your organization if it’s configured. A crucial part of domain detection will be to populate your Custom Monitored Domain list to ensure Mimecast is protecting your organization from both the Mimecast Managed Domains list as well as the domains you specify for your organization.


I hope you’re becoming more comfortable with your environment’s email security and have learned some of the new ways we're enhancing our products. Stay tuned for Part 3, where we’ll cover how to understand the various Mimecast Attachment Protect options, and how TTP features can be versatile by applying different settings across your environment.


Read the next blog in the series: Optimizing Targeted Threat Protection Part 3: Attachment Protect Is More than Just Sandboxing   

Dan Sloshberg is the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.


We are delighted to announce yet another integration with leading SIEM solution IBM QRadar. This follows our recent announcement of Mimecast for LogRhythm and the latest update to our Splunk app.IBM Security Logo


Combating the rapidly evolving threat landscape is a constant struggle, with email remaining the number one attack vector and threats becoming more stealthy, sophisticated and evasive to detection. The Mimecast for IBM QRadar app offers organizations better detection and alerting before, during and after an attack.


Integrating Mimecast data into the QRadar system through the Mimecast data logging API allows email security data to correlate against other data sources, and be included in behavioral anomaly detection, helping to identify indicators of advanced threats that would otherwise go unnoticed.


Joint Mimecast and IBM customers can better predict and prioritize what vulnerabilities to remediate through improved visibility of attacks with highly focused alerts. The impact of an attack can be minimized through faster response times made possible by using one single system for threat intelligence and response.


Access the Mimecast for IBM QRadar application through IBM’s Security App Exchange. You can also find out more through Mimecast’s developer portal.


We also encourage all of you to share your own integration ideas here now in the community!

Bob Adams is a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.


Hello Mimecast administrators! I’m pleased to introduce a new blog series tailored just for you. As a follow-up to my Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP) Guide, I wanted to share my thoughts on why I wrote it and provide additional insight into the topics discussed.


My goal is to help Mimecast admins evaluate their current security settings and get the most out of their Mimecast services. It’s important to remember that Targeted Threat Protection and its product updates are not enabled by default, as there are numerous settings that will vary from organization to organization.


Whether you still need to configure your TTP settings, want to review and update them, or are interested in learning more about the various features, this guide is for you.


When reading it, first review the Before You Start section to ensure your organization is at a proper baseline before making any changes. TTP is an evolving suite of services, and this guide is designed to help you perform a review of your current environment, and learn about best practices and recent product enhancements.


Throughout this series, each blog will introduce several tips and highlight different options for best customizing Targeted Threat Protection for your environment. For example, did you know that Mimecast can prevent attackers from impersonating external organizations you work with?


Additionally, since Mimecast is built to have its services work together, I will also shed some light on how certain settings interact with other aspects of Mimecast’s services. For example, we recently launched Mimecast Web Security. If you use Mimecast as your Secure Email Gateway with Targeted Threat Protection, and use Mimecast Web Security, you’ll find that some features from URL and Attachment Protect are available to help protect your Web Security as well.


I’ll explain all of this in more detail when I cover those features and settings in the coming blogs – stay tuned and get involved! I hope this will be an engaging series, and am looking forward to your feedback. Please feel free to comment on the optimization guide, this post, or on the coming blogs.


Read the next blog in the series: Optimizing Targeted Threat Protection Part 2: Understanding Domain Detection and Impersonation 

After many months of development and the completion of a very successful early adopter program, I am very happy to help announce the immediate availability of Mimecast Web Security


My part in the launch program this week was centered in London, from where I am currently writing this. Built-up in and around IPExpo Europe, in addition to supporting the event itself, we hosted both a customer and partner meeting where we explained and discussed this new service. Suffice it to say the interest was high and the understanding of what have done and why we have done it was also quite high.


In short, combining email and web security into a single integrated cloud service seems obvious, given the high proportion of cyber attacks that occur via email, web, or a via combination, is resonating. And given that you, our administrative customers don't have a shortage of things to do, we think the fact that it is easy to deploy, configure, and manage will be a key success factor for the service.


Interested in learning more? For starters, you can check out the documentation, the write-up and datasheet on, the Service Update, my introductory blog, and even request a 30-day free trial, which is open to all current Mimecast customers. We would also love to hear from you, questions, comments, and concerns as you have them.

Wade Suster (an active community Legend!) hails from South Africa as both a customer and channel partner, and has spent the past 13 years in IT. Wade's career began in retail, where he built computers to customer specifications, then shifted to security. His work in the security industry includes helpdesk support for antivirus software, and a focus on IPS systems, packet shapers and now, perimeter security. His relatively late start to security proves that it's never too late to start again!

Could you describe your role and how Mimecast helps you with your daily work?


I am a Security Engineer. The company I work for is focused purely on security -- because of this, I am involved with multiple products, but mainly focus on Mimecast.


I look after multiple customers' (17+) Mimecast environments, and assist where needed. I also do Mimecast pre- and post-sales, implementations, and assist with POCs. The best part about this is interacting with existing and potential new customers. With every new customer challenge, I learn something new and my knowledge of the Mimecast product increases.


With Mimecast blocking many known and unknown threats, phishing attempts and bad URLs, this makes my customers feel safe, and in return, makes my life a lot easier!


Which security issues was your company most looking to solve when it decided upon Mimecast?


My current company was already an existing Mimecast user before I started here, but from interacting with my customers before they were using Mimecast, their main requirements were Archiving, Continuity and Targeted Threat Protection (TTP). Before they used Mimecast, most of the customers had issues where malware and zero-day threats were still getting through.

