Mimecast cloud cybersecurity services for email, data, and web provides your organization with archiving and continuity needed to prevent compromise. Mimecast Frequently Asked Questions Why are we moving to Mimecast for email security?. Mimecast is an industry leader in email security and filtering, so we have partnered with them to enhance the state’s security posture. This transition will also remove the NoClick solution so you will be able to access legitimate links directly. Personal Portal - Mimecast.
Type | Public |
---|---|
Nasdaq: MIME | |
Industry | Information security E-mail archiving File archiving Cybersecurity |
Founded | 2003; 18 years ago |
Founders | Peter Bauer Neil Murray |
Headquarters | London, England, UK |
Key people | Peter Bauer (CEO) Neil Murray (CTO) Rafe Brown (CFO) Nathaniel Borenstein(Chief Scientist) Dino DiMarino (CRO) Karen Anderson (CHRO) |
Products | Unified Email Management integrating Email Security; Enterprise Information Archiving, Mailbox Continuity and Services for Office 365, Cybersecurity Training, Web Security |
1,800 | |
Website | www.mimecast.com |
Mimecast Limited is a Jersey-domiciled, UK-headquartered company specializing in cloud-based email management for Microsoft Exchange and Microsoft Office 365,[1] including security, archiving, and continuity services to protect business mail. The company is listed on the NASDAQ.[2]
History[edit]
Mimecast was founded in 2003 by Peter Bauer and Neil Murray. It has offices in London, Boston, Chicago, San Francisco, Dallas, Cape Town, Johannesburg, Melbourne, Amsterdam, Munich and Israel.[3] On October 16, 2015, Mimecast announced that it filed its registration statement for a proposed initial public offering (IPO). Mimecast began trading on the Nasdaq Global Select Market under the ticker symbol 'MIME' on November 19, 2015. The offering closed on November 24, 2015.
On July 10, 2018, Mimecast acquired cybersecurity training start up Ataata.[4][5]
On July 31, 2018, Mimecast acquired Solebit.[6]
On November 14, 2019, Mimecast acquired DMARC Analyzer.[7]
On January 6, 2020, Mimecast acquired Segasec.[8]
Founding[edit]
Mimecast co-founder and CEO, Peter Bauer, previously founded FAB Technology in the mid-nineties and sold it to Idion. Earlier, Peter trained as a Microsoft systems engineer and worked with corporate messaging systems.[9] Mimecast co-founder and CTO is Neil Murray, previously CTO at Global Technology Services and founder of Pro-Solutions.[10][11]
Other executives include Mimecast Chief Scientist Nathaniel Borenstein, who was amongst the original designers of the MIME protocol for formatting multimedia Internet electronic mail - he sent the world's first e-mail attachment on 11 March 1992.[12]
Technology[edit]
The service uses a massively-parallel grid infrastructure for email storage and processing[13] through geographically dispersed data centers.[14][15] Its Mail Transfer Agent provides intelligent email routing based on server or user mailbox location.[16]
Email Security
- Secure Email Gateway: user optimized spam protection,[17]malware, DoS and DHA protection. Real-time diagnostic and reporting; data loss prevention, secure message delivery, email branding and disclaimer management, document conversion and metadata management, real-time online queue management, large attachment management, advanced routing and spooling.[18]
- Targeted Threat Protection: URL rewriting at the gateway with time-of-click scanning for malicious content before being opened.[19]
- Large File Send: send and receive large files from Outlook, with encryption, optional access key and custom expiration dates.[20]
- Secure Messaging: secure email channel for sensitive information either user-initiated or policy-driven.[21]
Enterprise Information Archiving
- Cloud Archive for Email: Encrypted cloud storage which saves emails in triplicate[22] in an immutable storage system.[23] Users can access and search emails through an Outlook desktop client.[24] Archive access is available via a Mac desktop app and apps for Android, BlackBerry, iOS[25] and Windows Mobile devices.
