Incydr

The main usage of Mimecast Insider Risk Management and Data Protection for me, coming from a security background, involves handling the daily phishing emails we receive. I use Mimecast message tracking and email preview features to determine whether emails are phishing and to take relevant actions accordingly.

A week ago, we received a phishing email in Defender, and Mimecast Insider Risk Management and Data Protection helped us handle it. I took the data to Mimecast and applied relevant filters in message tracking. I discovered that the framework values for SPF and DKIM were not matching, and the spam value was high. After pulling the header from Mimecast and analyzing it, I observed some delays that led me to conclude the email was likely phishing.

This is the primary function I perform with Mimecast Insider Risk Management and Data Protection.

The best features offered by Mimecast Insider Risk Management and Data Protection include message tracking and attachment information. If an email contains any attachment, the system displays it and allows me to download it for review. The email preview feature enables me to view incoming emails.

Message tracking is the game changer for me in Mimecast Insider Risk Management and Data Protection. I can filter any email information based on sender address, subject, and attachment information, and I can gather relevant data such as frameworks, whether they are passing or not, and the header.

Mimecast Insider Risk Management and Data Protection has positively impacted our organization because before implementing this tool, when we received phishing emails, we did not have an appropriate tool to check the framework. We only analyzed emails from a grammar perspective, and many phishing emails reached user inboxes. Since Mimecast has been introduced into our system, we have been very effective at tackling phishing emails and helping our organization remain secure.

Mimecast Insider Risk Management and Data Protection can be improved in the user interface. The UI is still very outdated and not functional, and there is no AI chatbot that would help us navigate through the interface.

I believe that Mimecast Insider Risk Management and Data Protection could improve the attachment info option. Sometimes it is glitchy, and occasionally the format is not proper, making it difficult to download the attachment and review it.

Regarding the AI capabilities of Mimecast Insider Risk Management and Data Protection, the governance and security features are very strong, but it is still lacking in AI features.

Mimecast Insider Risk Management and Data Protection has been very stable in my experience. The logs have been flowing through Sentinel without any log shortage, and all features are working very well.

The scalability of Mimecast Insider Risk Management and Data Protection depends on the organization. If you purchase more features, it will be more scalable at that point.

Customer support for Mimecast Insider Risk Management and Data Protection is adequate, but I would not say it is excellent. We raised a vendor ticket for one of the features, and the response was within 28 to 48 hours. While not quick, we do eventually receive a resolution.

There was no solution before Mimecast Insider Risk Management and Data Protection. It was the first solution we used regarding email security.

I have seen a return on investment since using Mimecast Insider Risk Management and Data Protection. It has definitely saved us considerable time. Previously, everything had to be done manually, and we were still unable to achieve our goals of catching phishing emails. Since Mimecast has been introduced, it has been saving us significant time. Money has also been saved, as our stakeholders made an investment in the tool. If we properly secure the environment through this tool, it indirectly helps save money.

Regarding pricing, setup cost, and licensing for Mimecast Insider Risk Management and Data Protection, these are decisions that stakeholders make, and I am the one actually using the tool, so I am not fully aware of these details. However, regarding licensing, in our team, everyone has separate roles we are working with, leading to limited access.

Before choosing Mimecast Insider Risk Management and Data Protection, I believe we evaluated Proofpoint as a comparison. However, because Mimecast has a strong reputation, we chose it instead.

The advice I would give to others looking into using Mimecast Insider Risk Management and Data Protection is that there are many features in this tool. Make sure when you purchase this tool that you go through the catalog, and after buying, explore every field because not everything is in the dashboard itself. You need to go into depth to understand how those features can help you in your day-to-day security work. I would rate this product an 8 overall.

My main use case for Mimecast Insider Risk Management and Data Protection is to stop accidental and malicious data leaks and prevent intellectual property theft.

I have implemented automated DLP policies and insider threat monitoring to stop internal data from going outside and prevent outside malicious data or spam from coming to my company.

We are using Mimecast Insider Risk Management and Data Protection for customers to get data from outside sources. If there are any problems, Mimecast automatically detects and flags it, blocks and holds the email, making our company data reliable and preventing anyone from accidentally clicking on malicious links.

The best features Mimecast Insider Risk Management and Data Protection offers include pre-departure spikes, real-time human risk nudges, and automatic content and DLP policies that make it more secure and easy to use for our team. The rules are particularly effective.

