MIME 2017 Annual Report

9 Mimecast Advanced Security Email security provides a critical defense against hackers seeking to capture and exploit valuable organizational information and disrupt business operations. Our Mimecast Email Security services provide comprehensive email security. They block spam, malware, malicious URLs, spear-phishing, and defined content from entering or exiting the organization. Further, these services provide administrators granular security and content policy control for inbound, outbound, and internal email traffic to prevent threats, including data leaks. Integration into Microsoft Outlook ® and via mobile apps provides employees the freedom to be self-sufficient and to manage their quarantines, personal blacklists, and many other aspects of their email security and management. Customers can benefit from the following Mimecast security services: • Targeted Threat Protection : Highly sophisticated targeted attacks, including spear-phishing, are using email to successfully infiltrate organizations, exploit users and steal valuable intellectual property, customer data and money. • URL Protect addresses the threat from emails containing malicious links. It automatically checks hyperlinks each time they are clicked, preventing employees from visiting malicious websites regardless of what email client or device they are using. It also includes innovative user awareness capabilities so IT teams can raise the security awareness of employees as part of their daily email activities. Once enabled, a percentage of links in emails clicked by an employee will open an informational screen. This will provide them with more information about the email and destination, encouraging them to consider whether the email is coming from a reliable source and if the page is safe. If they choose to continue, the choice is logged and URL Protect scans the link and blocks access if the destination is deemed unsafe. IT administrators can adjust the frequency of these awareness prompts to ensure employee caution is maintained. Repeat offenders that regularly click bad links can automatically receive more frequent prompts until their behavior changes. The IT team can track employee behavior from the Mimecast administration console and target additional security training as required. • Attachment Protect reduces the threat from weaponized or malware-laden attachments used in spear-phishing and other advanced attacks. It includes pre-emptive sandboxing to automatically security check email attachments before they are delivered to employees. Attachments are opened in a virtual environment, or sandbox, isolated from the email system, security checked and passed on to the employee only if no threat is detected. It also includes the option of an innovative safe file conversion capability that automatically converts attachments into a safe file format, neutralizing any chance of malware as it does so. The attachment is delivered to the employee in read-only format without any sandbox analysis delay. As most attachments are read rather than edited, this is often sufficient for many users. Should the employee need to edit the attachment, they can request it and from there it is sandboxed on-demand and delivered in the original file format. • Impersonation Protect gives instant and comprehensive protection from malware-less social engineering attacks, often called CEO fraud, whaling, impersonation, or business email compromise. These attacks are designed to trick users, most particularly key employees such as those who are on an organization’s finance team, into making wire transfers or other financial transactions to cybercriminals by pretending to be the CEO or CFO via spoofed email. Some impersonation attacks also target those responsible for managing sensitive employee data, such as payroll information, which could be used for identity theft. Impersonation Protect detects and prevents these types of attacks by identifying combinations of key indicators in an email to determine if the content is likely to be suspicious, even in the absence of a URL or attachment. Impersonation Protect blocks or flags suspicious email by using advanced scanning techniques to identify elements commonly used by criminals, including employee, domain, or reply-to names, and other keywords such as ‘wire transfer,’ ‘tax form’ or ‘urgent.’ • Internal Email Protect, or IEP, is the industry’s first threat management capability for internally generated email delivered by a purely cloud-based security service. IEP allows customers to monitor, detect and remediate security threats that originate from within their internal email systems. This capability provides for the scanning of attachments, URLs, and content in internally generated email. In addition, IEP includes the ability to automatically remediate infected email from a user’s inbox. • Secure Messaging: Email containing sensitive or confidential information requires appropriate security and control to prevent inadvertent or deliberate data leaks and to protect the information while in transit. Mimecast Secure Messaging is a secure and private channel to share sensitive information with external contacts via email without the need for additional client or desktop software. Sensitive information is kept within the Mimecast cloud service, strengthening information security, data governance and compliance, without the added IT overhead and complexity of traditional email secure messaging or encryption solutions.