MimeCast

<< Windows Vista 64 Bit | Home | All Users Desktop in Vista >>

MimeCast

Tuesday, February 26, 2008 11:17 AM |

We recently switched our mail provider at work from Messagelabs to MimeCast. We had been using Messagelabs for several years with no real problems. Messagelabs offer an Anti Spam and Anti Virus email scanner and then delivers mail to your mail gateway, they stated in our contract that it would protect our system 100%, however they did actually let one virus through, thankfully we had MailSweeper which caught it.

Any way our setup was very much like the picture below:

Our MX records were pointing to the Messagelabs towers, it then delivered the emails to our MailSweeper Server, which then delivered to Exchange. We have journalling enabled so as soon as the email was delivered to Exchange it was also dropped into the CryoServer mailbox, which then keeps a copy of the email indefinitely.

We have never had a problem with MailSweeper and it always gave us piece of mind as it sat in the DMZ and screened all emails in and out of the company.

February this year we decided to switch over from Messagelabs, not that it had been a bad service, far from it we were happy with the service, but because they only offered the same service as they had always offered us. MimeCast however offered three services in one package (Anti Virus and Anti Spam, Archiving, and File Type Blocking), MimeCast Multi. It also offered us a BCM (Business Contingency Managment) Solution.

The beauty of this product meant that we could cut costs and save some money on maintenance, support and means everything is in the one place.

So the setup we have now is like this picture below:

We had to open our firewall to talk to MimeCast direct from our Exchange Servers on port 25 (smtp) For Exchange and Port 110 (pop) for the journalling option, and we also needed to open up port 389 (LDAP) so that the MimeCast Towers could talk to our Domain Controller so we could enable our users to log on to the MimeCast if they ever needed to due to exchange being down.

One of the other features that made us decide to switch to MimeCast was the ability to be able to log on to the MimeCast Towers using a web browser.

The first part of the switch over was for changing our outgoing email Internet connection to deliver via MimeCast and not MailSweeper and Messagelabs. We let that run for several weeks and then changed our MX records to point to MimeCast instead of Messagelabs.

We have been using MimeCast for 2 weeks with email going and and out through it and we have so far had no problems with the service.

17 Comments

Comments

Posted by Rob on 3/12/2008 2:46 PM: Wow, can't believe you dropped Mlabs for Mimecast!!!!

I trust you did you due dilligence? If so you would have seen the fact that mimecast use freeware AV!!! So you are going from industry leading AV(which you admit has let a virus thru!) to a service that has the worst performing AV in the industry.......

Please keep updating as I am very interested to see how long it is before you either re-adopt mailsweeper or move to a service that can protect you properly!
Posted by Andy Kemp on 3/12/2008 6:13 PM: I'll let you know :) we did some initial testing and also spoke with other companies who were using the service, to be honest I did not look through the contracts it was all done by my superiors i just implemented it and I was not aware about the AV. Part of the decision about the move was the fact that MimeCast did three things on the one package, which is why the management decided to go that way. plus you do get the good little outlook snap in for the journaled emails.

the biggest decision I think for us wasn't really Mlabs or Mimecast it was dropping MailSweeper as there was always that bridge between the Exchange servers and the internet.

To be honest, so far the service from Mimecast has been really good, but things could change :S
Posted by Rob on 3/14/2008 10:26 AM: Andy,

I recently did a review of mimecast and found it was very much a marketing tool with email security as an add-on. I really don't like the fact I had no spam quaratine and that I wouldn't even know if the service was creating false positives. The biggest business risk though was the AV situation.

Really interested to hear your experience with Mimecast so please let us know what you think periodically.

Rob
Posted by Happy user on 3/18/2008 5:07 PM: We've been using Mimecast for a couple of years now and never seen a virus. My understanding is that they use one of each giving you full cover. The truth is all anti virus packages are always one step behind the virus creators and only as good as the analysis team they have. One of the great things about the open source (Rob calls it freeware) av software is that the 'user community' out there are far more numerous and react far quicker than any of the software vendors.

Anyway the current score is 0-0 between Mlabs and Mimecast in terms of viruses - whats the score in terms of business continuity?............
Posted by Andrew Kemp on 3/19/2008 12:11 PM: Rob,

I would be interested to see your findings on this, however we have been using Mimecast for about 6 weeks now since going both ways and I have to say that it has been very good, and their support team have been on the ball with the journaling option and second to none.

