“You can only manage what you can measure.”
That’s an axiom we’re fond of here at Mimecast, and it’s the “why?” behind our Human Risk Command Center (HRCC). It resonates deeply with the human risk problem we’re solving.
In the throes of day-to-day life behind a keyboard, the actions we take can expose the business to all kinds of risk. Security teams know this, but until recently, there hasn’t been a way to actually see this risk. We know firsthand how much security teams value human risk scoring. After all, who wouldn’t want to be armed with real-time data that reflects things like: who’s targeted, how they handle sensitive data, or how seriously they take security behavior and culture?
But how do you move beyond measuring risk to actively managing it? Human risk is far from static or predictable, and for many security teams, the challenge isn’t just collecting risk data—it’s operationalizing it in a way that fits into existing workflows and keeps pace with changing threats.
That’s where Watchlist Manager comes in. This powerful new capability in the HRCC empowers teams to dynamically monitor and target risk based on the behaviors and attributes that matter most to them.
From Measurement to Meaningful, Dynamic Action
The HRCC is the foundation for human risk measurement across the Mimecast platform. And the ability to integrate the HRCC across your security ecosystem makes it the ideal staging point for crafting a security strategy that is truly human-centric. Watchlist Manager takes the next, evolutionary step for the HRCC by enabling rule-based watchlists that automatically group users based on real-time risk signals, behaviors, and user attributes.
This gives you the flexibility to define and prioritize the risk factors that matter most to your organization. Is it identifying users who repeatedly fail phishing simulations? Or perhaps focusing on high-risk developers or employees handling sensitive data?
Rules are evaluated hourly to automatically update watchlists as users’ risk profiles evolve; no more outdated or static groups. Instead, security teams get continuous segmentation that can drive targeted interventions and adaptive controls.
Let’s take a look at a few examples:
Real-World Use Cases That Bring Watchlist Manager to Life
Repeated Simulated Phishing Failures: Automatically identify users who have clicked on simulated phishing links multiple times in the last 60 days.
- Possible Actions: Assign additional training, increase phishing test frequency, or apply stricter email policies.
Recent Malware Detections: Target users with recent malware detections and high-risk scores.
- Possible Actions: Require MFA, restrict access, notify IT/security, or integrate with endpoint detection and response (EDR) tools.
Highly Attacked Developers: Segment developers with high attack factor scores for focused interventions.
- Possible Actions: Assign developer-specific security training, enable extra monitoring on code/dev tools, or implement just-in-time access controls.
Users with Best Security Behavior: Recognize users with consistently low risk scores across phishing, malware, training, and sensitive data handling.
- Possible Actions: Relax controls (e.g., less frequent tests), send positive feedback, or grant special privileges.
Sensitive Data Handling Alerts for High-Risk Regions (e.g., GDPR): Focus on users with high risk for data handling and targeted attacks.
- Possible Actions: Enhance DLP monitoring, notify local security teams, require extra identity verification, or push to policy groups.
Seamless Integration Across Your Security Ecosystem
Each watchlist maps to a dynamic, read-only Profile Group managed exclusively by HRCC. These Profile Groups are instantly available for policy enforcement across Mimecast solutions like Engage, Email Security, and Incydr, as well as third-party tools via API. This integration means risk-based interventions—whether adaptive email filtering, targeted training, or access restrictions—are applied exactly where they’re needed.
Flexible, Automated, and Efficient
Admins can define watchlist criteria through combinations of behavior scores, security events, timeframes, and user attributes such as department, region, or directory group. Users can belong to multiple watchlists simultaneously, enabling granular, overlapping risk-based policies. Because membership updates automatically every hour, your team can focus on strategy instead of manual group management.
Embedding Human Risk Management into Daily Operations
Watchlist Manager is more than a feature—it’s a natural evolution of the HRCC that embeds human risk intelligence into the center of daily security operations. By turning measurement into continuous segmentation, Mimecast helps organizations shift from reactive defense to proactive human risk management.
Don't wait for risk to become a problem.
Get Started Today
Ready to see how Watchlist Manager can transform your security workflows? Log in to the Mimecast Admin Console, navigate to Human Risk > Watchlists, and start building your first dynamic watchlists today.
