Listing Thumbnail

    Incydr

     Info
    Sold by: Code42 
    Deployed on AWS
    Free Trial
    AWS Free Tier
    A data protection solution to help organizations see and stop data loss from insiders
    4.2

    Overview

    Incydr allows you to see and stop data leak and theft across endpoints, browsers and cloud. It prioritizes the highest risk employee activity using over 250 contextual Incydr Risk Indicators. Incydr offers a full range of response controls to educate, contain, or block users based on the offender and offense. With Incydr, organizations gain control over data leak and theft while driving secure work habits among employees to decrease risk to data in the future.

    Get the visibility, context and controls needed to:

    Detect data theft on day 1: Protect your source code, intellectual property, and other sensitive data. Detect file exfiltration via web browsers, USB, cloud apps, email, file link sharing, Airdrop, and more. See how files are moved and shared across your entire organization without the need for policies or proxies. Incydr automatically identifies when files move outside your trusted environment, allowing you to easily detect when files are sent to personal accounts and unmanaged devices.

    Tailor your response to the offender and offense: Take action with appropriate response controls to communicate, correct, block, and contain detected risk. Leverage Code42 Instructor to correct employees when data is shared inappropriately in order to prevent risky activity from becoming the norm. Block unacceptable activity in real time for your highest risk users. Integrate with your tech stack to quickly contain insider threats while security investigates.

    Ally the business with security: Seamlessly integrate with cross functional systems such as messaging, HCM and ITMS systems. Incydr does not impact end user productivity so employees complain less about security getting in the way of work, and security teams can focus their time on bigger data risks.

    To learn more about Incydr, visit <www.code42.com/incydr/ >

    For information on Incydr's pricing dimensions as listed below, visit https://www.code42.com/incydr-plans/ 

    Contact us at https://www.code42.com/contact-sales-aws/ 

    Customer story: Hear how Lyft uses Incydr to take the blinders off of high value data movement: https://www.code42.com/case-studies/lyft/ 

    Over 65 Gartner Peer Reviews and a nearly 5 star rating: https://www.gartner.com/reviews/market/insider-risk-management-solutions/vendor/code42 

    Read the Gartner 2023 Market Guide for Data Loss Prevention Solutions: https://www.code42.com/resources/external-reports/market-guide-for-data-loss-prevention-2023 

    Our product is sold as a Private Offer through one of our Consulting Partners. To request a Private Offer, please Contact us at: https://www.code42.com/contact-sales-aws/  or email us at aws-marketplace@code42.com .

    Highlights

    • Cross platform endpoint agent: Windows, Mac, Linux to detect file exfiltration via web browsers, USB, cloud apps, email, file link sharing, Airdrop, and more. 0 to 4% CPU, up to 100MB memory.
    • API-based Exfiltration Detectors to monitor corporate cloud storage, email and business applications, including OneDrive, Google Drive, Box, Office 365 Email, Gmail and Salesforce.
    • Integrations with SIEM, SOAR, EDR, IAM, PAM and more, plus open API and developer resources.

    Details

    Sold by

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Buyer guide

    Gain valuable insights from real users who purchased this product, powered by PeerSpot.
    Buyer guide

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Free trial

    Try this product free according to the free trial terms set by the vendor.
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (4)

     Info
    Dimension
    Description
    Cost/12 months
    Horizon
    Our most comprehensive plan, Premier plus support + Instructor
    $1,000,000.00
    Professional
    Our most basic plan, includes 1 Cloud storage service and Base API
    $1,000,000.00
    Enterprise
    Mid Level package, Includes premier support, full API access, and more
    $1,000,000.00
    Private Offer
    Please contact us to request a Private Offer for accurate pricing.
    $1,000,000.00

    Vendor refund policy

    Please See our website for more details on our refund policy <www.code42.com >

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Incydr Detailed product documentation on our self-service support site is available for help deploying, administering, and managing Incydr. Code42 Incydr Technical Support offers help in the way you need it: by web ticket, chat, or phone. Support Engineers are available 24/7 for urgent priority issues, and are based in US offices. https://support.code42.com/hc/en-us 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    100
    In Data Governance
    Top
    10
    In Data Analysis, Observability
    Top
    100
    In Data Governance

