Social Graph Activation FAQ

Mimecast's broader platform includes both Social Graph and CyberGraph capabilities. However, this rollout focuses solely on enabling the Social Graph component.

Social Graphing works behind the scenes to map communication relationships and sender patterns. It operates as a contextual signal within Mimecast's detection engine. Critically, this change introduces.

No banner changes: Your end-users will not see any new warnings, banners, or visual changes in their email experience, while improved efficacy from Social Graphing adds a contextual layer to detection, enhancing Mimecast's ability to identify threats from unfamiliar senders.

No end-user impact: This is a backend enhancement. Users will not notice any changes or need to adjust their workflow.

Mimecast will be rolling out Social Graphing as a base contextual trigger across all eligible customer accounts over the next two months.

If you have concerns about this update or wish to discuss opting out of Social Graphing, please contact your Account Management team. Customers who have previously opted out will not receive this update, and Mimecast will continue to honor your existing configuration preferences.

No action is required from your team. There are no configuration changes, no existing policy updates, and no administrative steps needed on your end.

No. Social Graphing will be automatically enabled on your account with no action required from administrators or end users.

A new policy will be created in the CyberGraph Policies Menu with the following settings:

Default Policy Configuration

Default Policy Set Up (Learning Mode) for CyberGraph

1. Policy Name: CyberGraph Learning Mode Default.
2. Settings: Learning Mode.
3. End User Impact: None.  

This policy uses email metadata to power Social Graphing technology.

Social Graphing data is retained for 12 months within the CyberGraph system.

Social Graphing is a foundational step toward the full rollout of Multi-Vector Threat Protection (MVTP). Mimecast’s advanced email security feature is built to stop sophisticated threats that bypass traditional, single-layer defenses.

Unlike legacy solutions that analyze threats in isolation, MVTP aggregates signals from multiple detection engines, including Social Graph analysis, anti-spam, and URL protection. By correlating indicators like unknown senders, domain spikes, freemail usage, and human verification traps, MVTP identifies and blocks malicious emails before they reach your users.

Social Graphing ensures your MVTP policy is powered by your Social Graph from day one. Shortly after Social Graphing is enabled, Mimecast will enable MVTP in Monitor Mode leveraging your social graph to begin improving detections and building accuracy, with no impact to mail flow or end users during this period, allowing administrators to review detections prior to updating from Monitor Mode to Hold Mode.

Default Policy Configuration

 Default Policy Set Up (Monitoring Mode) for MVTP

1. Name: Default Monitoring
2. Description: Default Monitoring
3. Policy Action: Monitoring
4. From: Everyone
5. To: Everyone

What type of Audit Logs are generated?

The visibility of audit log entries depends on when your organization receives the Social Graphing update:

• Before April 10th: Customers provisioned with CyberGraph and MVTP during this period will only see Account Logs entries reflecting the provisioning activity.
• After April 10th: In addition to Account Logs, customers will also begin seeing Policy Logs entries, which reflect the creation of the default policy that is automatically included as part of CyberGraph and MVTP provisioning.

If you have any questions, contact your Mimecast Customer Success Manager (CSM) or our support team.