The Mimecast Secure Email Gateway is a messaging security option with anti-spam / anti-malware, data loss prevention, large file send, and other features, from UK company Mimecast.
N/A
Sophos Email
Score 7.5 out of 10
N/A
Sophos Email is presented as Predictive Cloud Email Security Powered by Artificial Intelligence designed to block spam and malware, as well as protect employees and block phishing attempts.
Mimecast's advanced email security remains the number one security tool available for any organization. You will be ahead of the game before anything gets in and users start clicking. Users are often the ones who can disclose sensitive data and compromise the organization and its brand.
I strongly believe that if you are looking for a product that does what it says on the box and has the capacity to keep your company safe, you should look at Sophos. They have consistently been at the top of their game and continue to provide a product that meets the ever-changing needs of the threat landscape.
Simplicity: Once set up, Mimecast Advanced Email Security is easy to use, intuitive, and simple. This reduces onboarding time with new employees.
Robust Audit Trail: Being able to see what happened with specific emails, why things happened, and who was responsible for them helps to reduce troubleshooting time as well as improving overall email observability.
Clean Interface: Mimecast Advanced Email Security is a Swiss-Army-Knife of email security. There are many different configurations and complex rules that can be implemented. To make this manageable Mimecast Advanced Email Security has implemented a simple and clean UI. Being able to favorite commonly used features makes a huge difference in usability.
Simple SSO Integration: This seems like a no-brainer, but its odd to see how many SaaS products either don't support SSO, or make it so complicated and convoluted that setup and maintenance becomes a fully time job.
We could customize it to have a certain level of workflow. We manage to enforce certain email (based on key-phrases) to be quarantined before send it to the recipient. And the email needs to be approved (manually) before being released.
For certain type (using regex) of email, we will encrypt it if it's sent outside our organization domain.
I would like to see some additional improvement around the attachment protection, specifically what may be getting caught and what types of files are attempting to be delivered via email by impersonators.
The Targeted Threat Protection is a great product, and I wish there was a dashboard for this service where we could easily see the types of emails and/or links that have been caught as part of the protection module that could be shared with executives.
Finally, I feel that the phishing protection is great and honestly don't believe there should be much improvement needed there.
I gave a 9/10 rating because with the 1 limited resources needs a bit of experience to work on the dashboard, and then Strong protection policies, reliable email continuity and proactive threat intelligence.
It was easy to use and easy to implement. You don't need previous knowledge on the products, after we got this up and running, it took us hours to put everything together. The transition was easy and seamless.
As an admin it's fine, the console has some slightly annoying quirks (having to to go all the way back to the top when making changes rather than being able to just go up one level for example) and the object orientated nature of it takes some getting your head around how it thinks. But generally speaking it's decent enough once you've used it for a couple of hours
The solution is very scalable, with a possibility to be customized; which means that Sophos Email can be configured depending on our own situation and context not on a general way. On the other hand, Sophos Email has a broad feature set; I mean, along with core spam and malware protection, Sophos offers advanced features such as real-time link following, threat isolation, spoof protection, etc.
When calling them you get best in the world customer services but as previously mentioned their online community and capabilities are a bit lacking. They want you to log into their portal to see updates on issues (vs. using a public facing service) and I rarely find the answers to my issues in electronic format. Their online presence is only helpful with the simplest of issues.
I have always found the answers I have needed in the documentation or online, and have not needed to contact Sophos Secure Email Gateways' support team. This, I think, bodes well for how their software is easy to use and has good documentation when you cannot find what you need in the basic interface.
Mimecast Advanced Email Security is FAR superior. Sophos practically gave us the email for free and we still didn't want it. Sophos also does not do both Gateway and API properly. Mimecast Advanced Email Security's AI-Powered net is next level.
Many other solutions are a complicated setup and take a lot of time for the configuration. With Sophos email we were setup and seeing data/emails within an hour. As I have described the ease of use from a high-level for someone like me a Director just peeking into the system or an analyst that can do a deep dive is one of the best users interfaces I have seen for any product.
We've had to beef up training and other email security tools because we get too many spam and phishing emails still with Mimecast Advanced Email Security in place. This is costing us at least an extra 15% annually in staff time and tooling than it should.
We have been pleased with data loss prevention with Mimecast Advanced Email Security, it does identify PII and auto-encrypts emails with PII effectively.
It does have the ability to integrate with other security tools via API, which is beneficial.
We have prevented several cases of employees tried to steal organization's information; this has a great effect on the ROI not only in dollars but also in our reputation.
We have used it for more than 4 years, which is more than typical technology adoption we usually do; and this is the result of the above causes (prevention of internal fraud).
Need to have an expert of regex to accommodate more advanced DLP function/requirements