The full name of Mimecast DLP is Mimecast Content Control and Data Leak Prevention. The DLP label is a little confusing because this abbreviation is usually applied to data loss prevention systems. Mimecast calls its system a data leak prevention service, and it provides a partial data loss prevention system.
A total DLP identifies stores of sensitive data and classifies them. Such a service can usually be adapted by different data privacy standards – placing different sorts of essential data. A DLP also controls data exit points, such as removable storage ports, file transfers services, and messaging and email services.
The Mimecast DLP focuses on the email controls of data exfiltration. So, it offers a part of the DLP functionality. The use of an intensive data protection system for emails is helpful for businesses that use emails extensively. For example, a heavily email-driven company could use electronic mail systems to communicate with customers, workers, and suppliers – circumstances in which personally identifiable information (PII) might legitimately be contained in the body text or attachments.
The critical function of data leak prevention is to control data movement selectively. That means it doesn’t block all data movement but restricts the direction of some data in certain circumstances. Another critical requirement of data control is an event logging service. This enables investigators to trace data movements after the fact. If you can’t entirely block data movement, you should at least report on those events.
About Mimecast
Mimecast Limited is based in the UK but has its listing on NASDAQ in New York. Officially, the company is based in the UK, dependent on Jersey. The company began operations in 2003, and its founders have some strong experience in email systems. One of the board members, as Chief Scientist, is Nathaniel Borenstein, who was the creator of the MIME protocol, which allows email to contain multimedia elements. This system also enables email attachment, and Borenstein sent the first email with an attachment in March 1992.
So, Mimecast started with and retains, some top brains in the field of email content architecture. Thus, the business focuses on offering email-related services. Its product range includes archiving, continuity systems, and security services, all applied to email systems and delivered as a cloud service.
Effectively, Mimecast offers a package of edge services for email systems, and the Content Control and Data Leak Prevention service is one of those.
Mimecast Content Control and Data Leak Prevention
The Content Control and Data Leak Prevention system is a reverse firewall. While deep packet inspection (DPI) firewalls scan incoming data for specific keywords and signs of hacker activity, reverse firewall, scan outgoing data. In the case of Mimecast, it checks for email traffic, leaving a protected system. It then searches through each message for specific data.
Mimecast scans headers, subject lines, body text, HTML, and attachments. As well as text, it looks through images. The image search can spot sensitive data in digital document images. The service also blocks the transmission of inappropriate images.
The data scanner in the Mimecast system looks for specific keywords. These identifiers are listed in a dictionary. A DLP dictionary can be acquired from specialist cybersecurity services, but the Mimecast system already includes one. As the Mimecast service is a cloud-based system, the search criteria and keyword dictionaries for the DLP are maintained behind the scenes by Mimecast’s technicians.
Mimecast DLP actions
The Mimecast system includes several action options that can be triggered when specific data is spotted according to the source and destination of the containing email. These actions are:
As you can see, not all of these actions prevent the email from going out. This is important because the email may be legitimate, and putting it on hold could damage the business’s operations. However, options such as enforcing security mean that all emails containing sensitive data will be treated securely.
- Block the content
- Hold the email for review
- Copy the email to a security monitoring group
- Deliver the email through secure channels
- Add a disclaimer or qualifier to the email
By tuning data security policies, businesses can ensure that sensitive data cannot be disclosed to the wrong person by accident. Still, it can be transmitted to the right person over secure channels.
Secure transmission
A significant security problem with the entire global email system is that it deals with messages in plain text. Although HTTPS-based services offer encryption for content, this only lasts as far as the mail server that hosts the destination email account. Once the email has been delivered there, transmission encryption is removed, and the email is stored in an unprotected state. Mimecast produces a secure email service, and this provides end-to-end encryption to the recipient.
The Secure Messaging Service is an essential partner to the Content Control ad Data Leak Prevention service because it carries authorized messages that the data control checks do not block. Additionally, this service emails a link to the recipient instead of the actual email. The recipient then views the email on the Mimecast server, ensuring that the data doesn’t leave a secure environment.
Data privacy compliance
The data protection and event logging services in Mimecast Content Control and Data Leak Prevention help businesses to comply with several additional data privacy standards. These include:
- PCI-DSS The Payment Card Industry Data Security Standard for credit card data
- HIPAA Health Insurance Portability and Accountability Act for protected health information (PHI)
- GLBA Gramm-Leach-Bliley Act for private financial information
Mimecast DLP deployment options
Mimecast Content Control and Data Leak Prevention is a SaaS platform. The Mimecast system offers a range of email management and security services that can be combined.
There is no on-premises version of the Mimecast system. As a result, there is no other way to access Mimecast DLP than through its cloud platform; however, the system does offer a plug-in for Outlook so that email security and access to the Mimecast Secure Messaging Service can be built into a corporate email service.
