Transcript
Hi Mike Matchett with Small World Big Data. We are here at RSAC 2025 talking with all the latest and greatest cybersecurity solution vendors. We've got Mimecast here. We're going to talk with Andrew. It's Andrew right. That's right. It's Andrew. And we're going to find out what Mimecast is offering at RSA. See here today. So let's start with that. Um I've talked with Mimecast before. You guys do a lot of very cool things. What are you sort of featuring here at this show? That's our command center. So it's very much focused on human risk. How can we understand exactly what's happening from the human fabric side. So it's not just about data and applications and endpoints, but truly understanding what actions a human is undertaking across a platform and our ecosystem partners to be able to really understand what that risk score is. Because from there, we can just start to take actions to determine what do we need to do? Do we need to train them better? Do we need to go and potentially adjust their access to some other toolsets? Do we maybe need to increase their their scanning settings, all because of some actions they may be taking in another tool or our own platform. All right. So you're looking at each each individual human actor in the system and saying what is their risk. What's their behavior like? Yes. Humans. And also rolling up into locations, rolling up into departments. Because it's not just about individuals. You can have risk across your finance department. You can have across your legal department. But very importantly, it's not distributed evenly. It's never in one place. It's always across multiple areas of your business. Yeah. You hear that legal. It's probably you guys. All right. I'm going to get in trouble for that one now. So if we talk about the RSA show in general, there's been a couple themes that I've noticed. Things like AI and chain of security. But what are the people coming by here asking you about and how are you offering them a solution? We've had a lot of conversations with customers trying to understand insider risk, because that's probably one of the biggest pain points, because whether it's accidental DLP or whether it is some form of malicious DLP event, how do you control it? How do you make sure that if it is reoccurring, that you can take preventative action? A lot of those conversations and still, believe it or not, email security conversations are really relevant. Large customers coming by going don't really like my current provider. I need to move on to something else. So they're still coming and saying, help me, I've got phishing problems, I've got back problems. I've had numerous of those over the past two days where it's like, let's show you how we can help, give you a better solution and protect you against those latest threats. You know, the phishing, the phishing, the smishing and all that stuff's still there. Uh, just a general vibe at the shows. The humans are still one of the biggest problems in security, even though everyone's talking about AI, right? It's still the human part of that that's causing us issues. Ai is helping us identify a little bit better. But to your point about humans, I wouldn't call them the biggest problem. They just are a bigger challenge to deal with because we always speak about humans are the worst thing. Security. That's not the case anymore. Humans are just a big pain point that we have to deal with right now. Yeah, sometimes the humans are the best part of security because you can train them and get them to act better. Right. Exactly, exactly. All right, so, uh, for our for our viewers here, what does Mimecast do at a high level. How do you how do you interact with the the organization and the technology to identify behavior? Mimecast plays across four distinct areas. So you've got your typical collaboration, threat protection, email security, which we've known about or known for for a number of years. It's over 20, to be precise. We've then got our insider risk protection to help organizations prevent that accidental or malicious DLP governance and compliance. And then the thing that feeds into human risk is about empowering users. You want to make sure that they understand why they shouldn't be doing something and are engaged. Platform and other toolsets that we released last year are very much focused on doing exactly that with our Human Risk dashboard, the one that's just behind us here, that's giving you measurements around what is actually occurring, who's being those bad users? Yeah, I mean, this is probably me, you know, a good user in the green, I'm sure. Right? I disagree completely. You'd be in the red. I'd be in the red over here for my behavior. Misbehavior in the mood. Um, so you put that all together. Is this something then, that's running continuously? And just once you start this, you want to keep as an ongoing maintenance project for security. I wouldn't call it maintenance. It's more of an ongoing issue that you need to continually deal with. You know, threats never stop. They only get more pervasive. They get more sophisticated when it comes to compliance. We still got to be able to to deal with them. And then the other risks of making sure users are trained and you're able to identify data is never going to go anywhere. Sadly, as the humans are causing some of these pain points, we need to be able to find out what they've been doing. So everything is always running. You don't turn them off, you make sure that your organization is protected. I mean, you said something earlier about also then identifying the proper remediation actions. So this takes us into the operational part of that as well. Right? Absolutely. And whether that be taking an intervention at the time, which is just letting people know that something has gone wrong, or alternatively, putting a warning banner, hey, you're going to an AI tool, are you sure you should be putting sensitive data in there? Let's warn them about those things. Yeah, so there is a tie in there with the AI prompting. Uh, so we're here with 25,000 security professionals. If you could get to every one of them and give them a message or key takeaway about Mimecast. What would that be? From our perspective, it's all about how we can go ahead and give them insight into where risk is within the organization. We want a couple real world behaviors with those simulated actions, from awareness training and simulations, to be able to understand where you need to focus your attention. That's what Mimecast can do. All right. So if someone is sitting there going like, you know, I think we probably still have some big vulnerabilities with our email. People are still clicking on stuff. They're there. They're getting us into trouble all over the place. Where would you say someone should really start and dig in on this? What's the sort of first steps to getting control. From an email security perspective? You know, having the the correct protection, a combination of AI and regular toolsets or regular scanning is probably the best thing to do. You know, we see AI only services sadly, are a little bit lacking. They don't quite provide all the protection they need. So starting with just your basic threat protection I think is the best way to start this journey. And then you can start to move upwards and gain more insight as you add more elements into the portfolio. So if someone's saying like that sounds like us, that's probably where should we dig in? And they want to learn a little bit more about Mimecast. You obviously have a website, but is there something the security professionals that you'd find here should start with? Uh Mimecast. Com there's some great solution pages which give you an understanding of how we can better protect the organization, help you train the users, etc.. Alternatively, you know, there's, um, a number of pages in terms of integration, something we're, we're known about because important thing, it's not just about us. There's a whole bunch of other security tools out there, integrations that Mimecast. Com gives you access to all of the things that you can integrate into our platform to help you better get get more use out of your ROI. Let's make let's make better use of it and connect all those tools together. All right. Well, so thank you very much, Andrew. I appreciate you describing this for us today. Thank you so much. We appreciate it as well. All right. Take care and watch your email.
