Anomali ThreatStream vs. Mimecast Threat Intelligence

Anomali ThreatStream is excellent in scenarios where we deliver Managed Security Services to customers. It offers exhaustive volumes of information in the form of threat bulletins, IOCs, Threat Actor profiling, and details related to campaigns in the wild which can be used to a great extent by MSSPs. For an enterprise SOC, I believe it is a little less suited purely because of the pricing aspect as it is slightly towards the expensive side of the spectrum.

Incentivized

I think Mimecast is great for companies who want granular control over their email. Once it is setup, it really does just run along without IT needing to get involved too much. Any time we have 'issues' - such as incorrectly blocked emails or attachments, we can easily figure out what we need to do and how to fix it. Mimecast is great for teams who don't want to sit there all day and manage and look at emails. It would suit a large organisation who want deep control.

Incentivized

• Indicators of Compromise
• Signatures
• Community Sharing

Incentivized

• Because all incoming and outgoing (with journaling setup for internal email) go through Mimecast it is a one-stop-shop for searching out emails from past months or years. It is light years better than using local archives such as .pst files.
• Since they touch all incoming email Mimecast is excellent our filtering out spam, malware and virus emails before it even gets to your server whether on-premise or in the cloud.

Incentivized

• The user interface, perhaps there is some room for improvement although it is good already.
• Confidence assigning process for IOCs needs to be more robust and transparent.
• While integration with SIEM solutions is a cakewalk, there is definitely added value if SIGMA rule conversion and YARA rule creation are provided from the platform.

Incentivized

• The interface for the threat intel dashboard could use some updating
• Slowness in the console persists occassionally

Incentivized

It works perfectly and is really easy to manage when you understand the menu and how it works. It really is 'set and forget' with minor changes needed from time to time to blacklist and whitelist senders and domains. It makes our life really easy and gives us a lot of data to understand how or business and users operate.

Incentivized

Mimecast has a 24 hours phone hotline available to assist you with issues as they arise. This is the typical help desk situation where you reach level one and go to level two if this issue is extensive however I have found their level one techs to more than capable of dealing with most issues I have called about. The only negative I would mention is that their email support is less hardy when it comes to response time so I have grown to realize that calling is the only way to get timely support.

Incentivized

I was shown the areas we would need to use and understand, along with the settings. It was perfect as it didn't go too deep.

Incentivized

Many of the products that can be used to be ingested into a security event management software can be cumbersome with threat streamThere are many opportunities to continue fine-tuning the environment and providing great context in regards to threat research. When compared to other products threat stream stands out from usability and features.

Incentivized

we were not using any other products before Mimecast. It is working perfectly as per our needs.

Incentivized

• After the Initial startup cost, it has overall had a positive impact by increasing efficiency of the team and freeing up analysts to do manual threat hunting

Incentivized

• Saves time and manpower as the console can easily be managed by 1 person
• Using the continuity feature could potentially save an email outage from preventing an organization from conducting business.

Incentivized