The feature that has made the biggest impact for my team is stopping and holding outsource emails, which is done through email tracking where we can permit relevant emails and block others.

The most reliable feature for me in Mimecast Insider Risk Management and Data Protection is the group policy that allows specific users to permit sending and receiving emails from outside sources, which I find to be the best feature for me to use right now.

After using Mimecast Insider Risk Management and Data Protection, our users are aware of it and try to be more cautious with emails coming from or being sent outside, so that if anything is flagged, there will be questions asked about why certain communication is taking place.

This increased caution has led to fewer security threats we have to deal with, as Mimecast handles most of that through its processing and policies, allowing us to focus on our day-to-day jobs without having to manage larger security issues.

In previous days, data could be extracted for about one month or more, and yearly data could be extracted, but now the feature is disabled. The archive data option should be added again to Mimecast Insider Risk Management and Data Protection because in previous updates, this feature was available, but now it is disabled, making it problematic for auditing tasks since data cannot be extracted as desired.

I have been using Mimecast Insider Risk Management and Data Protection for the last six months.

Mimecast Insider Risk Management and Data Protection is currently very stable, so we do not have to consider any other options. It is very reliable and effective.

Mimecast Insider Risk Management and Data Protection is scalable through a unified cloud-native architecture, allowing it to scale without creating alert fatigue or hampering productivity. It is not directly up to us, as our team raises a request and they handle it.

I do not prefer the customer support for Mimecast Insider Risk Management and Data Protection. When we had to extract previous year's data for audit, we opened a case due to the option being disabled, but the support took months. I hope we never need to use customer support again. The product is reliable, and we prefer not to request support since the engineers are not so helpful.

I would advise others looking into using Mimecast Insider Risk Management and Data Protection to rely on the application itself and not to think about customer support, as I have not had a good experience with them. However, I would tell them that the application itself is so reliable that support should not be needed, though if it is needed, my experience has not been good.

We did not choose any different solution before using Mimecast Insider Risk Management and Data Protection, but fewer options had been rejected by me so that we could stay with this solution only.

We are not a partner or reseller, just a customer of Mimecast Insider Risk Management and Data Protection.

I see a return on investment with Mimecast Insider Risk Management and Data Protection because it saves us time, making us happier. Compared to other options such as Forcepoint DLP or anything else, I find this to be the best solution, especially noting that it is user-friendly for those without prior knowledge, requiring only a tutorial of Mimecast to effectively use it in an organization.

I do not have experience with pricing, setup cost, and licensing since it is not up to me. The financial system governs that and checks for me.

Before choosing Mimecast Insider Risk Management and Data Protection, my organization evaluated it against dedicated data loss DLP platforms and endpoint solutions. For us, it is effective, so we do not use any of those. Proofpoint Insider Threat is the biggest direct rival, but we did not use that.

The archive data option should be added again to Mimecast Insider Risk Management and Data Protection because in previous updates, this feature was available, but now it is disabled, making it problematic for auditing tasks since data cannot be extracted as desired.

After using Mimecast Insider Risk Management and Data Protection, our users are more aware of it and try to be more cautious with emails coming from or being sent outside, so that if anything is flagged, there will be questions asked about why certain communication is taking place.

Sometimes we look for lesser-known options not finding their way into our networks. However, such alternatives have proven to be incompatible after consideration.

I would rate this product an eight out of ten.

I manage an organization with more than five thousand employees who are all in either on-site or hybrid environments and receive multiple emails every day. The email flow on a daily basis is too much to handle manually. Emails can be sent from approved domains, or they can be spam or other unwanted messages. I cannot reveal my customer's name, but I can say that they are in the shopping business. Since they are in the shopping business, they receive multiple mail flows from the sales team and regular communications, and it becomes very crucial to differentiate which emails are useful and which are not.

On a daily basis, I check whether the mail flow is within the established threshold. Unless there are end-of-season sales occurring, I do not see a high mail flow that exceeds the threshold we observe. I evaluate the detections I am seeing, and in Mimecast Insider Risk Management and Data Protection, I can see detections based on various time frames, such as twenty-four hours, forty-eight hours, or whatever custom time frame I choose. The maximum limit according to our enterprise is thirty days. Since I need to see activity in real time, I analyze whether all the respective mail flows are coming in and what category they fall under. The categories can include malware, spam, extortion campaigns, or multiple others.

