On our latest Maximizing Mimecast session on Security Behavior Management Vijay Ramanathan, VP of Product Management, and I covered what’s new to the Engage product and previewed what's coming this quarter and into Q3, including a first look at the redesigned Training Campaign Manager.
Why security behavior management
Work moves faster than ever, and the decisions employees make across today's digital environment carry more security weight than they ever have. Attackers are using AI to craft messages that reference the right people, the right context, and the right moment -- making detection harder for both machines and humans.
At Mimecast, we think about human risk across three dimensions: Action (the everyday friction of moving through the digital environment), Attack (when users are deliberately targeted), and Access (when legitimate permissions are misused, such as sensitive data pushed to an unapproved tool or IP leaving with a departing employee). And the data is clear: as few as 8% of users can account for 80% of an organization's risk. That is why a one-size-fits-all approach does not work.
The Human Risk Command Center is the engine behind a more targeted approach. When configured, it pulls signals from across your security ecosystem and builds a continuously updated risk profile for every employee -- across 19 integrations and six behavioral risk categories: simulated phishing, real phishing, training, sensitive data handling, malware, and identity. This underlying platform capability powers the targeted training and interventions delivered by the Engage product. And, if you’re an Engage Core or Engage Pro customer, your subscription includes access to the Human Risk Command Center.
What shipped since the last session
AI Phishing Template Generator
Now available in Engage Pro, the AI Phishing Template Generator lets you create simulation templates tuned to your specific use cases, enabling you to create templates in an instant, with no dependency on technical or design resources. The template generator supports multiple languages and also includes some built-in guardrails to protect against problematic impersonation (e.g., government agencies). Vijay also walked through some best practices for getting the most out of this feature. If you’re looking for more, check out our recent blogs in the Mimecast Community.
Updated video player and expanded language support
We also covered improvements to our Engage video player, which now gives users the ability to adjust language and subtitle settings directly within the player. Castilian Spanish and Malay have recently been added, with more language support and refreshed dubbing continuing to roll out each quarter.
500 new phishing templates
We’re also excited to share that our phishing simulator will soon see an influx of new templates. Approximately 250 global templates and 250 geo-tagged templates are expected to ship by the end of June. The geo-tagged templates are designed to reflect brands and business contexts more familiar to users in specific regions, including the UK, Europe, and APAC.
Redesigned Training Campaign Manager
The highlight of our session was the new Training Campaign Manager, a significant update to how campaigns are built and managed in Engage. Vijay walked through the new campaign creation experience, which includes the ability to assign multiple videos per campaign, set delivery on a sequence or cadence, configure due dates as either specific or relative dates, and target dynamic groups -- including watchlist profile groups from the Human Risk Command Center. That opens countless remedial training use cases like automatically enrolling users with repeated phishing failures.
What is on the roadmap
In the coming quarter, we’ll release a redesigned reporting dashboard is launching this month, with more data available at the summary and individual user level, along with updated APIs for pulling data into third-party tools, SIEMs, or workflow automation. Phishing simulation data and combined program reporting will follow in Q3.
Also planned for Q3: an MCP server for Engage, which will allow customers using tools like Claude, ChatGPT, or Copilot to query Engage data directly using natural language. Scorecard customization -- including recurring schedules, non-English templates, and custom branding -- is also on the Q3 roadmap.
Engage tiers and the migration from Awareness Training
As a reminder, customers currently on Awareness Training will be migrated to engage Core in July.
Awareness Training customers that haven’t had access to the Human Risk Command Center will now see it in their Mimecast Admin Console. Migration will not result in any data loss or campaign disruption.
The full session, including the Training Campaign Manager demo and the Q&A, is available to watch on demand in the Mimecast Knowledge Hub (login required): Maximizing Mimecast Knowledge Hub
Our next Maximizing Mimecast session will focus on Governance and Compliance. Register once and you will receive reminders for all upcoming sessions automatically: Register here