I would agree with HappyUser the current count is 0-0 for the viruses (or in our case 0 for Mimecast and 1 for MLabs, although it was only 1 virus they still let 1 in) but the real advantage of Mimecast is in the Business Continuity. If our exchange crashed, now that we have Mimecast we would still be able to send and receive emails whilst re-building our exchange server, whereas with MLabs we were unable to.

We are in the process of testing the outlook snap in too which I installed this morning and I have to say that is very handy. it is a whole lot easier than Cryoserver to search for emails.

As I said earlier the service we had from MLabs was good, 1 virus was let through in 3 or 4 years, but Mimecast, although being around for several years had started to make a bigger presence up here in Scotland and several of the other leading law firms in Scotland were making the move. After seeing what services they offered it made sense for us to move. I don't know what type of business you work in but I think it would be the same for you a business cannot survive with out email today.

Cheers
Andy

This is the offical wording from Mimecast on its AV and total offering of service.

Mimecast offers an industry-leading anti-virus and anti-spam solution by using multiple independent technologies which analyse each incoming email in parallel.

Each one of these detection technologies then reports its confidence level to the Mimecast policy engine. The Mimecast policy engine then makes a decision based on the aggregate of the individual results from each detection technology. Due to the grid architecture employed by Mimecast, this happens in protocol before the email is even accepted. This provides the sender with instant feedback instead of relying on a quarantine in which the message may sit for hours prior to a digest being sent out.

The individual technologies Mimecast uses to create confidence values are designed to detect not just more historical threats, such as viruses, but also the latest blended threats that merge trojan horses with other malware.

Mimecast utilises multiple commercial and open source anti-virus engines, along with other technologies including an email firewall; local reputation information based on an individual organisation's communicating partners; a global reputation database optimised to provide protection against zero hour threats such as botnets; denial of service attack protection; directory harvest attack prevention; protocol anomaly detection, intrusion prevention, script sandboxing and RFC protocol conformity.

Mimecast's malware strategy is to provide the widest possible protection against the latest types of email borne attacks, not just viruses, without the need for quarantine.

Our AV SLA is one of the strongest in the industry. Mimecast has over 1200 customers including 1 in 3 of the top 100 UK law firms all of whom are referenceable and many of whom are now using the full Mimecast solution including long term email archiving. Many have also had reason to use our always-on email continuity piece and the feedback has been excellent.
Posted by Rob on 3/19/2008 1:55 PM: Andy,

Hi, thanks for updating, like the sound of the outlook plug-in, be interesting to hear how that goes, I assume that will be a search facility within outlook that can give end users a 'quicksearch' facility to their own personal archive?

As far as I understand Mimecast have only offered email security since 2006 so it is the most unproven on the market.

Love how they spin their virus protection! They talk a good game..hehehe They say they have 'zero hour' protection....I think they're refering to their ARMed SMTP filter which is just a IP reputation database! Their AV SLA is exactly the same as everyone else.

Incidentilly I may have given you the impression I use MessageLabs, I don't, we use the Webroot Service that also has the business continuity feature.

Im really interested to see, months down the line, how the service will handle spam and viruses because that is where it's certainly weaker than others on the market.

Happy user - The truth is...virus vendors aren't always one step behind writers, I'm sure you have heard of so-called 'true zero-day protection'. As I understand it only WebSense, MessageLabs and Webroot have this technology.

the 'freeware' that they use is one of the worst performing in the industry and that my friend is a fact. Check out http://www.virusbtn.com/news/2008/03_13a.xml for the latest figures.....ClamAV creates a massive amout of false positives and also seems to be awful at detecting malware/spyware/viruses.

Thanks

Rob
Posted by MailAdmin on 4/29/2008 5:07 PM: Interesting thread indeed. Rob, you say that Mimecast has only been offering this security since 2006, that is not the case, as I was using the service in 2004, when they still offered an onsite security and archiving service. We moved to the offsite offering once it was available. I left the company in late 2006, and up to that time I had zero viruses through the mimecast service (just over 2 years). I believe that they do use a combination of opensource and commercial AV products, which covers all bases. We did a very thorough review of Mimecast's services (security, continuity and archiving), and called all reference clients to see what experiences they had. All references came back clean. I would recommend the AV services of Mimecast, based on my experience.
Posted by Switch on 6/9/2008 9:24 AM: We are considering switching from Messagelabs to Mimecast at the moment.

