Skip to main content

Help us improve the Digital Marketplace - send your feedback

Softcat Limited

Mimecast Brand Exploit Protect

Brand impersonation attacks that compromise customers and partners are devastating. They destroy trust, are extremely difficult to uncover, and even harder to shut down. Mimecast Brand Exploit Protect helps identify and neutralise these attacks, sometimes even before they can even be launched.

Features

  • Block brand attacks before they can launch

Benefits

  • Limit the use of stolen data.

Pricing

£8,333.50 a user

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psitq@softcat.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

3 3 4 1 8 2 8 6 1 4 2 9 2 6 5

Contact

Softcat Limited Charles Harrison
Telephone: 01628 403403
Email: psitq@softcat.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Any application enabled compatible with SMTP routing.
Cloud deployment model
Private cloud
Service constraints
Please refer to Mimcaster Central for further information: https://community.mimecast.com/s/article/Mimecast-Web-Security-Overview-1393091459
System requirements
Public-facing web-based corporaste presence.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
This would be dependent on the Support Package chosen. Further details can be found within the "Mimecast Support Packages" documents attached
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
This would be dependent on the Support Package chosen. Further details can be found within the "Service Brief Customer Success Offerings" and the "Mimecast Service Levels and Support Description" documents attached
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Mimecast provides four implementation options; Core Connect (internet based wizard & Email support), Managed Connect (Wizard & Implementation assistance contactable by phone and email), Managed Implementation (Dedicated implementation engineer proactively driving your implementation), Advanced Implementatation (Proactive dedicated implementation engineer, advanced support, project documentation, optional Mimecast project manager).
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
The Email Tracker prevention technology within Cybergraph provides the ability to export logs to CSV format.
End-of-contract process
All customer data is deleted from the Mimecast Cloud service.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
No difference
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Single Web Based Administration console allowing access to all required controls and settings.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
None
API
Yes
What users can and can't do using the API
User management
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Branding, various policies, settings, notifications, email signatures and disclaimers, authentication requirements options.

Scaling

Independence of resources
Mimecast’s cloud platform is capable of scaling horizontally as far as necessary. Today it handles more than one billion connections for service each day and delivers millions of "clean" messages. The system is scaled, with approximately 20% of capacity allowing for surge scenarios and simultaneous server outages. Mimecast can easily scale overall capacity by adding additional storage and processing resources to the relevant resource pools as required.

Analytics

Service usage metrics
Yes
Metrics types
Brand Exploit Protect uses a dashboard to display all URLs related to your chosen domains that have been detected by us. The dashboard's data is continually updated as new information comes to light. By monitoring activity on the dashboard, you can take direct action to safeguard against counterfeit domains and websites that pose a threat to their company.
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Mimecast

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Mimecast provides the ability to export Attack Lifecycle logs in CSV format.
Data export formats
CSV
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Please see details at https://www.mimecast.com/globalassets/documents/termsandconditions/sla_and_support_terms.pdf

Email Delivery Credit Fee
<100% but >=99% 10%
<99% but >=98% 20%
<98% but >=97% 30%
<97% but >=96% 40%
<96% 50% and Customer may terminate the Agreement and receive a pro-rata refund of any unused pre-paid fees.
Approach to resilience
This information is available on request.

In brief, the platform is completely resilient with data replicated across diverse physical locations ensuring no single points of failure.
Outage reporting
Public Dashboard / Website announcements

Emails

Other communications including phone and text notification available as required.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
The management interface is granular in allowing access on a per user basis for predefined rights. Authorised users are allowed to log support queries.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Schellman & Company, LLC
ISO/IEC 27001 accreditation date
15/12/21
What the ISO/IEC 27001 doesn’t cover
ISO covers the email security, continuity and archiving cloud services for the protection of personally identifiable information in the cloud and ISO 27001 is globally recognised as the best framework to demonstrate audited and continual improvement and on-going security management.

The ISO covers the platform in operation and support mechanisms.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
25/3/2022
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
The full certification details can be found here: https://cloudsecurityalliance.org/star/registry/mimecast/
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC 2 Type I and Type II, ISO 27018,
  • https://www.mimecast.com/company/mimecast-trust-center/
  • ISO 22301,
  • ISO 22301,

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our CISO, Mark O'Hare (Melbourne Office), is responsible for information security and business resilience programs. Siobhan Curry leads our business resilience and led the ISO22301 certification. Please find our public facing Security Information Pack enclosed - further detail can be shared under NDA.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
"Stringent change control procures are in place to maintain operational and service level agreements. All changes are fully documented including roll back procedures.

Updates to the service follow a regular schedule and the impact is communicated to relevant parts of the business and customers. Changes to systems that could impact or compromise existing security and control procedures are subject to review by the Mimecast Information Security Team prior to acceptance."
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Mimecast reviews vendor security bulletins and utilise the corporate SIEM system to log and identify any possible issues.

The severity of vulnerabilities are assessed on impact vs likelihood and risks are adjusted accordingly for manual analysis and system events. Critical vulnerabilities can be deployed globally throughout the Mimecast infrastructure within minutes.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The entire platform is monitored 24 x 7 and system and network logs are entered into a centralised system. The monitoring platform provides mealtime information as well as automated alerting.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Mimecast has a formal Incident reporting process activated by monitoring and staff awareness.

User are able to log calls to activate an incident process.

Mimecast use a fully collaborative ticketing system allowing for the production of accurate incidents reports.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Contract specific Social Value delivery can be made available upon request
Covid-19 recovery

Covid-19 recovery

Contract specific Social Value delivery can be made available upon request
Tackling economic inequality

Tackling economic inequality

Contract specific Social Value delivery can be made available upon request
Equal opportunity

Equal opportunity

Contract specific Social Value delivery can be made available upon request
Wellbeing

Wellbeing

Contract specific Social Value delivery can be made available upon request

Pricing

Price
£8,333.50 a user
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Mimecast provides a Proof Of Concept Account where a wide range of features can be tested.
Link to free trial
Details are available on request at: https://www.mimecast.com/company/contact/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psitq@softcat.com. Tell them what format you need. It will help if you say what assistive technology you use.