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    27 reviews
    Insufficient data
    31 reviews
    Insufficient data
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Cross-Platform Endpoint Detection
    Windows, Mac, and Linux endpoint agents detect file exfiltration through web browsers, USB, cloud apps, email, file link sharing, and Airdrop with minimal resource consumption of 0 to 4% CPU and up to 100MB memory.
    Cloud Application Monitoring
    API-based exfiltration detectors monitor corporate cloud storage, email, and business applications including OneDrive, Google Drive, Box, Office 365 Email, Gmail, and Salesforce.
    Risk Indicator Analysis
    Over 250 contextual risk indicators prioritize and identify highest-risk employee activity patterns.
    Threat Response Controls
    Response controls enable real-time blocking, user containment, and employee education based on specific offender and offense characteristics.
    Security Integration Capabilities
    Open API and integrations with SIEM, SOAR, EDR, IAM, and PAM systems enable cross-functional system connectivity.
    Agentless Deployment
    Discovers every datastore of every type using an agentless approach for instant deployment with a single point of integration for zero performance impact.
    Data Classification
    Detects and classifies data types leveraging both classic pattern matching and novel ML algorithms for classification accuracy.
    Risk Detection and Visibility
    Provides continuous visibility into all cloud data and associated risks across all datastores.
    Data Context and Remediation
    Provides insights including context, administrating user, access logs, data ownership and remediation guidelines to resolve identified risks.
    Multi-Datastore Support
    Maps and discovers all cloud datastores of every type within the environment.
    Shadow AI and SaaS Discovery
    Identifies and catalogs all AI applications and shadow SaaS instances in use across the organization to enforce security guardrails.
    Data Loss Prevention for AI and Web Applications
    Prevents sensitive data leakage across AI tools, SaaS applications, and web channels through content inspection and enforcement policies.
    Browser Extension-Based Security Enforcement
    Delivers security controls through an enterprise browser extension that monitors and enforces policies on user interactions with AI, SaaS, and web applications without requiring infrastructure changes.
    AI Misuse and Prompt Injection Protection
    Detects and prevents prompt injection attacks, compliance violations, and unauthorized AI usage patterns to protect against AI-specific threats.
    Agentless Architecture with Last-Mile Visibility
    Provides comprehensive visibility and control over user and agentic interactions at the browser level without requiring agent deployment on endpoints.

    Contract

     Info
    Standard contract
    No

    Customer reviews

    Ratings and reviews

     Info
    4.2
    63 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    51%
    38%
    9%
    0%
    2%
    6 AWS reviews
    |
    57 external reviews
    External reviews are from G2  and PeerSpot .
    reviewer2861001

    Email security has protected against phishing and impersonation while improving threat response

    Reviewed on Jul 06, 2026
    Review from a verified AWS customer

    What is our primary use case?

    I am using Mimecast Insider Risk Management and Data Protection , and I used it in my previous company for around two to three years.

    We are leveraging Mimecast Insider Risk Management and Data Protection  for email security, and it is acting as our primary email gateway, through which all our emails are entered. We have all the policies and security configuration implemented on Mimecast Insider Risk Management and Data Protection as our main gateway.

    Mimecast Insider Risk Management and Data Protection is an email gateway, so all our email passes through our primary security device. It is used for all the security checks, policy checks, all the block checks, and URL rewriting. Our work mainly revolves around email work such as tracing emails and applying some blocking or remediation configurations.

    We are leveraging Mimecast Insider Risk Management and Data Protection for email security, which includes URL sandboxing, URL shorteners, URL sand details, and headers.

    What is most valuable?

    Mimecast Insider Risk Management and Data Protection is a very robust and highly reliable gateway. We are very satisfied with its excellency with the anti-spam and URL rewriting feature. We are also leveraging it to stop phishing and malware attempts that our company receives. It has a good capability to deal with day-to-day trends and also has a good interface.

    Regarding the best features Mimecast Insider Risk Management and Data Protection offers, it has highly customizable policies. It also has reliable, dynamic rewriting and blocking of URLs. Additionally, it provides instant threat remediation and is very good in identifying impersonation and BEC attacks. We have good admin visibility.