I'm really interested in the experience of the anti-spam engine. On a couple of reference calls I've heard some concerns that the anit-spam is not as good as Messagelabs. Do you/others have experience of this?

Also, from our diligence I can confirm that Mimecast use a spread of AV technologies and offer a 100% Service Credit if you get infected because they let a virus through (although noted what Rob says above about zero-day protection) .
Posted by Andrew Kemp on 6/11/2008 1:59 PM: we have been using Mimecast for 6 months now and I really cannot fault them in any way. I have not had any problems with anti-spam (ok so it has only been 6 months but still). and we keep finding other benifits of Mimecast. we are currently looking at the posibility of exporting all the data in cryoserver into Mimecast too. Along with that, for new customer implementations they are working on a tool that will collect data and make the whole implementation side a lot easier. I have been running some tests for them on this and it is really good automates a lot of the tasks on the customers side.

I really would recomend a demo of it and you will be very impressed with what they have to offer.

With the outlook plugin I am now finding that I can clear my mailbox once a week even once a day, as I can access them all from the plugin, and drag them back to my inbox if needed.
Posted by Switch on 6/13/2008 3:51 PM: Thanks very much and good to know.

We've had all the demos but I wanted to ask someone else about the spam thing. I've heard mixed reports about the grey listing technology. Cool in theory but caused some people some issues.
Posted by Rob on 6/20/2008 4:31 PM: Switch,

Don't be fooled by MailAdmin, I have a feeling he works for mimecast.

MessageLabs are light years ahead of Mimecast when it comes to the core competencies of AV and Spam protection. I don't like the fact that the sender of an email has to authenticate to be on your white list, that is completely outside of your control.

Andy, the reality is you have no idea how good they have been at stopping spam(this is not a dig) due to the fact that they could have prevented hundreds of legitimate emails and you would not have any clue unless notified by the sender, that is unless you trawl through the dropped connections log everyday.....

Just ask Mimescast who they use for AV, they won't tell you without you signing an NDA!!!! Whats all that about!?
Posted by Andrew Kemp on 6/24/2008 2:07 PM: Rob,

If we were having legit emails stopped in or out then we would be sure to know as like most businesses we rely heavily on email. If an email is sent to all the staff internally and one person receives it 10 seconds after the person next to them, then they are on the phone to the helpdesk immediately complaining that their email is slow. So if an email wasn't received, that they sent or was coming into them then we would know about it!

OK so MailAdmin may well work for Mimecast the same could be said about you working for Messagelabs.

In terms of the NDA I think that that would be prudent to have that in place as if the whole world knew what AV you used it would make it easier for hackers to find back doors in.
Posted by Rob on 6/24/2008 2:29 PM: Andy,

Would you? If I contacted your company today and didn't respond when mimecast asked me to authenticate how would you possibly know? I may decide having sent my query off to 5 companies in your line of business that yours wasn't worth the hassle!

MessageLabs! Ha! I have tried to be impartial in everything I have said, this is a subject that interests me fiercely. As I have mentioned we don't use MessageLabs, we use the Webroot service.

If you're confident in the way you approach AV and you approach it in the right way then why be afraid that hackers will find a back door? Other service providers will tell you which AV vendors they use(when I say others I mean BlackSpider, MessageLabs and WebSense) why do you think that is? Because, unlike mimecast, they all have quality zero day virus engines in place that would pick up on any hackers speculating.

I'm coming across like I hate mimecast!!! NOT TRUE!!! I just feel there are 4 better, proven, robust solutions out there.....
Posted by John on 6/25/2008 9:46 AM: lets stop the bashing - we looked at various solutions before we made our service selection. We didnt go mimecast more due to the having to sign an NDA to hear the AV engines were Clam and AVG and to sign a cancellable PO prior to trialling, where as other vendors were more open and flexible. Our service has business continuity as well so others do this and Messagelabs has just anounced it as well. We also wanted to deal with one of the top vendors in this space as we viewed mimecast as interesting but not a tier 1 player at this time. Will watch the comments here with interest as things always change and we review security each year.
Posted by Andrew Kemp on 6/25/2008 10:34 AM: Rob
I think that we will have to agree to disagree on this one.
There are a lot of legal firms up our way using Mimecast, all have moved from MLabs.