I analyze that data by fetching the raw logs for my customer, checking the spam scores for their emails, and reviewing statuses such as accepted, rejected, held, deferred, and more. I analyze whether Mimecast Insider Risk Management and Data Protection's policies work properly. I cannot just rely on it being a SaaS-based product with enabled policies working correctly. There are many use cases where I have seen emails being delivered that should not have been delivered. That does not make Mimecast Insider Risk Management and Data Protection a bad product; it means that I have not fine-tuned the policy to my organization's expectations. Once I work on the tool daily, I understand the mail flow, recognize which emails fall into the spam category, and compare them not only on the Mimecast Insider Risk Management and Data Protection database but also with external comparison tools like MX Toolbox or VirusTotal to analyze things. This gives an overview of what my general scenario looks.

The way attachments are being read by Mimecast Insider Risk Management and Data Protection is crucial, especially concerning what data is sent outside the organization from the internal network and what kind of data is being sent from outside to inside. This can include URLs, file types, PDFs, and other content. The OEM team has blocked many widely recognized malicious file types themselves, which helps in rejecting emails that people try to send containing malicious content. For PDFs specifically, which are sent regularly, it becomes crucial that if an authorized user sends something for business purposes, it should go through; however, if Mimecast Insider Risk Management and Data Protection flags it as suspicious or the domain user is not whitelisted, that is completely fair.

Mimecast Insider Risk Management and Data Protection performs its share of detection, and I have even tested it with a very large file, such as an eight-hundred-page document where only one or two hyperlinks were malicious content. Mimecast Insider Risk Management and Data Protection detected that immediately. Comparatively, other specific technologies did not block it even when I temporarily removed the sending limit that some mail tools impose, for example, only sending up to five to twenty MB. In that testing scenario, Mimecast Insider Risk Management and Data Protection shines with how policy enforcement and data protection is implemented. Secondly, it shows the top malicious senders for the week or whatever time frame I desire, illustrating which users were targeted the most. It does not just present a list; clicking on a user reveals who exactly sent the emails, the sending mail category, and more specifically regarding the targeting of the user.

The emails can fall into categories such as ransomware, spam, or impersonation, indicating whether a legitimate email has failed DKIM or DMARC validation, which Mimecast Insider Risk Management and Data Protection detects efficiently. While other tools also identify these aspects, Mimecast Insider Risk Management and Data Protection clarifies how everything works quite well. In day-to-day work, one key point I would definitely highlight is log fetching. Many other tools make fetching logs tiresome and irritating; every log search requires so much hassle with filtering. In contrast, Mimecast Insider Risk Management and Data Protection enables me to just paste the mail ID, and it finds everything automatically, fetching all relevant logs in one place without needing to differentiate between statuses such as rejected or accepted. It offers specific groups including permitted senders, trusted senders, and blocked senders. It is all clean and sophisticated. Having worked with various tools and technologies before, I can say that tools such as this should exist; they ought not to be complex. During troubleshooting calls, I should not be figuring out why the tool does not provide the required logs; it should be quick.

The SSO integration in Mimecast Insider Risk Management and Data Protection works securely and smoothly, functioning across all browsers. However, I must mention that at times, the homepage of Mimecast Insider Risk Management and Data Protection takes too long to load, which I am personally not complaining about, but colleagues have reported slow loading on rare occasions.

Mimecast Insider Risk Management and Data Protection has a very clean interface, which makes it easy to use effectively once it is handed over to the organization. I can actually ask the Mimecast Insider Risk Management and Data Protection team how to understand the tool, and they have guidelines and documentation that provide all the necessary information. Mimecast Insider Risk Management and Data Protection offers several features beyond policies and digest notifications, such as message digest notifications that I receive. It helps in understanding trace paths very well. What I mean by trace path is that when a user is sitting inside the organization and wants to send an email to an outside domain, it will not be sent directly.

First, the email goes to the Microsoft Outlook mail server. From there, an SMTP request is initiated to Mimecast Insider Risk Management and Data Protection. Once the SMTP connection is established, the email gets forwarded from the specific sender mail server to the receiver mail gateway, which is Mimecast Insider Risk Management and Data Protection. Now, from the Mimecast Insider Risk Management and Data Protection gateway, the email gets analyzed. It runs through policy checks, checks for permitted blocks, trusted senders, and frequent sender information, analyzing whether I have received some specific emails from this user and whether any of them were flagged. It goes through the database, and post all Mimecast Insider Risk Management and Data Protection internal checks, the email is verified as acceptable and is good to go.

