Mimecast Email Security can be improved by adding some API integrations. Instead of remaining a traditional gateway, Mimecast Email Security needs to provide API solutions similar to Check Point.

If I ask you about the room for improvement, we discussed the phishing aspect, the DNS system, and the key rotation. Apart from that, are there any other areas that you would like to see improved or enhanced in the Mimecast Email Security?

Allow modification of potentially dangerous hyperlinks to be converted into either text or image instead of rejecting the message.

Mimecast needs to reduce the number of false positive emails; a big pain point for us. A lot of emails were missed despite being known samples. This needs improvement to reduce the workload on admins to manage emails.

There is room for improvement since new threats are emerging. Considering the availability of new features would be worthwhile. Mimecast Email Security is somewhat expensive compared to the competition in the Indian market, and the local presence is lacking as they do not have a local representative currently.

Lately, Mimecast's outbound mail servers have been regularly blocklisted by spam filters. That didn't happen a few years back, but it seems to be a more frequent problem these days. When a server is blocklisted, it means all of my outgoing mail ends up in the recipient's junk mail. That affects my reputation and business confidence. 

The interface needs improvement.

If I'm looking at the administration panel right now, I can track messages. I can see what was accepted. I can see what's held. I can see what's rejected. I can see what's bounced. I can see delivery. I can see processing. However, it's all seven different things, and that's just silly. 

Also, if something's held and shouldn't be, I can release it, yet I can't add it straight to an allowed list from there. I have to go to a whole separate section, create a policy, update the policy, and add the email address, whereas in our prior product that we used to use, called AppRiver, if mail came in and it should be white-listed or allowed, you would just click the little box and say always allow, and it would just add it straight to the appropriate filter to allow it. The way we have to do it in this product is very convoluted. On the back end, there are ten different places to check for things before you finally figure out the right spot.

I'd like to have better support from the product in the future. I have noted that support has gotten worse over time. 

Overall, just across all the Mimecast pieces that we use, it's somewhat of a mess when you want to figure out where you need to go to make a change. The interface isn't the best. How everything works on the back end is confusing.

There are no missing features to speak of.

I did have a problem with Mimecast. That is why I was looking for an alternative solution because their sender IP address gets poorly rated by Microsoft. So it blocks sending emails to Microsoft addresses. The aforesaid reason made me decide to opt for an alternate solution possibly.

The lock in is very, very tight. It is impossible to move out of Mimecast to a different product, like Proofpoint or 365 ATP, and keep the chain of custody for every email that I've archived.

The reaction time between a new threat being identified and Mimecast picking it up needs to be narrowed a bit. That gap needs to close. But other than that, I think it's good.

They could provide a unified licensing model, including all the security features.

The solution is complex and not easy to use.

I have to continuously manage the tech in a different space with the solution. I've got to manage different types of rules separately.

Nothing’s been working properly in the product. There's a lot of misclassification. The attachment scanning feature doesn't work properly.

The product needs to fix the existing problems, which Mimecast is always in denial about. It definitely must catch up with the market. It needs to fix its core products, which don't work very well.

The solution's console interface was recently changed for the admins, but the previous one was much better because we could open tabs on it. Currently, it's just one pane, and we cannot open tabs in it.

Many of our users complain that the system is blocking too many attachments. It's a good practice from a security perspective, but our users think Mimecast is doing too much. It might be something we'll have to adjust.

While it's quick and easy, the initial setup could be more user-friendly.

Certainly, the primary area needing improvement is Mimecast's customer support. Our experience as Mimecast customers has been less than satisfactory. Even when raising a priority ticket, the response time is unacceptably long, often taking around five to six hours. This level of service is disappointing. Additionally, there have been recurring service disruptions in the UK region, leading to extended email delays due to various service issues. This year alone, we've encountered such problems on approximately four occasions.

The price of the solution is expensive. It can improve by reducing the price. 