Mimecast DLP price
Mimecast DLP is a subscription service. However, the price depends entirely on the volume of email messages an account processes, and Mimecast doesn’t publish its rate card. By combining services, you can get a better rate per application. However, the company requires you to contact the Sales Department to get a quote.
Mimecast Content Control and Data Leak Prevention strengths and weaknesses
The Mimecast service is cloud-based email protection and management platform that can be useful for many email-related tasks. However, the system isn’t a complete DLP and wouldn’t provide a business with a total data protection system. To have comprehensive data loss prevention, you need to have another DLP service operating on your IT system.
If your business is heavily dependent on emails, a robust email management system is an essential service. You can benefit from the Content Control and Data Leak Prevention system in the Mimecast email management services package.
Here are the benefits and detractions of the Mimecast Content Control and Data Loss Prevention:
Mimecast DLP alternatives
Be aware that Mimecast offers a data leak prevention service. By altering one word, Mimecast dodges the issue of falsely classifying its product as a data loss prevention system. You don’t get a DLP from Mimecast, but they make sure not to promise that.
Pros:
- Scans subject line, body, and attachments of emails for sensitive data and intellectual property
- Scans images as well as text
- Implements data fingerprinting by searching for the presence of not-contiguous identifying keyword patterns
- Uses a dictionary of keywords to identify data disclosure
- Offers to block or to route actions on detection of sensitive data
- Integrates with the Mimecast Secure Messaging Service to protect authorized emails
- Plug-in for implementation through Outlook
- A managed service that does not need to be hosted or maintained in house
- Standardization of different document formats, such as PDF and ODF, to facilitate security scanning
- Option to add disclaimers, legal noticing, and branding to all authorized outgoing emails
Cons:
- Data thieves can bypass controls by using other transfer channels, such as removable storage or fax
Suppose your company handles and stores sensitive data. In that case, you need to secure it through discovery and classification, protection for data in storage, control of transfer protocols, and monitoring of removable storage activity, print jobs, and fax activity, as well as email and messaging scanning.
Be careful when you search for a DLP service that the systems you consider are data loss prevention packages that offer complete protection for sensitive data. We have found some suitable products that you should consider.
Our methodology for selecting a Mimecast DLP alternative
We reviewed the market for data loss prevention systems and analyzed the options based on the following criteria:
- An eDiscovery process that locates all sensitive data and categorizes it
- File access controls and content change monitoring
- A method to control all data exfiltration channels
- A system of security policies that can authorize the use and movement of sensitive data by approved users
- Logging of all data-related actions for compliance auditing
- A free trial or a demo system for a cost-free assessment
- Value for money from a full DLP service at a reasonable price
Here is our list of the seven best Mimecast DLP alternatives:
- ManageEngine Endpoint DLP Plus (FREE TRIAL) This data loss prevention package discovers sensitive data and classifies it. File protection is provided by containerization that only allows access via trusted applications. Data movements out of the storage location are assessed. All data-related activity is logged for compliance auditing. The software runs on Windows Server and there is a Free edition that covers 25 endpoints. The paid edition is called Professional and it is available for a 30-day free trial.
- CoSoSys Endpoint Protector This DLP operates both on the cloud and your site, and it can supervise the security of PII, PHI, credit card data, and intellectual property. As well as watching over files, this system monitors data movements. The central controlled is offered as a SaaS service hosted on the CoSoSys servers, or it can be taken as a service on AWS, GCP, or Azure. It can also be installed on-site as a virtual appliance. Associated endpoint agents run on Windows, macOS, and Linux.
- Digital Guardian DLP This SaaS platform reaches out to protected sites by installing endpoint agents on Windows, macOS, and Linux devices. Services provide data discovery and classification for PII and intellectual property. The DLP system controls emails, messaging systems, file transfer utilities, removable storage, printers, and faxes.
- Teramind DLP This hosted SaaS platform can be deployed to protect multiple sites and cloud platforms simultaneously in one account. The Teramind service is based around user and entity behavior analysis which uses AI processes to adjust controls over data access activity. In addition, the package includes peripheral controls and will perform OCR scanning for electronic documents and images.
- Rapid7 InsightIDR this service is, strictly speaking, a SIEM. However, it performs data loss prevention services, providing a unified data protection service that can cover several sites and cloud platforms simultaneously. The package includes a vulnerability scanner, and it also performs sensitive data discovery and file integrity monitoring. This is a SaaS platform with endpoint agents on site.
- Zscaler Cloud DLP This complete corporate data management service creates a data access hub on a SaaS platform. This system diverts all data access through its cloud service even if the user and the data target are on the same site. This enables a range of monitoring services and data access controls.
- Clearswift Adaptive DLP This package has strong email controls for protecting sensitive data, which makes it a good match for the functionality of the Mimecast DLP. However, the Clearswift system also discovers and classifies sensitive data stores and protects files from unauthorized access. The Clearswift service includes Web application data protection as well. This software package has its own RHEL operating system.