Essential Mimecast Configurations Based on 2025 Global Threat Intelligence
The cybersecurity landscape continues to evolve at breakneck speed, and our 2025 Global Threat Intelligence Report reveals concerning trends that demand immediate attention. Advanced business email compromise attacks are becoming more sophisticated, phishing campaigns are leveraging AI to create convincing lures, and threat actors are finding new ways to bypass traditional security measures.
The good news? Mimecast users have powerful tools at their disposal to combat these emerging threats. The key lies in proper configuration and strategic implementation of security policies tailored to your environment.
Fortifying Cloud Gateway Deployments
Organizations using Mimecast's Email Security Cloud Gateway have access to comprehensive protection layers that can be fine-tuned for maximum effectiveness against current threat vectors.
• Review the Mimecast Human Risk Insights report to gain comprehensive visibility into human risk patterns across your organization. This report provides actionable intelligence on user behavior, threat exposure, and risk trends that help you tailor security awareness training and adjust protective policies based on actual user risk profiles.
• Use single sign-on from your identity provider or leverage Mimecast's built-in multi-factor authentication to reduce an attacker's ability to leverage email as their attack vector. Single sign-on integration creates the first line of defense against credential-based attacks, while Mimecast's MFA provides equivalent protection when SSO isn't feasible.
• Ensure DNS authentication policies honor DMARC records. Create a second policy scoped to a policy group with the DMARC Fail action set to Ignore/Managed and Permitted Senders. This approach provides an effective bypass for legitimate mail being rejected or quarantined for DMARC failures while blocking spoofed messages.
• Optimize Impersonation Protection following best practice guidelines. Set two hits to tag Subject/Body and include a separate C-Level/VIP policy based on name match with a hold for admin review. Create another policy for any detections of three hits or more with the admin hold action.
• Implement Advanced BEC Protection with three policies. Deploy Moderate Enforcement for threat detection, Sender Bypass for trusted sources, and Recipient Bypass for internal exclusions. This layered approach provides comprehensive protection while maintaining operational flexibility.
• Set aggressive re-writing of URLs to ensure all URLs are scanned upon click. Be aware that anything that looks like a URL will be re-written, including IP addresses and internal links, which may affect user experience with legitimate resources.
• Utilize pre-built integrations with SIEM and XDR vendors to provide log capture and analysis for security policy enforcement. These integrations strengthen your overall security posture and enable effective incident response.
• Leverage bring-your-own threat intelligence to take advantage of third-party threat feeds for automatic rejection of matching indicators. This ensures your organization benefits from the broader security community's collective intelligence.
• Configure end-user reporting tools so employees can report potentially malicious messages received through Mimecast user tools to the Mimecast SOC for additional analysis. This human-in-the-loop approach catches threats automated systems might miss.
Optimizing Cloud Integrated Protections
Organizations leveraging Mimecast's Cloud Integrated solution have focused tools designed for streamlined yet effective protection.
• Enable Browser Isolation to minimize the risk of users accessing potentially suspicious sites. This technology creates a secure browsing environment that contains threats within an isolated environment separate from your network.
• Customize your Allow and Block rules to specify exactly who is allowed in your environment and under what circumstances. Tailored rules provide protection that adapts to your organization's specific communication patterns.
• Review weekly reports to gain insight into the threats detected in your environment. Regular review helps security teams understand their risk landscape, reveals attack trends, and identifies areas needing additional protection.
• Configure end-user reporting mechanisms so employees can report potentially malicious messages received through Mimecast user tools to the Mimecast SOC for additional analysis. This reporting helps identify emerging threats and improves automated detection capabilities.
Moving Forward with Confidence
The threats outlined in our 2025 Global Threat Intelligence Report are serious, but they're not insurmountable. Proper configuration of your Mimecast environment creates multiple layers of protection that work together to detect, block, and analyze threats before they can impact your organization.
These recommendations provide a foundation for stronger security, but every organization has unique requirements and risk profiles. If you're uncertain about the impact of any proposed configuration changes, reach out to your Mimecast account manager, customer success manager, or log a call with Mimecast support for guidance tailored to your specific environment.