    Mimecast Insider Risk Management and Data Protection has impacted our organization positively in several ways. It has good threat remediation and good attachment protection. It also has good impersonation and BEC protection. For our organization, these three are the most critical threat vectors that an attacker can leverage to enter the company. Mimecast Insider Risk Management and Data Protection has good control over these threat vectors. Apart from that, it has a good interface and good integration with other tools.

    What needs improvement?

    Regarding improvement for Mimecast Insider Risk Management and Data Protection, I believe there is one area that needs attention: QR code phishing. I can see it is still allowing some emails that have phishing QR codes inside them or some phishing attachments. It needs to slightly improve on the QR-ishing side.

    For how long have I used the solution?

    I have been in this field for around six years and am working as a SOC incident responder.

    What do I think about the stability of the solution?

    Mimecast Insider Risk Management and Data Protection is stable.

    What do I think about the scalability of the solution?

    Regarding Mimecast Insider Risk Management and Data Protection's scalability, as we have a public cloud, there should not be an issue with scalability.

    How are customer service and support?

    Customer support for Mimecast Insider Risk Management and Data Protection is good. I have interacted with them multiple times regarding any kind of ongoing issues, and I can confirm that customer support is good.

    Which solution did I use previously and why did I switch?

    I am using only Mimecast Insider Risk Management and Data Protection because I am working in an incident response team where we need to work for different clients. The choice of devices totally depends on what the client is using.

    How was the initial setup?

    I am not the implementer; Mimecast Insider Risk Management and Data Protection was already there at the customer premises. We learned it, applied it, and used it.

    What about the implementation team?

    The accuracy of Mimecast Insider Risk Management and Data Protection is good. We do not see any kind of mis-data or misinterpretation. From the accuracy side, I can confirm that it is reliable and there are no issues.

    What was our ROI?

    Mimecast Insider Risk Management and Data Protection is time-saving. From the employee perspective, it is neutral. From the security perspective, Mimecast Insider Risk Management and Data Protection is helping in reducing the ongoing threats for the organization.

    What's my experience with pricing, setup cost, and licensing?

    I am from the incident response team, and regarding pricing and cost, I am not very familiar with this. I cannot comment on the pricing part.

    Which other solutions did I evaluate?

    We do not have a business relationship with this vendor other than being a customer.

    What other advice do I have?

    I will give one piece of advice regarding Mimecast Insider Risk Management and Data Protection: be sure about zero-day attacks because it might be missing in applying any remediation or security controls on any kind of zero-days. This is applicable for all the security equipment we are using on a daily basis. Just be assured if there is a zero-day. I gave this review a rating of 8.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Vanpreet Sandhu

    Automated monitoring has protected sensitive data and detects insider and compromised account risks

    Reviewed on Jul 03, 2026
    Review from a verified AWS customer

    What is our primary use case?

    I use Mimecast Insider Risk Management and Data Protection  primarily to identify and investigate risky user behavior involving sensitive information, whether the action is malicious, negligent, or compromised. The goal is to detect situations where employees, contractors, or privileged users may be exposing company data before it becomes a breach.

    A typical use case would include email forwarding by an employee containing confidential information to their personal accounts. Another example is a large or unusual amount of downloads of sensitive data just before a user is either terminated or they resign. Additionally, I monitor sharing of any company IP data, customer data, or financial information such as PII or PCI information, which is regulated data not supposed to be outside the organization.

    I also use it to detect compromised accounts that are behaving differently from normal user accounts. We also use it to support HR with security investigations based on support tickets that come up when they feel that something appears malicious or they report something that seems malicious.

    There was one example where an employee who had recently submitted their resignation began forwarding documents they created with the company to their personal email ID so that they could use those as templates with the new organization they would join. The problem was that they did not realize that all of our documents have the company's digital signature and the company's logo on them. They were trying to exfiltrate data which they had created while they were employed with us, which got flagged.

    Another instance occurred when we had a compromised mailbox where an attacker gained access through credential theft. Mimecast Insider Risk Management and Data Protection  identified unusual outbound email activity and anomalous user behavior that did not match the employee's normal patterns of how they would send emails. This helped us contain that account and prevent sensitive information from being shared externally.

