Mimecast's Email Data Leak Prevention (DLP)

Document created by user.oxriBaJeN4 Employee on Dec 5, 2016Last modified by user.oxriBaJeN4 Employee on Jul 15, 2019
Version 13Show Document
  • View in full screen mode

Your organization’s value and competitive advantage are inextricably linked to the knowledge you hold. Information such as new product ideas, future business plans, and customer data, represents an invaluable business asset. When stored digitally, it can be shared easily with colleagues and third parties via email. While this flexibility brings great benefit, it also increases the risk of data leakage. The repercussions on your organization of a data leak can be severe, including :

  • Fines
  • Loss of reputation
  • Legal action


Mimecast's DLP Benefits


Mimecast protects against an organization wide data leak, through seamless integration with Microsoft Exchange. Using our cloud based service, it:

  • Protects against honest mistakes and malicious intent.
  • Ensures controls are put in place that don't stifle productivity.
  • Provides flexibility to allow your IT department to implement an email security policy that stipulates what:
    • Content can be emailed between a sender and recipient.
    • Email data can be stored.
  • Ensures evidence is safeguarded that establishes who was involved in a data leak, and the context in which it occurred.
  • Educates users on policy and best practice.




Mimecast uses a series of policies defined by your administrator using Mimecast's Administration Console, with any changes applied in real time. It doesn't matter how many sites or email servers you have, your email security policies are applied consistently to all email traffic. You can:

  • Apply controls to specific users and groups.
  • Ensures email signatures and legal notices are applied through integration with your Directory.
  • Examine a message's body text, HTML, headers, subject lines, and attachments to look for:
    • Defined words
    • Text patterns
    • Inappropriate images

The following policies can be used for data leak prevention:

Content Examination  

Provides a comprehensive DLP system that secures information entering and leaving your organization. Content Examination policies use a Content Examination Definition to specify the content to look for, and what action should be taken if a match is found. You can use a variety of techniques to catch undesirable content including Managed Reference DictionariesHealthcare Dictionaries / Entities, Regular Expressions, and Fuzzy Hashing. The policy applies the definition to either inbound or outbound email scanning. Message delivery can be prevented using the hold queue, and notifications can be enabled for specific senders, recipients, or groups of users.


You can configure a Content Examination policy to duplicate the actions of all the other policies listed. This prevents having to set up other policies to meet your DLP requirements. See the Content Examination Definitions: Usage Examples page for some tips on how to use this policy.

You can use fuzzy hashing in a Content Examination definition to compare two distinctly different items, and determine a level of similarity expressed as a percentage between the two. This can limit the flow of sensitive information from leaving your organization, by matching content similarities between a control document and email attachments passing through your Mimecast service. See the Content Examination Definitions: Using Fuzzy Hashing page for full details.
Attachment Management Restricts what attachments are allowed in and out of your organization, by allowing administrators to apply granular attachment handling for individual attachment types within inbound or outbound messages.
Group Carbon Copy Allows individuals or groups to be blind copied on messages based on the email flow. The sender and recipient of the message are unaware that this action takes place.
Metadata Preservation (Minutes) Allows you to limit the life of message metadata to a value less than your organization's maximum Account Retention. Email metadata (including the email header) is the associated information present in an email message.
Metadata Preservation (Days) 
Document Services Controls attachments sent or received from your organization. This policy can remove confidential metadata from documents, or convert documents to PDF/ODF, before being delivered to the recipient.
Secure Delivery This uses Transport Layer Security (TLS) technology which protects confidentiality and data integrity by encrypting connections between servers, thereby ensuring emails are transmitted through an SSL encrypted tunnel. This reduces the risk of eavesdropping, interception, and alteration of emails as they are sent across the internet.


Other DLP Considerations


Mimecast provided complementary technologies that can help with your DLP strategy. These include:

  • Secure Messaging
  • Large File Send


Secure Messaging


Secure Messaging lets you share sensitive information with people outside your organization, but without the message leaving our secure network. You can create a message inside your email client, but select to send it securely. Additionally, a policy can be configured by your administrator to be applied automatically at the gateway.


Secure Messaging provides:

  • A secure, private, cloud based service that enables the sharing of sensitive information directly from your email client.
  • Easy message and file access via a secure web portal, so recipients have a consistent experience from any device.
  • Fully customization of the branding of the secure web portal, to ensure brand recognition and enhance recipient confidence.
  • Configurable expiration dates, read receipt, no print, no reply, forward restriction, and revoking access. This can be applied by the sender, or set using policies.
  • Tighter protection than just server to server encryption, by removing an administrator’s ability to view in transit messages.


See the Secure Messaging page for full details.


Large File Send


Large File Send allows end users to send large files that bypass your Exchange, to an internal or external user. This can be achieved manually via the Mimecast for Outlook ribbon inside Microsoft Outlook, or the Mimecast for Mac application. Alternatively, a policy can be created by your administrator to automatically send a message via Large File Send when certain attachment conditions are met. Senders can choose how long the attachment is available to download, and all existing DLP policies can be applied as the messages pass through Mimecast. 


Large File Send allows:

  • Users to send and receive files up to 2 GB in size.
  • Users to create a message in their email client, just as they do with small files.
  • Administrators to set policies for attachment size. The Mimecast cloud does the rest.
  • Seamless integration into Outlook for Windows, Outlook for Mac, or delivered via a Mimecast mobile application.
  • Support of audit, e-discovery and compliance requirements, by archiving files and notification policies.


See the Large File Send page for full details.


See Also...


2 people found this helpful