Mimecast extends traditional gateway security with Targeted Threat Protection. An independent archive protects data from human error, technical failure and malicious intent while providing accessibility for employees and admins. Continuity for email keeps employees sending and receiving email even if your on-premises system or cloud solution, such as Office 365.
- Layered malware protection against known and zero-day threats.
- 100% virus protection; 99% spam; 0.0001% spam false positives
- Immediate enforcement of email security and DLP policies.
- Sandbox email attachments to protect against malicious scripts.
- Transcribe attachments in real time delivering 100% safe files.
- On-click URL scanning protects against good websites turning bad.
- Protection against social engineering attacks like whaling or CEO fraud
- Perpetual, journal email archive backed by 7 sec search SLA.
- Always-on email continuity from Outlook, Mac, Mobile and Browser
- Detailed audit, logging and reporting with roles based access control.
- Protects users from malicious attachments in emails.
- Protects users from malicious urls in emails.
- Protects users from impersonation attacks soliciting fund transfers.
- Removes the burden of managing newsletters from users.
- Allows users to continue to send/receive email during outages.
- Reduce cost and complexity through single cloud platform.
- Comprehensive compliance, e-discovery and litigation support journal archive.
- Allows users to quickly retrieve email from their archive
- Single administration console to manage all services.
- User access from Outlook, Mac, Mobile and Web Browser.
£46.00 to £63.60 per user per year
- Education pricing available
0161 837 7744
|Software add-on or extension||Yes|
|What software services is the service an extension to||Extension to messaging platform services – eg On Premise Exchange, Office 365, Google Apps|
|Cloud deployment model||Public cloud|
|Service constraints||See Service level Agreement|
|System requirements||An existing messaging platform eg Exchange, Office 365, Google Apps|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Dependant on Service level purchased
- Email only business hours
- Email and Telephone support Business hours
- Email and Telephone 24 x 7
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard Support: Email support available during local working hours (8am to 6pm)
Business Support: Telephone support available during local working hours (8am to 6pm)
Priority/Platinum Support: 24x7 telephone support. Technicians are available 24x7 either directly or through a call answer service. Email support is available during local working hours.
|Support available to third parties||Yes|
Onboarding and offboarding
On boarding – Connect Application, backed with a dedicated connect engineer.
Off Boarding – Customer driven, however assistance can be provided by Mimecast.
|End-of-contract data extraction||Mimecast data extraction tools driven by customer.|
|End-of-contract process||Gateway services would cease to function. Customer data is retained until data extraction is complete.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||NONE|
|Accessibility standards||None or don’t know|
|Description of accessibility||N/A|
|What users can and can't do using the API||Utilisation of a reporting dashboard - via Splunk|
|API documentation formats||HTML|
|API sandbox or test environment||No|
|Independence of resources||We continuously monitor the utilisation of our underlying grid architecture data centre and ensure that additional infrastructure is deployed to maintain a 30% buffer to maximum utilisation.|
|Service usage metrics||Yes|
|Metrics types||Graphical or Tabular reporting around message flow, bandwidth usage. Provided on a scheduled basis. Customer Service reports around threats and product feature usage.|
|Reporting types||Regular reports|
|Supplier type||Reseller providing extra support|
|Organisation whose services are being resold||Mimecast|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||Customer's archived data is encrypted at rest using AES256 bit encryption. Each customer is assigned a unique encryption key generated though a FIPS 140-2 aligned crypto library which is stored securely in a centralized key management system and used to encrypt data written to storage or decrypt data read from the storage grid. The Customer's encryption key is further encrypted with a master key stored within a centralized and restricted key management system.|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Via secure FTP download or the provision of an encrypted disk.|
|Data export formats||Other|
|Other data export formats||Eml or zipped eml|
|Data import formats||Other|
|Other data import formats||Eml or pst|
|Data protection between buyer and supplier networks||
|Other protection between networks||Mimecast encrypts customer data within its control in transit through TLS. Connections and data in transit to and from the Mimecast cloud can be encrypted using the secure versions of protocols, for example, SSL, TLS, HTTPS, LDAPS, SMTPS and POPS.|
|Data protection within supplier network||
|Other protection within supplier network||Mimecast encrypts customer data within its control in transit through TLS. Connections and data in transit to and from the Mimecast cloud can be encrypted using the secure versions of protocols, for example, SSL, TLS, HTTPS, LDAPS, SMTPS and POPS.|
Availability and resilience
|Guaranteed availability||Please see - Availability and resilience https://www.mimecast.com/globalassets/documents/termsandconditions/sla_and_support_terms.pdf|
|Approach to resilience||https://www.mimecast.com/globalassets/documents/termsandconditions/sla_and_support_terms.pdf|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Customer data is encrypted at rest using AES256 bit encryption. Customer is assigned unique encryption key stored securely in a centralized key management system. The Customers encryption key is further encrypted with a master key stored within a centralized and restricted key management system. To access customer data, unique encryption keys are generated through the key management system following a strict process of approval that includes multiple levels of executive authorization. Use of these encryption keys is limited to Sr. Production Engineers and is logged, monitored, and configured for alerting by Security via a centralized SIEM.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Certification Europe|
|ISO/IEC 27001 accreditation date||March 21, 2012|
|What the ISO/IEC 27001 doesn’t cover||N/A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||ISO27018, ISO22301, SOC 2 and HIPAA|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||ISO 27018, and 22301|
|Information security policies and processes||Mimecast’s information security policies and processes are in alignment with ISO27001 and NIST|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
High impact changes (e.g. Firewall/ switches) have been identified and are subject to a documented change control procedure which includes support tracking, approved workflows, and fall back procedures. Updates to the service follow a regular schedule and the impact is communicated to relevant parts of the business and customers.
Changes to systems that could impact or compromise existing security and control procedures are subject to review by the Mimecast Information Security Team prior to acceptance.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Mimecast monitors vendor security bulletins for vulnerabilities and utilizes several vulnerability scanners which both continually scan and provide static analysis of the environment. Vulnerability Results are correlated against events and suspicious activities logged withSIEM. The severity of vulnerabilities are assessed based on their impact and likelihood and risks are adjusted accordingly against both manual analysis and system events. Critical discovered vulnerabilities are discussed within one working day of the vulnerability being discovered. Mimecast has the capability to roll out patches globally within minutes. Patches are tested and follow a phased implementation to ensure no unexpected consequences from the patch.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||System and network logs are aggregated to a centralized SIEM and configured for alerting and monitoring by the Security team.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Mimecast has a formal incident reporting process. All Mimecast staff who deal with client systems are trained on what constitutes an information security event and how to report it. The incident management roles and responsibilities of Mimecast staff, contractors and third-parties are formalized and documented. Mimecast has established an Incident Response Team, which also includes regional incident handlers for each territory of operation. Mimecast implements the SANS Institute Six-Step Incident Response Methodology that covers; 1. Preparation; 2. Identification; 3. Containment; 4. Eradication; 5. Recovery; and 6. Follow-up and Lessons Learnt.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£46.00 to £63.60 per user per year|
|Discount for educational organisations||Yes|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|