The installation is not so straightforward. In comparison, for example, Proofpoint or Defender offer easier installations when you integrate with Active Directory.

Mimecast need to ensure that the body text format is correctly handled and that images are properly embedded in the body text. Additionally, Mimecast should ensure that the system can accommodate multiple users and effectively send information to them.

The solution should include more AI features instead of Mimecast's more general static configuration tooling.

The differentiation between bulk spam mail and campaign-related mail could be improved. Campaign-related activities are challenging to find in Mimecast Mailbox Continuity. For example, in an organization with a hundred people working for you, there will be approximately 100 email IDs. As a sender, if I want to spoof some people in the organization and hack their credentials, I need to identify targets for the phishing campaign. So I could use an email address to spoof a Microsoft page or create a fake page impersonating Microsoft to harvest credentials. By sending a hundred people a hundred emails with the same subject and same sender, with the same URL, this will easily be detected. So the second option is to spoof the sender every time by sending a hundred people a hundred URLs with similar subjects. In the second scenario, Mimecast Mailbox Continuity is not very good at detecting it.

This solution can be frustrating. It blocks many things that should be going through. I have to authorize permission, which seems to be a frequent occurrence. It may be that we have set our protection too high but we work in a regulated industry.

When you click to change permissions on something, it always launches a browser instance to tell me that I have taken an action. I have to close that out and go on to the next one, and when I asign permission another item, again it opens up a browser again to notify me that I have taken action. I don't know why it does that or why it is necessary.

The filtering needs more flexibility.

There is always space for them to improve. As a user, the user interface of the management console could be upgraded, for example. They can definitely improve their management console interface.

The solution could always add more features and expand its offering.

Their support should be improved. They are notorious for sending you to knowledge-based articles rather than actually talking to you, but that is, unfortunately, kind of becoming a trend with everything.

In terms of features, I haven't had any complaints. However, I don't like the fact they moved to a paid training subscription model. They used to have a lot of free webinars for training, but they have started to charge for them in the past year.

It was not so much about the product itself, however, their business model needs improvement. We have subscribed to an archival service, and yet, when we have to get our data out, we have to pay a fee to get our own data. They charge an extraction fee. This is something which really worries us as a company.

External security features need improvement.

The feature that should be included is to remove the block on the encrypted files.

The solution is very expensive. 

I don't think it's ideally suited for maybe a smaller business environment, like, for example, for companies with less than 100 seats. They do have SMB packages, but I think from a complexity standpoint, it's better suited to medium to larger enterprises.

From an administrative point of view, Mimecast is a little bit cumbersome and difficult. It's not something that the end-user can easily find navigate themselves.

Its pricing can be improved. It is a bit expensive.

Technical support has been slower than it was in the past, likely due to the pandemic.

The detection rates are an area for improvement. The other opportunity area I see with Mimecast is that when you're searching inside of the admin console and you detect malicious emails that bypass Mimecast security: let's say you had a hundred of those messages there. Mimecast doesn't have a way to group those and submit one single report to Mimecast. You have to do one at a time which is not really very conducive — it's very time-consuming.

Those are the main two points. If they work to fully resolve those two issues, that would make this an awesome tool. I mean, it's a good tool, but it would be even better.

The main feature that will help everyone will be a different way to submit phishing or malicious emails that went through security. That would be a very good feature I would like to see in the next release.

Because we have not faced any challenges there is no way that we can say that there has to be some improvement.

The price could be better, it should be reduced.

The interface and the documentation could be improved. They can also include some more training resources and content like video. While setting things up, I had to search for the information quite a bit. It took me time to find the correct way to do something. The information is there, but it is sort of all over the place. They can create a better help knowledge base or help portal. 

It retains your email for 45 days. They can maybe increase this duration.

The product's interface could be improved to be more user-friendly. 

They should make the solution's identity protection feature even better. Also, its default policies need improvement. In addition, they should improve the cookies management feature as well.