Once verified, the email goes out to the recipient's mail server. There may be a mail server at the recipient's mail end as well, but that is not my concern since I do not manage that. It then reaches the user's inbox. Many times, the organization's control includes complaints such as not receiving the email, or the email was rejected or the attachment was missing. Why do those things happen? Mimecast Insider Risk Management and Data Protection provides a clear idea through the message delivery option, where I input the from ID and to ID for a specific timeframe, and I can see what headers were captured in the emails in a completely raw format, policies that were hit, the spam score, detections, and the exact reason for these events.

The theoretical aspects are acceptable, but the best part is the clarity it provides on the connection between the sender and recipient SMTP, such as start and end time. It shows when the connection was made to Mimecast Insider Risk Management and Data Protection, when the email got delivered, the time Mimecast Insider Risk Management and Data Protection took to establish that connection to the recipient's mail server, and when Mimecast Insider Risk Management and Data Protection sent that email. It provides thorough clarity for understanding exactly where the delay lies, including how much time Mimecast Insider Risk Management and Data Protection took for internal processing before the email went out. Many times, the blame is placed on the tool that it is not functioning properly, but those logs allow me to verify the problem's exact location. The report generation is quite easy. For policy creation, I cannot create a new policy, but almost all the policies that an organization could need are present. The interface is good—I am saying this again, but it is.

Moreover, the access level, such as the access matrix, is pretty clearly defined—basic administrator, read-only access, custom IT help desk, super administrator, and one in between, based on the plan taken for Mimecast Insider Risk Management and Data Protection. Mimecast Insider Risk Management and Data Protection learning community is something I recommend; I have done certification for them and am preparing for their advanced certification. The certification is really helpful; I learned through experience mainly, but anyone can start from the original OEM certification. There are helpful documentations and multiple tests as part of the courses, which range from ten to twelve hours for basic and advanced exams.

A con to mention is that Mimecast Insider Risk Management and Data Protection, at times, may not capture everything. For instance, the time that Mimecast Insider Risk Management and Data Protection took to process something such as incoming email is normally fifteen to twenty seconds, which is completely normal. Though the email is released, delays of ten to twenty minutes may be experienced, which does not get captured in Mimecast Insider Risk Management and Data Protection. It may show delays on the recipient's mail server end, but creates a contradiction since in Mimecast Insider Risk Management and Data Protection I do not see any delay, while the recipient's mail server indicates a delay occurring at Mimecast Insider Risk Management and Data Protection.

For testing, I whitelisted the specific domain for the sender's email. After whitelisting that, the delay disappeared, yet I wonder why Mimecast Insider Risk Management and Data Protection did not capture that in this specific log. This issue has not occurred often, maybe once or twice in the past six to seven months, but understanding that aspect has led me to reach out to OEM. They provided their views, but I was not very satisfied; they could show where it is getting captured and why it is not highlighted clearly. That is a con of Mimecast Insider Risk Management and Data Protection, but overall, it is a great tool. Mimecast Insider Risk Management and Data Protection is totally recommended. The policies are solid, they work effectively, the implementation time is not very long, integrations with SIEM are quite easy, and the Glassbreak account is something I have tested, making Mimecast Insider Risk Management and Data Protection better in this regard. Overall, it is a great tool.

I have been using Mimecast Insider Risk Management and Data Protection for one and a half years.

Mimecast Insider Risk Management and Data Protection is definitely stable without fail based on my experience.

Mimecast Insider Risk Management and Data Protection scales efficiently. In the last two months, I saw a high volume of inbound email, including spam and fraudulent emails. The tool effectively detected both malware and spam, ensuring that only a few emails categorized as malware reached user mailboxes. For malicious content, Mimecast Insider Risk Management and Data Protection performs adequately, blocking suspicious formats while still validating the email's content.

Customer support for Mimecast Insider Risk Management and Data Protection is excellent. I rarely face issues, usually resolving in two to three business days when necessary.

I am not certain about the primary solution used before switching to Mimecast Insider Risk Management and Data Protection, as I did not oversee its initial deployment. I can tell you that switching involved considerations regarding costs, particularly with DLP vendors and mail control.

