Service Update
| Availability | March 30th, 2020 |
| Product(s) | Email Security Cloud Gateway (CG), Targeted Threat Protection - Impersonation Protect |
| Who's affected | Administrators |
Overview
As part of our continuous effort and commitment to ensure that customers get the most functionality from Targeted Threat Protection: Impersonation Protect, we are pleased to announce a new feature that will give customers more control over matching sender display names.
Background
Using the SMTP 'display-name' variable, threat actors can appear to recipients as any display name they choose, such as a work colleague or key customer. Until now, Mimecast would check the sender display name against all internal display names taken from the directory. This is an effective indicator, but in larger or more complex organizations they may have a subset of employees classed as higher value targets or more likely to be impersonated (e.g., the CEO's EA). There is also a second issue around the use of nicknames or short-form names. Threat actors can target employees using shorted names that wouldn't be detected by normal matching. e.g., Using Andy instead of Andrew, or Jenny instead of Jennifer.
Feature
Mimecast has introduced a “Custom Display Names” field to the Impersonation Protect definition. This will allow a customer to define a list of display names that they want to trigger on a 'display-name' sender match. For example, the customer could enter each name, including the nickname variations on each line in the input area. This input field works with and separately from the existing 'all internal names' field, so a customer can use the existing checks as was previously supported.
Detail
- The ‘Internal User Name’ checkbox has been renamed to the ‘Display Name’ checkbox, which is now a high-level menu check. When this is selected, it will expand the two options shown below ('All Internal Display Names' and 'Custom Display Names'). By default, 'All Internal Display Names' will be checked. This mimics previous behavior and is the default.
- The 'Custom Display Names' free text field is displayed and can be entered on one per line.
- The custom names will be normalized in the same way as the existing checks. There is more information on the normalization of the Mimecast Knowledgebase.
- Hits - hit count is combined with the Internal Display Names to give a binary answer. I.e., a hit on both or either creates a 'single hit'. This is to remove double counting.
- There is no change to the way the policy is applied to traffic.
Release schedule
This feature will roll out to customers over the course of the week starting Monday 30th March
Recommended actions
This feature is not enabled by default and requires configuration. Please review the feature information and decide if this feature is of benefit to your organization.
Comments
Please sign in to leave a comment.