    What is most valuable?

    The best features of Mimecast Insider Risk Management and Data Protection are, first, the ability to catch anomalous behavior. We did not know we had a compromised account until the user behavior was tracked, especially because the user in question was on leave and themselves were not actively looking at their email accounts to realize that their account had been compromised. This was one of the best features where it caught onto pattern recognition.

    Secondly, it is heavily useful for creating DLP-aided rules where it ensures that our data protection policies kick in by scanning documents and figuring out what documents should actually leave the company and what should not. It added a second guard rail layer other than our Purview  DLP , which enabled us with a second form factor for checking that no sensitive information is going outside the company.

    It has been an enabling tool where it has enabled us to not be actively involved with going through emails and understanding user behavior to sit and determine what kind of user behavioral metrics we should be looking at to catch threat vectors. This has been really valuable where it is able to automate that entire process. The AI layers ensure that we have an end-to-end clarity on what is happening, and the way they enrich our data set in terms of the classifications they provide for why they have flagged it for DLP  add value to what they actually do.

    What needs improvement?

    Improvement-wise, just because I have other clients who use Abnormal and Material Security , I can say Mimecast Insider Risk Management and Data Protection's dashboard is not that user-appealing, where someone would actually go through their dashboard and figure out metrics. Additionally, navigating their platform is not the top product. These are things they could improve on and that would add really value.

    For how long have I used the solution?

    I have been using Mimecast Insider Risk Management and Data Protection for around four and a half years. It started with CWG, but I am currently using it as a client.

    What do I think about the scalability of the solution?

    Mimecast Insider Risk Management and Data Protection is pretty scalable, especially the way it is deployed.

    How are customer service and support?

    They have a really good response time. The mean time to detect to mean time to respond from their end is somewhere between 15 minutes to 20 minutes. I would rate the customer support a 10.

    Which solution did I use previously and why did I switch?

    We were using Trend Micro and the client wanted us to move away from it.

    What was our ROI?

    Two things stand out: money saved and time saved. We were always a smaller team, but time saved and money saved is where I can provide ROI. I would say somewhere around 5% ROI. In terms of the time complexity saved, probably around a day of an analyst looking at data has turned into only 15 minutes of the analyst looking at data.

    What other advice do I have?

    It is not caught something per se that Purview  DLP missed, but because Purview DLP is set in a way where we go into the portal and we look at alerts as compared to getting actively notified for it, we tend to not get to it until a certain point of the day when we open and go through those tickets, which leads us to look at DLP related emails. That said, Mimecast Insider Risk Management and Data Protection did catch onto that in parallel to Purview, and it immediately notified us of it. That is where I would say it had the edge over Purview, just because we have not configured Purview in a way where we have active notification set up.

    Fewer incidents in terms of actual exploits going through as compared to detections stand out. We still get a lot of detections, but that is the best feature, where it is making sure those do not come through. It is keeping domain knowledge of which domain should be blocked because they are carrying malicious payloads. Another thing that got us was that it has the ability to check that even if some vendor has been marked safe, it still goes through vendor behavior as well. It has an understanding of how a vendor communicates with us. Because of that, it is able to catch onto some alerts which would have gotten missed otherwise.

    I would rate Mimecast Insider Risk Management and Data Protection around an eight. The dashboard is the only piece that would take it to a 10. I would recommend people to take the product based on what their needs are and what their budget requirements are, because that is what finally  comes down to getting this product. My overall review rating for this product is 8.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Uimsingh Uimsingh

    Email protection has reduced phishing incidents and provides clear visibility into mail flow

    Reviewed on Jul 02, 2026
    Review provided by PeerSpot

    What is our primary use case?

    I have been using Mimecast Insider Risk Management and Data Protection  for five years.

    My main use case for Mimecast Insider Risk Management and Data Protection  is to trace phishing emails, block users, and create policies when necessary. We use Mimecast Insider Risk Management and Data Protection to manage our mail flow.

    In a specific example of how I traced a phishing email using Mimecast Insider Risk Management and Data Protection, we have a sender address, and through that address, we enter it to see how many users received those emails. We check records including SPF, DKIM, and DMARC, along with the sender's IP address. If we find the IP address indicates that the sender is suspicious, we block the sender address to prevent future emails.