I am not certain about specific time savings with Mimecast Insider Risk Management and Data Protection as technical observations can be vague. However, time is definitely saved in practices, as the tool requires less hands-on management after fine-tuning. I can generate specific reports, including top malicious senders and domain statistics, presenting them during customer review sessions, and those analyses help justify needed blocks.

I am unsure about Mimecast Insider Risk Management and Data Protection's pricing, setup costs, and licensing details. However, I know that licensing details are user-specific according to the license purchased. Information on current license details is easily accessible through the right-most side of the interface under support, showing information such as account manager details for the firm and expiration timelines. I can say that the OEM escalation metrics are good, and I have never faced delays in calls to support, though sometimes CSR has business day delays.

I did not evaluate other options before choosing Mimecast Insider Risk Management and Data Protection as I am an engineer focused on technical aspects.

My advice for those looking at Mimecast Insider Risk Management and Data Protection is to compare your use case comprehensively. Do not just rely on reviews, as they offer communal insight; evaluate from a technical perspective and consider the stability of your infrastructure and how well it aligns with your operational needs moving forward. Be thorough in understanding the features that other users find critical and ensure they align with your specific requirements. I give this review an overall rating of eight out of ten.

Mimecast Insider Risk Management and Data Protection is relied upon primarily for email security, functioning as an email gateway within the company so that every email is processed through Mimecast, filtered, and then delivered to user mailboxes after security checks are completed.

Day-to-day operations involve handling tickets from users stating that their email has been held and they request release. We cross-check whether SPF is matching, if SPF has passed, and if DKIM has passed. Once everything is verified and we determine the sender is trusted, we release the email. We have different types of security gateways, including impersonation protection, which is created by establishing a profile group so that if it matches any keywords, it might flag potential impersonation. We have many policy options within the system. Based on our requirements, we can set up policies, and Mimecast helps us filter emails very effectively. We can clearly check whether emails are being delivered or not. If they are undelivered, we can check the reason for non-delivery. URLs are decoded through Mimecast, allowing us to scan links and determine whether they are safe or not. Many options exist within Mimecast for these purposes.

I have been using Mimecast Insider Risk Management and Data Protection for the past three years.

Whenever we block an email ID, we can do so from Mimecast profile groups, and we can add email addresses from which we no longer want to receive emails. For example, if a phishing email arrives, it stops and holds that email based on SPF, DKIM, and DMARC rules so that it does not reach the user and remains held. Mimecast also protects emails that contain URLs or links within them, as users may accidentally click on those links, which might affect the entire company. In this way, Mimecast helps us significantly.

Mimecast Insider Risk Management and Data Protection stands out the most. The URL protection, link scanning, blocking of users, and creation of multiple profile groups, gateways, and policies are valuable features. There have been many positive changes with Mimecast Insider Risk Management and Data Protection since implementation, and we feel it is working out positively. We also receive continuous support from the Mimecast team, with weekly calls to discuss technical issues within Mimecast.

Mimecast Insider Risk Management and Data Protection could be improved by providing more advanced features within the platform. If it collaborated with other different features, that would be more helpful.

I have a total of ten years of experience in my current field.

All functionality is performing well. There has been a reduction in phishing events. I would rate Mimecast Insider Risk Management and Data Protection an eight out of ten because sometimes it blocks or holds emails that are supposed to be unblocked. Occasionally, Mimecast does not work as effectively, which is the reason for this rating.

I have used Mimecast Insider Risk Management and Data Protection for almost four and a half years for one of my clients.

I use Mimecast Insider Risk Management and Data Protection for detecting and maintaining email security for my client. Mimecast gives us unmatched visibility and focuses on behavior analysis with file vector users, real-time nudges, and top-tier support.

Mimecast Insider Risk Management and Data Protection uses a file-vector-user framework. Instead of just blocking everything blindly, it examines the file value, how it is moving, and which users are moving it. I can provide a real-world example of how a company uses this product to stop insider threats.

My example involves departing employees and data theft. An employee resigns to take a job at a direct competitor. Before their access is cut off, they decide to download sales battle cards, customer leads, or product roadmaps to a personal USB or personal Google Drive to give themselves a head start at the new job. Mimecast manages this through HR integration by connecting to the company's HR system such as Workday or their particular HR system. The moment HR marks the employee as resigned, Mimecast automatically moves that employee to a high-risk departing employee watchlist. Additionally, behavioral monitoring tracks their activity over the last thirty days and monitors them going forward. If they suddenly try to transfer fifty gigabytes or a large amount of corporate data to a personal cloud drive or rename files to other formats to sneak them past security, Mimecast flags the mismatch instantly. The security team is alerted immediately with the exact file history, allowing them to freeze the user's account before they leave.

