If you joined our latest Maximizing Mimecast session for Email & Collaboration Threat Protection, thank you so much for taking the time and being actively engaged with optimizing your Mimecast investment.
If you missed the April 16 session, here's a quick recap. We covered three key areas: Account Takeover (ATO) Protection, Multi-Vector Threat Protection updates, and Managed Threat Remediation and Response.
Watch the full session on demand HERE.
TOPIC 1 - Account Takeover Protection: What Launched & What’s Next?
Account takeover is one of the most damaging threats facing organizations today. Attackers move freely inside your environment using legitimate credentials, bypassing traditional controls.
What's Available
ATO Protection is now GA and included across all new email security plans: Critical, Advanced, and Premium. Mimecast approaches ATO through three phases:
- Detect: identity and behavioral signals to spot compromised accounts, even when credentials appear valid.
- Respond: Instant admin alerts, with the ability to lock accounts or hold outbound email directly from the platform (response actions coming soon).
- Recover: Graduated automated response controls reduce attacker dwell time and prevent recurrence.
What Differs by Plan
- Critical includes detection and alerting: email signal monitoring (malware, phishing, spam), anomalous volume detection, SIEM/SOAR integration, guided recommended actions, forensic tools, and Microsoft Entra ID integration.
- Advanced and Premium include everything in Critical, plus mail hold and credential lock/reset within Mimecast — with full alert response actions coming very soon.
What's Coming
Soon, Okta identity signal integration, mailbox rules analysis for suspicious configurations, and data exfiltration signals from Mimecast and integrated solutions - all building toward fully automated response actions.
How to get up and running
- Log in and review your ATO dashboard.
- Configure monitoring for relevant users, groups, and addresses.
- Connect Microsoft Entra ID via the Integration Hub to unlock additional identity signals.
TOPIC 2 - MVTP: Accelerating Activation for All Customers
Since launch, Mimecast's Multi-Vector Threat Protection (MVTP) has detected over 4 million additional threats with ~100% accuracy. We're now accelerating activation across all MX-based customers, alongside the rollout of Social Graphing for every tenant.
Why Social Graphing Matters
85% of malicious emails come from unknown senders. Social Graphing builds a communication map for your organization — tracking who your users interact with, whether a sender has reached your organization before, and whether they've contacted a specific recipient. It's rolling out in learning mode, and there's no impact to mail flow.
What to Do Now
MX-based customers will see Social Graphing and MVTP policies appear in their environment in learning/monitoring mode. Review detections by navigating to Analysis and Response and filtering on Multi-Vector Threat Protection to see what would have been held, full visibility before any impact to mail flow.
Already in monitoring mode? Consider moving to quarantine (“hold”) mode to stop more threats from reaching the inbox.
TOPIC 3 - Mimecast Email Incident Response
What Is MEIR?
MEIR is a fully managed service where the Mimecast SOC is dedicated to investigating, classifying, and remediating every single user-reported email, including spam, phishing, novel zero-day attacks, and legitimate business abuse. Your team reports emails, and our team handles everything from that point forward.
Recent Innovations in MEIR
The MEIR team has made significant strides in response speed:
- As of March 2026, Mean Time to Respond (MTTR) has been reduced by 88%.
- Typical mean time to acknowledge and respond combined is approximately 3 minutes.
- Over 40% of responses are now handled through automation.
- <1% of all reported email requires your SOC’s investigation on average – freeing your SOC of 99% of email investigation workload and focusing them only on actionable threat intel
For SOC teams managing multiple tools and a high volume of alerts, achieving that response time consistently is extremely difficult. MEIR takes that burden off your team.
Visibility for All Customers
In February 2026, Mimecast launched the ability for all customers to see every reported email within Analysis and Response, regardless of whether they have MEIR enabled. You can now view classifications, audit logs, URL clicks, and full details on every user-reported email. If your team is handling classification internally, this gives you a complete workspace. If you choose to outsource classification and remediation to MEIR, the Mimecast SOC handles all of it.
Additional improvements released include consolidated message tracking and workflow views, enhanced filtering, and one-click action buttons to make bulk remediation faster for your team.
What Is Coming
Several enhancements are on the near-term roadmap:
- An agentic classification agent built to partner with Mimecast’s human analysts, trained on real threat data, achieving 91% automated classification results.
- New threat remediation capabilities arriving very soon.
- A new remediation service launch, with information already available on the Mimecast Community.
- Expanded agentic and flexible reporting within MEIR.
SUMMARY - What to Action
Here is a practical list to take away from the April Maximizing Mimecast session:
- ATO: Log into your platform and review the ATO dashboard if you are on a new email security plan. When applicable, confirm Microsoft Entra ID is connected via the Integration Hub.
- Multi-Vector and Social Graphing: Check Analysis and Response for MVTP detections in monitoring mode. If you are confident in the results, consider moving to hold mode.
- Mimecast Email Incident Response: If you struggle to keep up with user reported emails, reach out to your account representative to discuss options for enabling MEIR.
The recording of this session is available on the Mimecast Knowledge Hub. Our next Maximizing Mimecast session of Email & Collaboration Threat protection is planned for June, and we will continue to share what is new, what is coming, and how to get the most from your investment with us.
Resources Shared on the webinar:
