Cisco Email Security versus Mimecast

General Criteria Cisco Mimecast

Anti-Spam Reputation is the key strength for Cisco, now we are adding Sender Domain Five 3rd party AS engines, vendors not published
Reputation (SDR) a cloud service that rates email messages based on the
domains age, behavior and other attributes
Anti-Virus Scanning Sophos, McAfee can be used individually or together 3rd Party AV engines, vendors not published
Email encryption Cisco Registered Envelope Service (CRES) Secure Messaging: Controls covering message expiration,
SaaS, Policy based encryption (DLP), User controls: revoke, expire, or automated read receipt, print and reply/forward control, which
restore access to encrypted email messages. Only push encryption. can be applied by the sender or enforced using policies. (only
Zix Encryption is EOL. See PM for coming encryption improvements pull encryption)
DANE SMTP DNS-based Authentication of Named Entities Not Available Increased chance of DNS cache poisoning or a Man-in-the-
Middle Attack
Central management ESA Clustering & Security Management Appliance Dashboard displays a graphical summary of:
• Centralized Management access on any clustered gateway for the purpose Threats (file, URL, BEC or internal ) over the last 30 days.
of configuration changes. • The top ten threats by recipient.
• Centralized Reporting, Message Tracking & quarantining on SMA • The top ten threats files by name.
• The ten most recent threats received.
Dashboard Demo
Anti-Malware AMP and Threat Grid integration Attachment Protect
• Blocking of Known Malicious Files. • Blocking of Known Malicious Files.
• Behavior Analysis of Unknown Files. • Default conversion of unknown files to PDF
• Retrospective Alerting Upon Disposition Change of an attachment. • Pre-emptive sandboxing with static file analysis mode
• Mailbox Auto-Remediation does NOT require on premise HW. chosen by admin or recipient loses threat data .
• Efficacy enhanced by cross platform telemetry: Email, web, endpoint, • Retrospection / file remediation based on an incomplete file
NGFW & NGIPS (Cisco solution) database.
Attachment Protect Demo
STIX/TAXII Consuming external threat information in the Cisco CES, helps to: Not Available
• Proactively remediate: ransomware, phishing, and targeted attacks. Customer’s cannot leverage external threat feeds to enhance
• Subscribe to local and third-party threat intelligence sources. their Mimecast platform.
• Improve the efficacy of the Cisco Email Security Gateway.
HTTPS scanning / URL 3 levels of URL Detection with URL extraction in Anti-Spam Engine, Content URL Protect
Filtering Filtering, and Outbreak Filtering. Custom content filters for blocking on • Rewrite every URL.
selected web reputation or URL categories on both incoming & outgoing mail. • Website inspected at time of user’s click
User click tracking provided. Imbedded URLs in attachments, tiny URL. • Allows for malicious email delivery
(Base product) URL Protect Demo
Underlined Titles hyper-linked to datasheets or Demos
© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 1
 Cisco Email Security versus Mimecast
General Criteria Cisco Mimecast
Data Loss Prevention (DLP) Cisco Email Security Data Loss Prevention Content Control & DLP
• DLP engine in Gartner Leader’s Quadrant Useful Outlook API for warning DLP violation. No rating by Gartner
• DLP Incidents tracked using Message Tracking
• Granular DLP administration
Reporting Drills-down to Message tracking on base subscription. Detailed Mimecast Reports
AMP reports that corelate gateway detection with endpoint. • How many messages are being sent or rejected.
• The data volumes being transmitted.
Sandboxing ThreatGrid / AMP Technology Attachment Protect
Mimecast file conversion is a compelling option to sandboxing. They can convert to • Attachment conversion to PDF, recipient initiates sandboxing if original is
and deliver a benign file and then sandbox the original if the recipient requests it. User
group policies can be written eliminate the sandboxing option to save resources. needed. (Potential loss of threat data)
• Sandboxing will associate file behavior with SHA
Attachment Protect Demo
Internal Email Protection No parity Internal Protect
• Detection of lateral movement of attacks via email from one internal user, to
another:
SoleGATE for Email
• Weaponized attachments, Malicious URLs
Internal Protect Demo
(solobit 2018 acquisition)
Authentication Two Factor Authentication ESA (SSO available with SMA)
Data Redaction Content Filter / Message Filter edit-body-text Not available
Document Sanitization Not available Document conversion to PDF
Reputation Filtering Senderbase / Talos Larger telemetry database 3rd Party RBL Vender not listed. Must safelist false positives.
DMARC Integration with Advanced Phishing Protection allows DMARC DMARC filtering available but not integrated into Impersonation Protect
enforcement
Anti-Spoofing Cisco FED Filter on Exec list (base product) Impersonation Protect
Graymail Cisco Graymail separate graymail detection engine Not available
Safe Unsubscribe Cisco Graymail Safe Unsubscribe Not available

Anti-phishing, anti-spear phishing, Cisco Advanced Phishing Protection Impersonation Protect