I can provide multiple scenarios. Another scenario involves Shadow AI leak. A well-meaning product manager wants to quickly clean up a piece of unreleased proprietary code or summarize a sensitive financial presentation to save time. They paste the entire raw text into an untrusted, unapproved public AI tool such as an unsanctioned GenAI web application. Mimecast manages this through vector detection by monitoring endpoints and browsers. It detects that corporate data is moving to an unapproved browser destination or shadow IT. A real-time nudge triggers an automated response instead of locking down the computer and creating a massive IT ticket. A pop-up appears on the employee's screen saying, 'You are trying to share internal code or data with an unapproved AI tool. Please use our secure corporate enterprise AI tool instead.' This stops the leak immediately while educating the user.

Another scenario involves hijacking accounts with a compromised insider. For example, a customer support agent falls for a spear-phishing email and inputs their credentials into a fake portal. A malicious external hacker now logs into that agent's account from a different country. The hacker appears to be an insider using legitimate credentials and begins silently harvesting customer personal identifiable information. Mimecast manages this through anomaly detection. Mimecast notices that this specific user is suddenly logging in at three in the morning from an unusual IP address and downloading customer data at ten times the normal rate. The system identifies that this behavior heavily deviates from the user's standard historical profile or data through context analysis. Because this is high-risk, the platform triggers an automated workflow via integration with the company's EDR tool such as Defender or CrowdStrike or an identity provider to isolate the device and force a password reset, instantly locking out the attackers.

There are many features that come with Mimecast Insider Risk Management and Data Protection. The absolute hero feature that makes Mimecast Insider Risk Management and Data Protection incredibly valuable to a business is a no-policy trust activity model, which I understand to be inferred trust.

Traditionally, data loss prevention tools are a nightmare because IT teams must manually write thousands of strict rules trying to guess every way an employee might steal data. Mimecast turns this on its head. Instead of writing rules, the system monitors everything and uses AI to automatically build a map of your corporate ecosystem. The magic happens when an employee downloads a file from corporate Google Drive and uploads it to corporate OneDrive. Mimecast cross-references both endpoints simultaneously. It recognizes that both sides are corporate-owned, so it silently marks the activity as trusted and ignores it. If some employees take that exact file and upload it to a personal Google Drive, Mimecast instantly flags it as untrusted because it cannot verify the destination container. This is the most useful feature that Mimecast Insider Risk Management and Data Protection has.

I would highlight reporting and analytics improvement. While the dashboard looks great, getting highly customized reports out of the system without using an external API can be difficult. The daily dashboards are very intuitive, but native executive report features could be enhanced. If you want to create highly customized reports for C-level presentation or high-level reviews, you often have to rely on their API to export data into a third-party SIEM or BI tools. Having more out-of-the-box templates for quarterly risk summaries would be a huge time-saver and advantage for this tool.

I would also mention virtual or shared environment support. It is technically specific, and there is a struggle in particular virtual desktop infrastructure environments where multiple users share a single host. One area of improvement is better out-of-the-box support for multi-user shared host environments such as Azure Virtual Desktop or AVD setups. When multiple active users share a single host simultaneously, the endpoint tracking can sometimes face performance bottlenecks or require complex workarounds to report individual data flawlessly. These are the areas where this product can improve.

I have been a part of SOC operations for eight or nine years.

Mimecast Insider Risk Management and Data Protection is stable.

Customer support has been impressive. I raise a ticket or task number for any query or issue I have, and I have been receiving great support from the customer service team.

Previously, I had O365 for email security. I was not getting the centralized view that I am getting with Mimecast Insider Risk Management and Data Protection. The AI-enabled capabilities in Mimecast Insider Risk Management and Data Protection are truly impressive. It gives me behavioral analysis and allows me to monitor real-time logs. I was able to get analysis of user behavioral patterns. Because of these reasons, it helps me maintain less headcount in security engineers for this product.

The initial setup is great.

