Advanced BEC - Setup with CyberGraph

This article contains information on setting up Mimecast CyberGraph and Advanced BEC protection in monitoring mode to observe detections without impacting mail flow.

Overview

Mimecast’s Advanced BEC protection, powered by CyberGraph, helps your organization defend against sophisticated email threats. This guide will walk you through configuring both CyberGraph and Advanced BEC policies in monitoring mode. This approach allows you to safely observe what would be flagged, without impacting mail flow, before activating enforcement actions.

Step 1: Confirm CyberGraph Monitoring Policy

Access the Administrator Console

  1. Log in to your Mimecast Admin Console.
  2. Navigate to Policies | CyberGraph Policies
2026-03-05_09-33-58.png
  1. Confirm the presence of an Existing Policy or create a New Policy.
  2. Click the Create New Policy button.
  3. Enable Monitoring Mode
    • In the policy settings, set Dynamic Banner Status to Learning.
      This enables CyberGraph to analyze emails and provide insights, but it won’t take action yet.
2026-03-05_09-50-27.png
  1. Click Save and Exit to activate your monitoring policy.

Step 2: Configure Advanced BEC Monitoring

You must have an active CyberGraph policy (as configured above) for Advanced BEC to function.

  1. Log in to your Mimecast Admin Console.
  2. Navigate to Policies | Advanced BEC Protection Policies.
2026-03-05_10-09-34.png
  1. Click Create New Policy and complete the details.
  2. Set Detection Sensitivity
    • Choose Moderate detection sensitivity.
2026-03-05_10-12-49.png
  1. Set Actions to Monitor Mode
    • In policy options, select:
      Action: Set to Monitor Only (do not select Block or Quarantine).
2026-03-05_10-16-53.png
  1. Click Save and Exit.

Step 3: Review and Monitor

  • With both policies active in monitoring mode, you will start seeing log records under Analysis and Response | Advanced BEC, and you will start to see messages that have been analyzed by Advanced BEC.
  • No emails will be blocked or quarantined while in monitoring mode, allowing you to review flagged messages and adjust settings as needed.
  • For best results, using Learning mode lets Mimecast gather data so you can later fine-tune policies before going live.

Next Steps

After you’ve completed the above setup, monitor alerts and review flagged emails. Please allow a few days for Mimecast to compile data, and when ready, you can move on to changing the action from Monitor to Hold, Reject, or Take No Action.'

Please note, Detections are only viewable in Analysis and Response.

2026-03-05_10-34-50.png

For more information, please refer to our Advanced BEC Overview article.

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.