    All aspects of my main use case with Mimecast Insider Risk Management and Data Protection function properly.

    What is most valuable?

    Mimecast Insider Risk Management and Data Protection offers several best features, including being a very user-friendly tool where we can easily create policies, add or remove users, and block sender addresses or links, making it very useful for email protection.

    Integration is also easy with Mimecast Insider Risk Management and Data Protection, as we can easily implement this in our Outlook client to scan emails and protect our environment from phishing threats.

    Mimecast Insider Risk Management and Data Protection has positively impacted my organization because we are using it in its full version. We receive notifications and reports if we encounter any issues. When users report emails, we can check whether they are legitimate or blocked and advise them not to accept suspicious emails, making it very useful for data protection.

    What needs improvement?

    Mimecast Insider Risk Management and Data Protection can be improved by enhancing policies and rules.

    One improvement I would suggest is to create a dashboard where we can view all data, such as how many emails we receive and how many get blocked, rather than having to go through subfolders. A dashboard would allow us to easily check everything on one screen.

    For how long have I used the solution?

    I have been working in my current field for nine years.

    How are customer service and support?

    Mimecast Insider Risk Management and Data Protection's customer support was good overall, but sometimes we did not receive timely responses, needing to wait two to three days for updates.

    Which solution did I use previously and why did I switch?

    We did not use a different solution before Mimecast Insider Risk Management and Data Protection. We started with the default Microsoft setup and then implemented Mimecast Insider Risk Management and Data Protection.

    Which other solutions did I evaluate?

    I did not evaluate other options before choosing Mimecast Insider Risk Management and Data Protection.

    What other advice do I have?

    I recommend considering Mimecast Insider Risk Management and Data Protection, as it is a very useful and user-friendly tool to protect our Exchange environment.

    I can share specific outcomes where we have noticed a reduction in phishing incidents. Many times, we receive phishing emails in our environment. If emails reach user mailboxes, users can report any suspicious emails they encounter. When they report, we get the notification, and as admins, we scan those emails and check all relevant details.

    I would rate this product an 8 out of 10.

    Priti Patil

    Advanced protection has secured email, stopped phishing, and prevented data leakage

    Reviewed on Jun 30, 2026
    Review provided by PeerSpot

    What is our primary use case?

    I have been using Mimecast Insider Risk Management and Data Protection  for around two years for data protection and risk management. It is used for email security protection against phishing attacks, malware, ransomware, and data leakage to protect the organization's email security.

    What is most valuable?

    Mimecast Insider Risk Management and Data Protection  filters malicious emails, protects attachments and URLs, maintains email continuity during outages, and archives email for compliance. It protects from malicious URLs, credential theft, phishing websites, and newly created malicious URLs while preventing harmful attachments. The solution scans attachments before delivery and detects ransomware, trojans, and zero-day malware. Additionally, it protects from impersonation attempts; if someone impersonates a business email, it stops CEO fraud and business email compromise. It effectively prevents sensitive information from leaving the organization.

    The best features Mimecast Insider Risk Management and Data Protection offers are URL protection, attachment management, impersonation attempts protection, and blocking senders. As I work in email security, URL protection and blocking senders are the most valuable features, and we use them day-to-day in our business.

    Mimecast Insider Risk Management and Data Protection stops phishing by combining SPF, DKIM, and DMARC validation with anti-spam, impersonation protection, URL protection, attachment sandboxing, and machine learning-based threat protection to identify and block phishing attempts.

    I track messages, release quarantined emails, manage policies, and investigate phishing incidents through Mimecast Insider Risk Management and Data Protection, which protects our organization positively.

    What needs improvement?

    Mimecast Insider Risk Management and Data Protection already provides data loss prevention through content examination and email encryption; however, the insider risk management and data protection could be enhanced by adding more intelligent, behavior-based detection and integration with enterprise security tools.

    I wish for better integration with SIEM  and XDR , specifically improved integration with platforms such as Splunk, Microsoft Defender, and Sentinel .