anti-whaling and Business Email • Identity Intelligence • Email header anomaly detection
Compromise (BEC) defense for • Best-in-class BEC protection • External domain similarities detection
email • Account Takeover ID • Administration of suspicious emails
• Email Forensics and Enforcement Impersonation Protect Demo
Underlined Titles hyper-linked to datasheets or Demos
© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 2
 Cisco Email Security versus Mimecast
General Criteria Cisco Mimecast
Sender Domain Cisco Domain Protection Mimecast DMARC Email Security
Protection • Prevent brand abuse • User-friendly overviews grouped on several levels
• Monitor your internal and 3rd party senders • Insight into phishing attacks using your brand
• Identify illegitimate senders automatically with DMARC • Unlimited users, domains & groups
• Transition smoothly to DMARC reject • Daily / weekly reports
Cisco Umbrella Investigate • Track DNS record changes & updates
• Create & check DMARC records
DMARC Analyzer Demo
Mimecast Announces New Alliance Partnership with DMARC Analyzer. Partner website: DMARC
Analyzer.
User Submission of Spam Submission and Tracking Portal Mimecast Message Center
Phishing & Spam Administrators can: Administrators to access the metadata and transmission information of recently
Samples • Submit missed spams directly via the ESTP. (Only .eml format type sent and received messages via the Message Details panel.
is currently supported.) • Compare sender and recipient message views side by side.
• View the dashboard for all submissions and track the submission • Permit or block message delivery for the recipient.
status in a single pane • Report messages as spam, malware, or phishing.
• View table listing each submission, their status, and filter them based • Release held messages upon investigation.
on time stamp, submission ID, submitter and other parameters
• Download reports
Threat Intelligence Cisco Threat Response Mimecast Threat Remediation Dashboard
Platform
Demo Not Comparable
CTR is Cisco’s threat intelligence platform that Provides: Aggregated This dashboard has extensive reporting and remediation features that are laid out
Threat Intelligence in a similar fashion the NG SMA. But it does not compare to CTR
• Context of an attack
• Intuitive Visualizations
• Incident Tracking
• Seamless Drill-Down
• Direct Remediation
Note: CTR is FREE with CES. It is a great tool for pulling in other Cisco Security pieces like AMP 4
endpoint, Umbrella or NGFW. This is where Cisco is far stronger than this vendor.

Underlined Titles hyper-linked to datasheets or Demos

© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 3
 Cisco Email Security versus Mimecast

General Criteria Cisco Mimecast

Senderbase / Talos (Daily Stats) Not Comparable
• 1.5 M malware samples • 82 K Virus Blocks Mimecast does not have a Central Threat Intelligence like Cisco Talos.
Threat Intelligence • 400 B SPAM samples • 181 Million Spyware blocks In fact, they will quote Talos in their public research
• 818 Million Web blocks • 250 Full Time Threat Analysts Sextortion, Bomb Threats & Godaddy

ThreatGrid analyzes against more than 900 behavioral indicators and a Ways to Optimize Targeted Threat Protection
malware knowledge base sourced from around the world. These are • Safe File: Transcribe
File / Behavior
stored for any AMP device, such as in CES, requesting information on • Safe File with On-Demand Sandbox
Analysis a file. AMP can be applied to both inbound and outbound mail flows. • Pre-Emptive Sandbox
• Dynamic Configuration
Attachments that become rogue after delivery will be Threat Remediation: Removing / Restoring Messages
Retrospective Remediation • Detected globally by AMP on endpoint No published information on Automatic File Removal.
of delivered files • Have their reputation updated
• Removed from inbox with Cisco O365 Mailbox Auto Remediation

Cisco AMP Unity Blog. AMP Unity Demo Not Available (4/2019)
Global Trajectory Mimecast does yet have a threat correlation and incident response
• See File & Device trajectory from all your AMP enabled devices system. But they need to be closely watched as now they have both an
• AMP Appliances (FMC 6.2 supported) email security and web security solution and are quickly acquiring
• AMP for Content (ESA/ESAv/CES 11.1 & WSA/WSAv 11.5) complementary technologies, such as file analysis with solobit.
• AMP on Firepower Appliances (FMC 6.2 supported)
Forensics Reporting /
Global Outbreak Control
Incident Response • Simple Custom Detections (Blacklisting)
• Whitelisting

Note: Available as a cloud service. No on premise device. Detect

once, block everywhere on AMP enabled devices. Easy integration for
file tracking with AMP4 Endpoint
Underlined Titles hyper-linked to datasheets or Demos
© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 4
 Cisco Email Security versus Mimecast
Added Features Cisco Mimecast
Email Continuity During an Office 365 outage, CES can queue messages Mimecast Email Continuity
for 72 hours or full disk. No user access during outage. • Access email via any web browser when email server is unavailable.
Not Comparable • Provide users with access to their mailbox folder structure and calendars during outages
Mimecast for Outlook v7: Continuity Demo
Security Education DUO Insight. a free phishing assessment tool by Duo Mimecast Security Awareness Training (ataata acquisition)
Platform Security that allows you to find vulnerable users and Phishing Privacy PII HIPAA CEO Wire Fraud
devices in minutes and start protecting them right away. Passwords PCI Compliance Ransomware Data in Motion
Office Hygiene GDPR

Data Discovery & Not Available Not Available

Compliance
SaaS Defense Cloud Lock Not Available (4/2019)
• User Security • App Security
• Data Security
Protection of Cisco Umbrella Mimecast Web Security
Employee Personal • Cloud-delivered Firewall •Easy to configure and implement via the Administration Console, with additional tools to
Email or Personal Web • Roaming Client IPV6 Support manage and deploy adjustments on an ongoing basis.
browsing • Umbrella Chromebook client •Consistent application of policies, such as integration with URL Protect, offering in-depth
• Cryptomining category defense across email and web.
• Cisco Threat Response / Umbrella Integration •Consolidated reporting, with a high degree of visibility into real-time web usage and security
or Web Security Appliance risks via activity logs and dashboard analytics.

Mobility Cisco Meraki Mobile Device Management Employee Mobility

• Unified multi-platform device management • Mobile applications for iPhone, Android, and Blackberry
• Robust security policy enforcement • Access to archives
• Scalable endpoint configuration • Self-service security features, including spam and phishing reporting, managed sender
• Automatic device classification lists and hold queues.
• Automatically apply network policies by device type Mimecast Mobile App Demo

Added Features extend beyond email security to address these exceptions made by specialized vendors
Underlined Titles hyper-linked to datasheets or Demos
© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 5