What Are Mimecast Best Practices?

These are Mimecast configurations and workflows which are proven to significantly reduce false positives, false negatives, and provide admins and users with a higher quality experience while using Mimecast. You will maximize security and business continuity if using Select Cybersecurity’s Mimecast best practices.

We have best practice configurations for every security policy in Mimecast. Here are some best practice tips we’d like to share which are fundamental to overall success in utilizing Mimecast.

Use Profile Groups

Using profile groups is one of the easiest ways to simplify management of your Mimecast and avoid costly mistakes due to human error. Creating security policies when they are not needed is one of the most common workflow mistakes we see which results in large scale bypass creation and disorganization which ultimately leads to confusion for administrators. There are 6 policies that need your attention for profile groups:

  • Attachment Management Bypass

  • Attachment Protection Bypass

  • Blocked Senders

  • Impersonation Protection Bypass

  • Permitted Senders

  • URL Protection Bypass

Audit All CORE Security Policies and Profile Groups

In order to assure efficacy of Mimecast you must periodically audit your 18 core security policies and their associated profile groups. Email addresses, domains, IP addresses, and security policies will inevitably accumulate overtime and can potentially create security vulnerabilities, especially when not documented properly. We find that when there is a complaint on the effectiveness of Mimecast it almost always because of an adjustable configuration mistake. These 18 policies are:

  • Anti-Spoofing

  • Anti-Spoofing SPF Bypass

  • Attachment Management

  • Attachment Management Bypass

  • Attachment Protection

  • Attachment Protection Bypass

  • Auto Allow

  • AV Scan On Release

  • Blocked Senders

  • DNS Authentication Inbound

  • DNS Authentication Outbound

  • Greylisting

  • Impersonation Protection

  • Impersonation Protection Bypass

  • Permitted Senders

  • Spam Scanning

  • URL Protection

  • URL Protection Bypass

Select Cybersecurity LLC has a breakdown of all 64 Mimecast Policies and where they fit on your best practice journey. The above are part of our CORE security policies which establish a solid baseline for moving to more complex policy.

Use Best Practice Impersonation Protection Policies and Workflows

It is likely that you have impersonation attempts making it to your user inboxes regularly even though you have impersonation protection configured. We see it very often so we’ve decided to address it here.

Why didn’t my Impersonation Protection policy stop this email?

If impersonation protection is not stopping a desired email you need to use the message headers to diagnose the exact hits which should have occurred. Most of the time you will find that it’s not triggering the policy because it does not fit the criteria for the policy. You should use this information to adapt your current policies to be more effective.

How to set up Mimecast Impersonation Protection.

There are several basic best practice policies to use when configuring an effective impersonation protection layer of security. You need to have a standard 2 hit policy, a newly observed domain policy, and of course a highly customized VIP policy focused on key personnel. Outside of those basics, there are several more advanced policies which can be used to further tighten security. For full details and help with configuration please reach out to us for a free assessment where we will provide you with a report and score your Mimecast security while providing you with best practice configurations for all of your policies including impersonation protection.

Utilize Select Cybersecurity’s best practice configurations for all 18 Core security policies.

Our Best Practice Assessment gives insight and provides a roadmap to full optimization. For many customers this is a 6 month process with very minimal business disruption.