Another reason for moving to Mimecast was that some of the customers were using multiple products for spam, malware and archiving.

Best piece of advice/helpful pointers for one of your peers just starting off?


There is an answer to everything. If you have an issue with something, talk to Mimecast or log a call. The Mimecast staff are super friendly and helpful. Mimecast even offers free training, so take advantage of that!


Also have a look at the Mimecaster Central community. If you are stuck with an issue, ask for help, as there will always be someone there to assist. Have a look at previous discussions, as you can learn a lot here.


Most helpful feature of Mimecast services?


I have two, the first one being Data Leak Prevention. This is so customizable that you can create rules for just about anything.


The second one would have to be the use ofMailbox Continuity in Mimecast Mobile. It’s nice to be able to receive and send emails, and even search the archive from my mobile device -- if there is an issue connecting to Exchange, I can just use the Mimecast apps. I use Mimecast Mobile just about every day.


What keeps you busy off the clock?


I am super competitive, so anything that involves winning something. I love playing Pool (Billiards), Squash, and a bit of gaming when I can.

Favorite movie?


This has got to be The Shawshank Redemption!

One thing someone here in the community wouldn’t know about you?


I can't stand onions!


>> Be sure to check out more Legends of Mimecast interviews in the series. 

The following blog is authored by Matthew GardinerMatthew is Director of Product Marketing at Mimecast, currently focused on email security, phishing, malware, and cloud security.


Just like there is no one way to catch a thief, there is no one way to catch malware. There are just so many ways to build, compile, pack, and otherwise obfuscate files to get past specific detection techniques. This is why the Mimecast email security service uses many analytic techniques, including multiple AV engines, file type blocks, static file analysis, and behavioral sandboxing, as well as multiple threat intelligence sources, to separate good files from malicious ones. And of course, users need their emails and good files without delay! You can read all about how we do this in our cloud security service in this technical paper.


In addition, there are multiple delivery vehicles for malware, which is why many security systems, whether they operate on email, the web, the network, in a cloud service, or on the endpoint, need sophisticated malware detection capabilities to be effective.


This brings me to our recently announced acquisition of the anti-malware specialist Solebit. If you are an existing customer of Mimecast and use Targeted Threat Protect (TTP) – Attachment Protect, you are benefiting from Solebit’s technology today! Approximately six months ago, we added Solebit’s static file analysis malware detection software to our email security inspection funnel in our global datacenters, and, as expected, saw a marked increase in performance and detection efficacy with average processing times in TTP Attachment Protect dropping from 44 to 23 seconds. A “two-for” benefit. Rarely does security performance and efficacy improve together, as they are typically in conflict with each other. But this is not true with Solebit.


Mimecast plans to further utilize this technology to differentiate in other product areas. Solebit helps differentiate Mimecast today via its efficacy (stops more advanced threats) and speed of detection (much faster than traditional methods – like sandboxing). Owning the company allows Mimecast to further innovate in the security detection area.  We believe this technology is critical to helping our customers become more cyber resilient.


With one purchase, we get access to dozens of security experts and open up a new development office in the security engineering hot spot of Herzliya, Israel in one transaction.


On the technology side, the purchase of Solebit provides Mimecast with even more malware detection capabilities as we enter into security spaces beyond Secure Email Gateways (notably, our recent public disclosure of our early adopter program and entry into the web security cloud services market). Given that both email and the web - often working together - are used to deliver and operate malware, such as ransomware and trojans, owning and continuing to develop key anti-malware technology will be key to the continued success of the Mimecast offerings, both current and future.


So now you know. With the acquisition of Solebit, Mimecast takes another major step toward delivering on our vision of providing a “super category” of cyber resilience solutions from a global, cloud-based service.

Matthew Gardiner is a Director of Product Marketing at Mimecast, currently focused on email security, phishing, malware, and cloud security.


Have you noticed that we at Mimecast are increasingly talking about the need for resilience for your email? In fact, not too long ago, we added a significant amount of new content on under the heading Cyber Resilience for Email. Have you wondered why we are doing that? 


This brings me to the analogy of the iPhone. The iPhone fundamentally changed the nature of what mobile phones, computers, and cameras are -- from distinct products to integrated services provided on a single platform.


We see the same phenomenon changing email as it migrates from on-premises to the cloud. Email-supporting services such as security, archiving, backup, recovery, and business continuity, which in the on-premise email world had been delivered by separate products and deployment practices, are able to be more efficiently provided by an integrated cloud service, more like an iPhone.


Before making the transition to Cyber Resilience for Email, Mimecast previously talked about providing security, continuity, and archiving services for email. While certainly true, this description lacked the vision of providing an integrated service that combined all of those individual capabilities, and more, as an integrated service.


Given that IT organizations ultimately need to provide IT services in general, and email services in particular that are resilient, after much thought, we landed on the word “resilience” to best describe what we provide for organizations’ email. We Make Email Safer for Business through our Cyber Resilience for Email solution. Making what we provide clearer to the world is largely “why” we came out with Cyber Resilience for Email solution naming.


What is Mimecast Cyber Resilience for Email? It is a combination of Mimecast services, including Secure Email Gateway with Targeted Threat Protection, continuity, and the newest service member, Sync & Recover, which is an extension of our longstanding archiving service.


When used together, these services help organizations protect their email before, during, and after an attack, technical failure, or careless user or administrator action. With thousands of organizations and millions of users depending on it currently, it isn’t new for them, but it is part of a key general trend that Mimecast is leading that is sweeping through the IT marketplace.


I would be very interested to hear what Cyber Resilience for Email means to you and your organization!