Mimecast Insider Risk Management and Data Protection does provide ROI. It saves a lot of time. Instead of having multiple people managing DLP, I have a Mimecast Insider Risk Management and Data Protection monitoring team. The biggest positive impact has been the sheer amount of time my IT and security team has saved. Legacy DLP tools used to require a dedicated engineer just to manage daily alerts and constantly tune policies. With Mimecast Insider Risk Management and Data Protection, our investigation time for high-risk incidents has been cut in half, and overall management now takes us less than four hours a week. It provided immediate ROI within the first few months by automating our response workflows. Mimecast Insider Risk Management and Data Protection AI response is integrated directly with our HR and identity systems, which allows a smaller security team to do more. It has saved time, saved cost, and reduced the number of people in that particular security project.

It has been a great journey for me with the pricing and setup. I do not have to think about reducing the cost. My experience has been great with Mimecast Insider Risk Management and Data Protection so far.

I was considering Defender, but I wanted a solution purely dedicated to insider risk management and data protection. I heard from other clients that Mimecast Insider Risk Management and Data Protection is a truly good product, and I received a demo as well. It impressed me at the first point, so I went for it.

Mimecast Insider Risk Management and Data Protection provides behavioral pattern analysis and gives me a centralized alert. It helps me maintain less headcount for security engineers. It saves time and cost.

The accuracy of Mimecast Insider Risk Management and Data Protection detection is highly impressive because it moves away from rigid keyword matching and examines the true behavioral context. By utilizing over two hundred fifty built-in risk indicators, it successfully separates everyday employees' collaboration from actual malicious exfiltration. For example, it tracks when the file extension is renamed or when an unusual large volume of files is moved to a personal cloud browser tab, giving the alert high fidelity. In terms of reliability, the endpoint agent is incredibly lightweight and stable. It operates silently across both Windows and macOS setups with almost zero performance impact, ensuring it does not slow down employees' machines or crash. The system is highly dependable. I give this product a review rating of nine out of ten.

My main use case for Mimecast Insider Risk Management and Data Protection is using it as a main tool for insider risk management or IRM, where we monitor for user activities. If there are large downloads or uploads to any external sites, or if there is a large download from SharePoint and other kinds of workloads, the use case kicks in and an alert would be triggered wherein we investigate. Then we get confirmation and do further analysis to confirm whether it is a legitimate or illegitimate activity done by the user.

One specific example of a situation where Mimecast Insider Risk Management and Data Protection helped me catch or investigate an insider risk involves multiple alerts, but one stood out. We had one alert wherein there was a large amount of data uploads to one of the S3 buckets, an Amazon S3 bucket. When we got the alert, we did the investigation, but the S3 bucket that was mentioned does not belong to our organization. While we investigated further, we came to know that the user account was compromised and the attacker was trying to upload the data from the user's OneDrive into their own S3 bucket in order to exfiltrate the information. Though it belongs to insider risk management, it was the attacker who took control of the user's account, and from there on, he started to upload information to the Amazon S3 bucket, which kicked in an alert. We got an alert that there was a large data upload from one of the users. When we performed the investigation, we concluded that it was the attacker who compromised the user account and then the attacker was trying to upload a large amount of data to their S3 bucket.

I use Mimecast Insider Risk Management and Data Protection on a regular basis for investigation and also to create any new use cases as instructed from management. Recently, we added two or three use cases related to SharePoint. We had one of the previous cases wherein the attacker was trying to manipulate the user's inbox and then there was a large amount of data that was being sent out. There were also some legitimate cases wherein the upload or download data was so minimal, in a way that it led us to increase the threshold for that. These are some of the use cases or rather tweakings that we do on Mimecast Insider Risk Management and Data Protection on a regular basis or on a day-to-day basis.

The best features Mimecast Insider Risk Management and Data Protection offers are best-in-class features wherein some of the use cases have been added by the Mimecast team themselves so that we just need to customize the existing use case and do not need to create any new use cases. The second thing is that the alert getting triggered is very fast. There is no latency issue that we have observed. In some of the tools, the users might be uploading and downloading the data, and then after a few minutes or so, the alerts would get triggered. But here it is instant and quick, wherein it provides the results with zero latency. That is also one of the best tools that we have used in recent times.

I find the built-in use cases most valuable in my day-to-day work because as we are a small team, we have many other tasks that need to be carried out. Just sitting down on a regular basis and then creating a new use case from scratch is going to be much more time-consuming. That is where the default use cases kick in, wherein we just have to tweak the existing or the default use cases so that we do not need to create it from scratch. That is one of the standard features, standout features, that I would probably go ahead with.