Mailbox Continuity
- Continuity: During primary mail system outages, email can be accessed via Microsoft Outlook, through a web browser[26] and via mobile devices.[27]
Mimecast Outlook Plugin
Security and privacy breaches[edit]
In January 2021, a Mimecast security certificate was revealed to have been compromised, potentially allowing attackers to intercept communications with Microsoft-based email servers.[28][29][30]
References[edit]
- ^'The Future Fifty: the list'. The Telegraph. Retrieved 2015-09-21.
- ^'Our Company | Mimecast'. www.mimecast.com. Retrieved 2019-06-04.
- ^'About Mimecast'. Mimecast. Retrieved 2015-09-21.
- ^'Cybersecurity training startup Ataata acquired by Mimecast - Technical.ly DC'. Technical.ly DC. 2018-07-10. Retrieved 2018-07-12.
- ^'Bethesda-based cybersecurity training startup raises $3M Series A - Technical.ly DC'. Technical.ly DC. 2017-12-19. Retrieved 2018-07-12.
- ^Osborne, Charlie (2018-08-01). 'Mimecast snaps up security software developer Solebit in $88m deal'. ZDNet. Retrieved 2018-08-01.
- ^mimecast. 'Mimecast Acquires DMARC Analyzer'. www.mimecast.com. Retrieved 2020-01-10.
- ^mimecast. 'Segasec Acquisition'. www.mimecast.com. Retrieved 2020-01-10.
- ^'Peter Bauer, Co-Founder and CEO, Mimecast'. Gartner Symposium ITExpo. Retrieved 2011-12-30.
- ^'V3 Hot Seat: Mimecast CTO and co-founder Neil Murray'. V3.co.uk. Retrieved 2015-09-19.
- ^'CrunchBase'. Retrieved 2015-09-19.
- ^'NSB Home Page'. web site, including CV. Retrieved Feb 27, 2013.
- ^'Mimecast and file server destruction'. The Register. Retrieved 2009-12-14.
- ^'Product Review: Mimecast Unified Email Management'. TheDataChain.com Whitepaper. Retrieved 2011-09-25.
- ^'Mimecast Hits the Bloor Research Bullseye for Best Practise E-mail Archiving'. technews.tmcnet.com. Retrieved 2011-09-30.
- ^Weinberger. 'Mimecast Offers Free Microsoft Office 365 Cloud Migration'. Talkin Cloud. Retrieved 2015-09-11.
- ^'Mimecast Email Security Updates Give Users, IT Departments More Control'. Web Host Industry Review. Retrieved 2013-03-05.
- ^'Mimecast gilds the enterprise email service'. Information Age. Retrieved 2013-03-05.
- ^'Mimecast takes aim at spear phishing through enterprise cloud email protection | ITProPortal.com'. Retrieved 2015-09-21.
- ^'Mimecast expands Outlook service with large file support'. V3.co.uk. Retrieved 2015-09-21.
- ^'Mimecast adds functionality for endusers and administrators to email security suite'. SC Magazine. Retrieved 2015-09-21.
- ^'Mimecast scientist targets email's future'. BusienessCloud9. Retrieved 2013-03-05.
- ^'Email compliance - how to get it right'. Legalbrief Today. Retrieved 2013-03-05.
- ^'Product Review: Mimecast Unified Email Management'. MSExchange.org. Retrieved 2011-11-20.
- ^'Mimecast Mobile Archive'. ITunes Preview. Retrieved 2013-03-05.
- ^'Acceleration eMarketing stays online post Superstorm'. ITWeb. Retrieved 2013-03-19.
- ^'Businesses likely to rethink continuity plans after Blackberry outage'. Computer Weekly. Retrieved 2013-03-19.
- ^'Email security firm Mimecast says hackers hijacked its products to spy on customers'. U.S. 2021-01-12. Archived from the original on 2021-01-12. Retrieved 2021-01-13.
Three cybersecurity investigators, who spoke on condition of anonymity to discuss details of an ongoing probe, told Reuters they suspected the hackers who compromised Mimecast were the same group that broke into U.S. software maker SolarWinds and a host of sensitive U.S. government agencies.
