Mimecast needs to reduce the number of false positive emails; a big pain point for us. A lot of emails were missed despite being known samples. This needs improvement to reduce the workload on admins to manage emails.

If I ask you about the room for improvement, we discussed the phishing aspect, the DNS system, and the key rotation. Apart from that, are there any other areas that you would like to see improved or enhanced in the Mimecast Email Security?

The platform's cost-effectiveness could be improved.

I did have a problem with Mimecast. That is why I was looking for an alternative solution because their sender IP address gets poorly rated by Microsoft. So it blocks sending emails to Microsoft addresses. The aforesaid reason made me decide to opt for an alternate solution possibly.

Lately, Mimecast's outbound mail servers have been regularly blocklisted by spam filters. That didn't happen a few years back, but it seems to be a more frequent problem these days. When a server is blocklisted, it means all of my outgoing mail ends up in the recipient's junk mail. That affects my reputation and business confidence. 

The lock in is very, very tight. It is impossible to move out of Mimecast to a different product, like Proofpoint or 365 ATP, and keep the chain of custody for every email that I've archived.

The reaction time between a new threat being identified and Mimecast picking it up needs to be narrowed a bit. That gap needs to close. But other than that, I think it's good.

They could provide a unified licensing model, including all the security features.

Nothing’s been working properly in the product. There's a lot of misclassification. The attachment scanning feature doesn't work properly.

The product needs to fix the existing problems, which Mimecast is always in denial about. It definitely must catch up with the market. It needs to fix its core products, which don't work very well.

The solution's console interface was recently changed for the admins, but the previous one was much better because we could open tabs on it. Currently, it's just one pane, and we cannot open tabs in it.

The interface needs improvement.

If I'm looking at the administration panel right now, I can track messages. I can see what was accepted. I can see what's held. I can see what's rejected. I can see what's bounced. I can see delivery. I can see processing. However, it's all seven different things, and that's just silly. 

Also, if something's held and shouldn't be, I can release it, yet I can't add it straight to an allowed list from there. I have to go to a whole separate section, create a policy, update the policy, and add the email address, whereas in our prior product that we used to use, called AppRiver, if mail came in and it should be white-listed or allowed, you would just click the little box and say always allow, and it would just add it straight to the appropriate filter to allow it. The way we have to do it in this product is very convoluted. On the back end, there are ten different places to check for things before you finally figure out the right spot.

I'd like to have better support from the product in the future. I have noted that support has gotten worse over time. 

Many of our users complain that the system is blocking too many attachments. It's a good practice from a security perspective, but our users think Mimecast is doing too much. It might be something we'll have to adjust.

The solution is complex and not easy to use.

I have to continuously manage the tech in a different space with the solution. I've got to manage different types of rules separately.

The tool can be challenging because it relies on rule-based configurations, especially for addressing impersonation threats. This approach requires setting up numerous rules to ensure filtering. It should work based on behavior-based analytics. 

However, it relies on a database of blocked web addresses in the background rather than behavior-based scenarios. So, if a link is malicious and not in the database, it might slip through.

Based on my experience requesting changes and configurations, even simple security queries can sometimes be challenging. For instance, it took us a week to properly configure. Resolving the issue involved multiple rounds of testing and discussions via email and conference calls. So, I believe some aspects of maintenance and setup in Mimecast Email Security may not be as straightforward as expected.

The installation is not so straightforward. In comparison, for example, Proofpoint or Defender offer easier installations when you integrate with Active Directory.

Mimecast need to ensure that the body text format is correctly handled and that images are properly embedded in the body text. Additionally, Mimecast should ensure that the system can accommodate multiple users and effectively send information to them.

The solution should include more AI features instead of Mimecast's more general static configuration tooling.

While it's quick and easy, the initial setup could be more user-friendly.

It was not so much about the product itself, however, their business model needs improvement. We have subscribed to an archival service, and yet, when we have to get our data out, we have to pay a fee to get our own data. They charge an extraction fee. This is something which really worries us as a company.

The product's interface could be improved to be more user-friendly. 

This solution can be frustrating. It blocks many things that should be going through. I have to authorize permission, which seems to be a frequent occurrence. It may be that we have set our protection too high but we work in a regulated industry.

When you click to change permissions on something, it always launches a browser instance to tell me that I have taken an action. I have to close that out and go on to the next one, and when I asign permission another item, again it opens up a browser again to notify me that I have taken action. I don't know why it does that or why it is necessary.

The filtering needs more flexibility.

Their support should be improved. They are notorious for sending you to knowledge-based articles rather than actually talking to you, but that is, unfortunately, kind of becoming a trend with everything.

In terms of features, I haven't had any complaints. However, I don't like the fact they moved to a paid training subscription model. They used to have a lot of free webinars for training, but they have started to charge for them in the past year.

The detection rates are an area for improvement. The other opportunity area I see with Mimecast is that when you're searching inside of the admin console and you detect malicious emails that bypass Mimecast security: let's say you had a hundred of those messages there. Mimecast doesn't have a way to group those and submit one single report to Mimecast. You have to do one at a time which is not really very conducive — it's very time-consuming.

Those are the main two points. If they work to fully resolve those two issues, that would make this an awesome tool. I mean, it's a good tool, but it would be even better.

The main feature that will help everyone will be a different way to submit phishing or malicious emails that went through security. That would be a very good feature I would like to see in the next release.

External security features need improvement.

From an administrative point of view, Mimecast is a little bit cumbersome and difficult. It's not something that the end-user can easily find navigate themselves.

Its pricing can be improved. It is a bit expensive.

There is always space for them to improve. As a user, the user interface of the management console could be upgraded, for example. They can definitely improve their management console interface.

The solution could always add more features and expand its offering.

Because we have not faced any challenges there is no way that we can say that there has to be some improvement.

The price could be better, it should be reduced.

The feature that should be included is to remove the block on the encrypted files.

The solution is very expensive. 

They should make the solution's identity protection feature even better. Also, its default policies need improvement. In addition, they should improve the cookies management feature as well.