    Mimecast Insider Risk Management and Data Protection is already providing strong email security and data loss prevention capabilities, but the insider risk management could be enhanced by adding advanced user behavior and analytics, including AI-based risk scoring and more context-aware data loss prevention policies. Deeper integration with SIEM  and XDR  platforms would improve visibility across the security system, and with better data classification and adaptive security policies, it would help reduce false positives and prevent sensitive data from leaving the organization.

    For how long have I used the solution?

    I have been working in the cybersecurity domain for almost four years.

    What do I think about the stability of the solution?

    Mimecast Insider Risk Management and Data Protection is stable for our organization.

    What do I think about the scalability of the solution?

    Mimecast Insider Risk Management and Data Protection is delivered as a cloud-native SaaS architecture, so customers do not need to buy or maintain email security servers. As the organization grows, Mimecast scales its cloud resources to handle increased demand, providing easy user expansion and high email processing capacity.

    How are customer service and support?

    Mimecast Insider Risk Management and Data Protection provides technical support to help customers deploy, manage, and troubleshoot its email security services. Mimecast Insider Risk Management and Data Protection provides enterprise technical support through its support portal, phone, email, and an extensive knowledge base, so their support team assists with mail flow issues, email delivery, and policy management threat protection as well. Since it is a SaaS platform, software updates and security enhancements are managed by Mimecast, and I highly recommend Mimecast Insider Risk Management and Data Protection for email security.

    Which solution did I use previously and why did I switch?

    I did not previously use a different solution before Mimecast Insider Risk Management and Data Protection.

    What was our ROI?

    The main benefit is time saved; I am not sure about money saved, but it is definitely time saved.

    Which other solutions did I evaluate?

    Our client has chosen Proofpoint over Mimecast Insider Risk Management and Data Protection because they are highly recommended to the Proofpoint solution rather than Mimecast Insider Risk Management and Data Protection.

    What other advice do I have?

    Mimecast Insider Risk Management and Data Protection is using artificial intelligence and machine learning to improve email security by analyzing and identifying threats; for example, a new phishing email pretending to be from Microsoft 365 may be blocked because AI identified suspicious language and sender characteristics.

    It can help detect phishing, business email compromise, spam, malicious URLs, and suspicious attachments by analyzing email content.

    In the future, AI could further enhance Mimecast Insider Risk Management and Data Protection through advanced user behavior analytics and AI-assisted incident investigations. I provide this review with a rating of 8 out of 10.

    Naveen Balaji

    Behavior correlation has improved insider risk detection and simplifies daily threat monitoring

    Reviewed on Jun 29, 2026
    Review provided by PeerSpot

    What is our primary use case?

    Mimecast Insider Risk Management and Data Protection  serves as a risk management solution that monitors user activity signals across M365 services including email, SharePoint , OneDrive, Teams, and endpoint activity.

    On a daily basis, I use Mimecast Insider Risk Management and Data Protection  to monitor new risk threats, high severity cases, user flags, and level scores by checking the risk management dashboard. Currently, there are no primary use cases within my organization beyond this monitoring function.

    What is most valuable?

    Mimecast Insider Risk Management and Data Protection offers behavior correlation as one of its best features, which provides risk-based user profiling and rule-based triggers.

    This functionality helps my team because it compiles signals from emails, Teams, SharePoint , and OneDrive endpoints more quickly. The solution connects multiple actions over time and builds a comprehensive risk picture of each user.

    Mimecast Insider Risk Management and Data Protection has positively impacted my organization by enabling investigation of risk behavior and user behavior, reducing potential data leakages, improving awareness of sensitive data handling across users, strengthening compliance with internal policies and regulatory requirements, and streamlining incident investigation through centralized case management. Overall, it has enhanced my organization's ability to proactively identify insider threats while minimizing manual effort for the security and compliance team.

    What needs improvement?

    Improvements could be made through AI-based risk explanations to provide better guidance on necessary enhancements to the platform.

    What other advice do I have?

    I cannot provide specific metrics regarding the reduction of manual effort. Regarding Mimecast Insider Risk Management and Data Protection's AI capabilities, its governance capabilities are not as deep or unified as purpose-built insider risk platforms such as Microsoft Purview .

    I have observed false positives because the solution is rule-based. My review rating for this solution is 9.

    View all reviews