- ^'Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack'. SecurityWeek.Com. 2021-01-13. Retrieved 2021-01-13.
According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect (IEP), and Sync and Recover products with Microsoft 365 Exchange Web Services. ... The company has not shared any details about the attacks abusing the compromised certificate, but some experts have speculated that the certificate may have allowed the hackers to intercept Mimecast customers’ communications.
- ^Seals, Tara (2021-01-12). 'Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack'. Threatpost. Retrieved 2021-01-13.
Mimecast provides email security services that customers can apply to their Microsoft 365 accounts by establishing a connection to Mimecast’s servers... A compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said. It would be possible to intercept that traffic, or possibly to infiltrate customers’ Microsoft 365 Exchange Web Services and steal information. 'The attack against Mimecast and their secure connection to Microsoft’s Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached SolarWinds and multiple government agencies,' Saryu Nayyar, CEO at Gurucul, said via email.
External links[edit]
Official website
- Business data for Mimecast:
The hackers, which US intelligence agencies have said likely have Russian origins, used a backdoored update for SolarWinds Orion software to target a small number of Mimecast customers. Exploiting the Sunburst malware sneaked into the update, the attackers first gained access to part of the Mimecast production-grid environment. They then accessed a Mimecast-issued certificate that some customers use to authenticate various Microsoft 365 Exchange web services.
Tapping Microsoft 365 connections
Working with Microsoft, which first discovered the breach and reported it to Mimecast, company investigators found that the threat actors then used the certificate to “connect to a low single-digit number of our mutual customers’ M365 tenants from non-Mimecast IP address ranges.”
The hackers also accessed email addresses, contact information, and “encrypted and/or hashed and salted credentials.” A limited number of source code repositories were also downloaded, but Mimecast said there’s no evidence of modifications or impact on company products. The company went on to say that there is no evidence that the hackers accessed email or archive content Mimecast holds on behalf of its customers.
In a post published Tuesday, Mimecast officials wrote:
While the evidence showed that this certificate was used to target only the small number of customers, we quickly formulated a plan to mitigate potential risk for all customers who used the certificate. We made a new certificate connection available and advised these customers and relevant supporting partners, via email, in-app notifications, and outbound calls, to take the precautionary step of switching to the new connection. Our public blog post provided visibility surrounding this stage of the incident.
We coordinated with Microsoft to confirm that there was no further unauthorized use of the compromised Mimecast certificate and worked with our customers and partners to migrate to the new certificate connection. Once a majority of our customers had implemented the new certificate connection, Microsoft disabled the compromised certificate at our request.
Advertisement The chosen few
The SolarWinds supply chain attack came to light in December. Attackers carried it out by infecting the Austin, Texas company’s software build and distribution system and using it to push out an update that was downloaded and installed by 18,000 SolarWinds customers.Mimecast
Mimecast was one of a small number of those customers who received follow-on malware that allowed the attackers to burrow deeper into infected networks to access specific content of interest. White House officials have said that at least nine federal agencies and 100 private companies were hit in the attack, which went undetected for months.
Certificate compromises allow hackers to read and modify encrypted data as it travels over the Internet. For that to happen, a hacker must first gain the ability to monitor the connection going into and out of a target’s network. Typically, certificate compromises require access to highly fortified storage devices that store private encryption keys. That access usually requires deep-level hacking or insider access.
Underscoring how surgical the supply-chain attack was, Mimecast was among the small percentage of SolarWinds customers who received a follow-on attack. In turn, of the several thousand Mimecast customers believed to have used the compromised certificate, fewer than 10 were actually targeted. Limiting the number of targets receiving follow-on malware and launching the attacks from services located in the US were two of the ways the hackers kept their operation from being discovered.
Mimecast Admin
When Mimecast first disclosed the certificate compromise in January, the similarities with parts of the SolarWinds attack generated speculation the two events were connected. Tuesday’s Mimecast post is the first formal confirmation of that connection.