Mimecast Insider Risk Management and Data Protection has positively impacted my organization as earlier we were struggling with insider risk wherein we were not having any control over it. We were strong in terms of external attack surface, but insider risk was something that we were lagging behind. Because of it, unknowingly there were many data that was exfiltrated by the users and it was sent to their personal email ID and we did not have any control over that. We were exploring some of the solutions out there in the market, including Microsoft Purview, and then Mimecast was another tool that we discussed. We went on with Mimecast because of its cost optimization and also its features and use cases that caught our attention. We deployed the tool in our organization so that now we have more control over the user's activities within our organization, and the quick alerting also helped us in minimizing the internal data exposure. That is where the tool is extremely useful for us.

Regarding how Mimecast Insider Risk Management and Data Protection can be improved, sometimes the tool is slightly laggy, wherein it would take some time for us to fetch the related logs from the Mimecast portal, and that of course can be improved. There could also be a graph or a kind of a graph where, if the organization has a smaller number of employees, it is fine, but if it has a large number of employees and different departments, then in that case, Mimecast could give us an AI suggestion upon how to improvise the current security posture, how we stand and where we can go up to in terms of implementing or tweaking the policies. As the organization's size gets bigger, it would also be better if Mimecast could provide some solutions upon how to segregate the users into groups and what groups can have which policies. Those kinds of features can be added.

Regarding Mimecast Insider Risk Management and Data Protection's AI capabilities, I think its governance and security could improve as I am not entirely sure how it works. It would be helpful if Mimecast could, as the AI capabilities are in place, maintain a strict governance policy upon the data that is being processed, especially for user personally identifiable information. As insider risk management sometimes also gets into the personal details of the user, organizations might be hesitant; even we are also hesitant to use the AI capabilities. If Mimecast could provide more information about how they store the data and whether the agents are local agents or cloud-hosted agents, that would be of great help for the organizations to consider its AI capabilities while adhering to the compliance needs of a particular organization.

I have been working in my current field for about seven years now.

Mimecast Insider Risk Management and Data Protection is stable.

The scalability of Mimecast Insider Risk Management and Data Protection is good; we can deploy it in organizations with more than a thousand or even ten thousand or even hundreds of thousands of employees.

Sometimes we do encounter vague answers for some of the queries we have, but apart from that, the customer support response has always been very good.

We have not used any other solution previously; Mimecast Insider Risk Management and Data Protection is our first solution.

My experience with pricing, setup cost, and licensing for Mimecast Insider Risk Management and Data Protection was good, but the licensing cost could have some sort of concession, especially based on the number of employees within the organization. However, the setup cost or the pricing was nominal for us to proceed.

I have not seen a return on investment yet, as we have not used the AI capabilities. Currently, we have ten employees who are managing the entire portfolio, which we could potentially reduce. There have been scenarios where we have stopped users from sharing data, and that data has been successfully protected from leaving the premises, adding tremendous value for us. With respect to time saved, we have automation in place, enabling us to save a considerable amount of time, such as checking logs to confirm whether actions were performed by the user or if an account was hacked, which has also resulted in significant time savings.

I advise others looking into using Mimecast Insider Risk Management and Data Protection to consider it a great tool, but it depends on what is required as per the organization's needs to extract the maximum capabilities that Mimecast offers. The customer support has always been good, and except for the licensing cost, I think the pricing is also reasonable, and the setup cost is a one-time investment that will stay with us forever. It is essential to evaluate your organization's needs and capabilities and the complexity in managing employees, especially if you have multiple departments. Mimecast helps segregate policies for each department efficiently.

Before choosing Mimecast Insider Risk Management and Data Protection, we evaluated Microsoft Purview Insider Risk Management, but we moved to Mimecast.

Regarding Mimecast Insider Risk Management and Data Protection's AI capabilities, we have not used this feature yet; it is still in the discussion phase, so I will not be able to comment on that part.

We deploy Mimecast Insider Risk Management and Data Protection in our organization using a hybrid cloud model, as we use it for Azure, AWS, and GCP.

My additional thoughts about Mimecast Insider Risk Management and Data Protection are that it is a great tool. Before deploying, we need to understand the organization's landscape, including how many departments we have and what scope we could expand upon with respect to insider risk management. Protecting the internal environment or from internal employees is just as important as protecting the external environment, and the organization should consider insider risk management a priority. It is a valuable tool, and organizations can certainly proceed with its deployment. I would rate this solution a nine out of ten.