Mimecast Web Security: Managing a Policy

Document created by user.oxriBaJeN4 Employee on Aug 6, 2018Last modified by user.oxriBaJeN4 Employee on Aug 1, 2019
Version 48Show Document
  • View in full screen mode

Mimecast Web Security policies define the rules applied to user activity in an organization's environment, at the server level or front line layer of the web. A multi-layer security approach can be taken, where administrators have the flexibility to:

  • Define specific domains that should be blocked or allowed.
  • Define the site categories that should be blocked from user access.
  • Select whether a policy applies to everyone in your organization, or to a specific user or group.
  • Select whether a policy applies to a specific location.

 

Policy Types

 

The following web security policies are available:

Policy TypePolicy Description
Advanced SecurityAllows you to configure advanced options (e.g. SafeSearch, Web Proxies)
Block or Allow ListAllows you to specify whether to block or allow access to one or more domain / URLs. This policy type overrides all other web security policies.
A Block or Allow List policy takes precedence over any TTP managed URL. For example, if <domain>.com is in your managed URL list, but blocked in a policy, access to the domain is blocked.
Category FilteringAllows you to block domains / URLs based on their category (e.g. security, adult, etc.). You can block or allow all domains in a category group, or choose the block individual categories in a group.
Log SettingsAllows you to comply with regional specific data and privacy regulations by managing what web security information is logged.
Targeted Threat ProtectionAllows you to utilize the managed URLs and advanced similarity checks in the URL Protection product. This policy type is only visible if the URL Protection package is enabled for your account. View the URL Protection Definitions and Policies page for more information.
If your managed URLs list contains both URLs and domains and you wish to filter both, you must have an Advanced Security policy with the Web Proxy option enabled for those targets.

 

Changing a Mimecast Web Security Policy

Depending on the changes you want to make, you may find it easier to copy the existing policy. See the "Copying a Mimecast Security Policy section below for full details.

Changing a PolicyTo change a policy:

  1. Either:
    • Select a Policy from the policy list, and click on the Edit button in the sliding panel.
    • Click on the Menu Icon icon to the right of a policy, and select the Edit menu item.
  2. Click on the tabs on the left-hand side to switch between the policy sections, making any changes as you go.
    The tabs displayed vary depending on the policy type selected.
  3. Click on the Save & Close button.

 

Copying a Mimecast Security Policy

 

You can copy an existing policy. This leaves the original policy intact, and creates another that you can change:

  1. Either:
    • Select a Policy from the policy list, and click on the Duplicate button in the sliding panel.
    • Click on the Menu Icon icon to the right of a policy, and select the Duplicate menu item.
  2. Change the Policy Name. By default, the name is "Copy of XXXXXX" where XXXXXX is the name of the original policy.
  3. Click on the tabs on the left-hand side to switch between the policy sections, making any changes as you go.
    The tabs displayed vary depending on the policy type selected.
  4. Click on the Save & Close button.

 

Deleting a Mimecast Web Security Policy

 

Delete PolicyTo delete a policy:

  1. Either:
    • Select a Policy from the policy list, and click on the Delete button in the sliding panel.
    • Click on the Menu Icon icon to the right of a policy, and select the Delete menu item.
  2. Click on the Delete button to confirm the policy's deletion.

 

Policy Precedence / Specificity

 

Policy Precedence

 

Policy SpecificityWhen a user attempts to access a domain or URL, the Web Security policies are applied in the following order:

  1. Block / Allow: A check is made to see if the domain / URL is explicitly blocked or allowed as part of a Block or Allow List policy, and the appropriate action is applied.
  2. Managed URLs: If there is no Block or Allow List policy with the explicit domain / URL, a check is made for a Targeted Threat Protection policy with:
    • The "Managed URLs" option enabled.
    • Where the domain / URL is defined as a managed URL in Targeted Threat Protection - URL Protect.
  3. Newly Observed Domain: If there is no Targeted Threat Protection policy with the "Managed URL" option enabled, a check is made for a Targeted Threat Protection policy with:
    • The "Advanced Similarity Checks" option enabled.
    • Where the domain / URL is defined as a newly observed URL in Targeted Threat Protection - URL Protect. This includes sites exhibiting behavior associated with malicious activity (e.g. command and control).
  4. Category Filtering: If there is no Targeted Threat Protection policy with the "Advanced Similarity Check" option enabled, a check is made to see if the domain / URL is part of a Category Filtering policy. If so, access is blocked.
  5. Similarity Check: If there is no category filtering policy, a check is made for a Targeted Threat Protection policy with:
    • The "Advanced Similarity Checks" option enabled.
    • Where the domain / URL employs some homoglyph or homograph impersonation.
  6. Anti-Virus: Finally if domain / URL triggers no web security policies, anti-virus checks are made to ensure the link isn't suspicious or contains malicious content.

 

Policy Specificity

 

If you've multiple Web Security policies of the same type, they are applied to web requests based on their specificity. The more specific a policy is targeted towards, the higher it's priority. A policy that targets a:

  1. User takes precedence over those that target a Group of users.
  2. Group takes precedence over those that target a Location.
  3. Location takes precedence over those that target Everyone.

 

See Also...

 

1 person found this helpful

Attachments

    Outcomes