John, I checked the MLabs site recently and noticed that they offered the archiving and continuity service now too.

The Legal Community up here is very closely knit especially in IT and when one law firm does one thing others soon follow.

When we left MLabs we outlined the reasons for leaving them, but they did not mention to us about the services that were in the pipeline.

We have also now started using the Mimecast Outlook Connector, it is a great little utility, it gives users the ability to browse all their email stored on the Towers and also drag and drop single or multiple emails back in to their Mailbox.

The other thing we have started using is the Email Branding facility, where it pulls all the details of the AD User Account and then it creates a business card signoff with their details.
Posted by Peter Bauer on 7/7/2008 1:50 PM: Rob,

I am enjoying reading Andy Kemp's exploration of Mimecast as he works with the online solution in conjunction with his in house email server. His feedback on all fronts is quite useful.

While reading, I have come across your posts too Rob. I may be misunderstanding you, and forgive me if I have, but you seem either to have been on the receiving end of some incorrect information or you're eager to write to discredit us.

To be helpful, I thought I'd chip in here. If being an objective outsider is important to you, then you'll possibly want to know more. Importantly we are not missing security tricks with respect to scanning engines, AV strategy, or busy providing some awkward registration based antispam strategy as suggested. We have systems that work very well - I speak as one of the first users of the service starting over 4 years ago. In fact I love the product. OK: call me biased (-;

If needed I can also give you more accurate information on the history and founding principles of Mimecast, which absolutely includes security and some really strong innovation in this area.

As a security company, however, we share some information under NDA with prospects to illustrate some of our capabilities, but, we don't ever share full details as this would hardly be in our clients' interests. So if this has lead you to some false conclusions, my apologies. Different people hold NDA's to mean different things and we need to be concious of that too. It's our SLA's that matters most and those are sacred to us and our clients.

I would question the logic of any company publicly disclosing all the workings of their security technologies - it would seem to me to be a senseless act of bravado.

Should you wish to talk further, perhaps you'd like to meet some of our team to discuss any of your ideas. Maybe you can help us to serve our clients even better?

In this case, I would be very happy to take your call.

Andy, sorry for camping on your blog like this.....I look forward to your next post.

Best regards

Peter Bauer
Co-Founder and CEO, Mimecast.
Posted by Sarrl on 7/30/2008 12:00 PM: I am a bit of a "fan" on threads like this full of claims of independance and claims not to be "involved" with the produts that are being praised (looks towards Rob).

To give my post some context, I'm an IT professional, having worked in the Industry for 15+ years, and have held a variety of "hands-on" board level positions for a while now.

Here's my spin on it.

All of these products are fine and dandy in what they claim to do, and what the actually achieve. I'm familiar with pretty much all of them, and I've used and/or implemented all of the products being mentioned here.

On the AV arguement - frankly it doesn't really matter what you use if you use it sensibly, and use a variety. If your strike rate is good...does it matter if it's powered by a "big name" engine, or some open source freebies? Where I come from, we call that brandy bragging just plain snobbery. 15 years ago everyone said Linux was a crock and that it would never outplace Solaris.....but look now, Linux is taking over the world and Solaris is available for free.

If you need something to clean your emails for spam and viri and would like to get your hands on a 10 year unlimited size archive, then Mimecast have a pretty credible offering. I've only actually been familiar with the product at my latest role for the past three months (I've inherited it from the former CTO) but I can't fault it right now.

I have some reservations about their claims to give you a 10 year unlimited size archive, and I also wonder what would happen in 10 years time on emails that might still need to be retained.

They dont have the might and the muscle of the big players (like Message Labs) and I also wonder if they will still be around in a few years time.....but the industry is a funny old world and if their technology is proven to be as good as the claims, I'm sure some big shark will buy them just for their technology.

I brought a legacy of emails with me (I try to keep my entire lifes worth of documents) and I had some teething troubles "ingesting" it into the Mimecast Grid. It took just over 5 weeks for them to make my 19 GB archive available, but I can now query these emails faster than on my own laptop. Not bad.

Final comment, fair play to the Mimecase guy for coming on and not only being truely impartial, but for actually admitting who he worked for.