This article contains information on Mimecast's Multi-Vector Threat Protection, detailing its features, configuration steps, detection methods, response actions, and integration with Analysis & Reporting for comprehensive email security.
Overview
Multi-Vector Threat Protection is Mimecast’s advanced email security feature designed to combat sophisticated threats that evade traditional, single-layer detection. Unlike legacy solutions that analyze threats in isolation, Multi-Vector aggregates insights from multiple detection engines—including social graph analysis, anti-spam, and URL protection. By correlating signals such as unknown senders, domain spikes, freemail usage, and human verification traps, the system identifies and blocks malicious emails before they reach users’ mailboxes. This integrated approach delivers comprehensive protection against modern, multi-faceted attacks.
Considerations
- Policy-Based Activation: Multi-Vector Threat Protection is enabled via policy configuration. Customers must create and apply the policy to benefit from its capabilities.
- Learning Period: The “Monitor” action allows for a learning period, where results are visible in Analysis & Response (A&R) without taking enforcement action.
- Group Notifications: Initial notifications are sent to groups only.
- Auditability: Customers can access reports on threats detected by Multi-Vector, supporting transparency and confidence in the feature.
Configuring Multi-Vector
To configure the Multi-Vector, follow the easy steps:
- Log into the Mimecast Administration Console.
- Navigate to Policies | Multi-Vector Threat Protection.
- Click Create New Policy.
- Fill in the details:
| Field / Option | Description |
| Policy Details |
This allows you to name the policy and describe the use of the policy.
|
| Actions |
This allows you to select actions triggered by the Multi-Vector Threat Protection detection. Action
Hold Type
|
| Select who the policy applies to |
This allows you to add a rule to apply the policy to different senders and recipients. From*
To*
|
- Once configured, click the Create Policy to enable Multi-Vector protection.
- A pop-up will appear that says, "Policy created successfully."
- Your newly configured policy will be listed on the Multi-Vector Threat Protection Policy Dashboard.
To deactivate the policy, select the policy from the list on your Multi-Vector Dashboard. Locate the three dots (•••) on the left side, click Edit, and then toggle the Activate Action switch to deactivate the policy.
Detection and response actions.
- Automated Actions: Depending on risk, actions may include displaying a warning banner, holding the message for user or admin review, or outright rejection.
- Analysis & Reporting: All detection events are logged and available in the Analysis & Response dashboard, providing visibility into why a message was flagged and what action was taken.
Integration with Analysis & Response
- Unified Scoring: Signals from multiple scanners are integrated into a unified risk score for each message.
- Detailed Event Logging: Detection details—including category and summary—are available per recipient in the Analysis & Response UI.
- API Support: Detection information is accessible via updated APIs for both email overview and targeted recipients, supporting custom reporting and integration needs.
- Continuous Improvement: The system leverages ongoing data collection and AI-driven analysis to adapt to emerging threats.
Comments
Please sign in to leave a comment.