Mimecast Web Security: Overview

Document created by user.oxriBaJeN4 Employee on Jul 3, 2018Last modified by user.64viB3rep4 on Mar 5, 2019
Version 17Show Document
  • View in full screen mode

The Mimecast Web Security feature guards against malicious activity initiated by user action or by malware at the server level, or frontline layer of the web, providing strong security protection and monitoring capabilities for organizations. It works by blocking access to business inappropriate websites, based on configured policies and features. When combined with our Secure Email Gateway and Targeted Threat Protection services, Mimecast Web Security offers a single, cloud-based utility that protects against the two dominant cyber attack vectors: email and the web.




Mimecast Web Security offers the following features and benefits:

  • Lightweight security at the domain layer stops threats before they can reach your network, greatly improving overall protection for your organization.
  • Easy to configure and implement via the Administration Console, with additional tools to manage and deploy adjustments on an ongoing basis.
  • Consistent application of policies, such as integration with URL Protect, offering in-depth defense across email and web.
  • Consolidated reporting, with a high degree of visibility into real-time web usage and security risks via activity logs and dashboard analytics.


Applies To...


  • Administrators responsible for configuring and monitoring security policies and features.
  • Administrators with access to your organization's firewall, and access to user's computers / devices. View the Mimecast Web Security: Prerequisites page for the full list of requirements.

Web Security MenuConfiguring Mimecast Web Security

To configure Mimecast Web Security, you must:

  1. Define your location or IP network address.
  2. Configure your policies and exceptions.
  3. Install and verify the Mimecast SSL Certificate.
  4. Enable Mimecast Web Security on your organization's gateway. 
  5. Install the Mimecast Web Security Agent on your user's devices.
  6. Test your configurations at the user / machine level.


Defining Your Location


Mimecast Web Security locations are defined as the egress IP address of a network, where the flow of information outbound from your organization's network to another, can be monitored and restricted. The location is associated with every DNS and Web request coming from a network. Mimecast Web Security uses the egress IP to map a configured policy to the request.

View the Mimecast Web Security: Configuring Locations page for full details.


Configuring Policies


A policy defines the rules to be applied to the location specified above. There are four types of policies:

  • URL Filtering: Blocks and allows specific domains and URLs.
  • Category Filtering: Blocks and allows domains based on their categories (e.g. adult, NSFW). 
  • Targeted Threat Protection: Checks Managed URLs and Advanced Similarity Checks if the URL Protection product is enabled.
  • Advanced Security: Allows you to configure advanced options, including SafeSearch, Newly Observed Domains and Web Proxy.

See the Mimecast Web Security: Configuring Policies page for further information.


Installing / Verifying the Mimecast Certificate


In order to display Block pages from sites using SSL (Secure Sockets Layer, a standard security technology for establishing an encrypted link between a server and a client), you'll need to install a Mimecast SSL Certificate on your system.


View the Mimecast Web Security: Installing / Verifying a Mimecast Certificate page for full details.


Configuring Your Gateway 

To enable Mimecast Web Security, your gateway will need to be configured to use the Mimecast DNS servers, per your vendor instructions. You'll need to know the IP address of your Mimecast server as displayed in the Administration Console.


View the Mimecast Web Security: Configuring Your Gateway page for full details.

Enabling the Mimecast Security Agent 

The Mimecast Security Agent works in conjunction with Mimecast Web Security to offer protection on user's devices while they aren't connected to your corporate network (e.g. roaming or using public wi-fi). View the Mimecast Web Security: Mimecast Security Agent Settings page to configure the Administration Console settings.


With the required settings configured, the next step is installing the Mimecast Security Agent software. For full information, follow the guide for either  Windows OS or Mac OS.


Testing your Configuration

Web Security ConfiguredYou can test your Mimecast Web Security setup once you have:

  1. Defined your location.
  2. Configured your policies.
  3. Enabled Web Security.


To test your configuration:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A drop down menu is displayed.
  3. Click on the Web Security | Certificate and DNS Setup menu item. The "Certificate" tab displays by default.
  4. Click on the DNS tab. The "Point Your DNS to the Mimecast DNS Gateway" page displays.
  5. Click on theCheck Configuration button. If you're properly configured, a confirmation message displays.
Because Web Security uses SSL, ensure you download the Mimecast SSL certificate before testing.   

Monitoring Mimecast Web Security 


The Dashboard offers built-in reporting for administrators, including visualizations of the top ten accessed domains, accessed site categories, blocked domains, and blocked by site categories. 


The Activity Report displays a log of requests and the security action taken, depending on configured policies, allowing administrators to easily track user activity. Additionally, the Security Report displays a more in-depth log of various security threats associated with requests.


Deployment Models

Mimecast Web Security supports the following deployment models:


Deployment ModelAll Network Devices Use the Mimecast Secure GatewayConfiguration is Performed On

Devices Must Remain on the Network

Select devicesNoEach device's network adapterYes
Entire networkYesNetwork's firewallYes


See Also...