Mimecast Limited is a British information security company founded in 2003 and headquartered in London. It is specialized in email security and risk management[1] and is owned by Permira, a British private equity firm.[2]
History
Mimecast was founded in 2003 by Peter Bauer and Neil Murray. Bauer was named CEO of the company, and Murray was named CTO.[6] The company initially provided cloud-based email management services for Google Workspace, Microsoft Exchange and Microsoft Office 365.[7]
In June 2010, Mimecast appointed Dr. Nathaniel Borenstein chief scientist. Borenstein co-created the Multipurpose Internet Mail Extensions (MIME) email standard, along with other email systems and software.[8]
In January 2021, a Mimecast security certificate was compromised, potentially allowing attackers to intercept communications with Microsoft-based email servers.[11][12][13]
In May 2022, Mimecast was acquired by and become a wholly-owned subsidiary of Magnesium Bidco Limited, an affiliate of Permira Holdings Ltd.[14]
In January 2024, Marc van Zadelhoff replaced Bauer as the company's CEO.[15]
Acquisitions
In July 2018, Mimecast acquired cybersecurity training start up Ataata.[16][17] The same month, the company acquired Solebit.[18] In November 2019, Mimecast acquired DMARC Analyzer.[19]
The following January, Mimecast acquired Segasec.[20] In January, 2024, Mimecast acquired human risk management specialist Elevate Security.[21]
In July 2024, Mimecast acquired Code42.[22] In August, 2024, Mimecast acquired AI compliance software provider Aware.[23]
Mimecast North American Office in Lexington, MA
Technology
Mimecast started as a cloud-based email management platform for Microsoft's email products,[7] and after a series of acquisitions, expanded to be a more general provider of risk reduction services within organizations. Its services include email and collaboration security, insider risk management, data compliance, and security and awareness training.[24][25][26][23][27][16][28]
↑"Email security firm Mimecast says hackers hijacked its products to spy on customers". U.S. 2021-01-12. Archived from the original on 2021-01-12. Retrieved 2021-01-13. Three cybersecurity investigators, who spoke on condition of anonymity to discuss details of an ongoing probe, told Reuters they suspected the hackers who compromised Mimecast were the same group that broke into U.S. software maker SolarWinds and a host of sensitive U.S. government agencies.
↑"Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack". SecurityWeek.Com. 2021-01-13. Retrieved 2021-01-13. According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect (IEP), and Sync and Recover products with Microsoft 365 Exchange Web Services. ... The company has not shared any details about the attacks abusing the compromised certificate, but some experts have speculated that the certificate may have allowed the hackers to intercept Mimecast customers' communications.
↑Seals, Tara (2021-01-12). "Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack". Threatpost. Retrieved 2021-01-13. Mimecast provides email security services that customers can apply to their Microsoft 365 accounts by establishing a connection to Mimecast's servers... A compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said. It would be possible to intercept that traffic, or possibly to infiltrate customers' Microsoft 365 Exchange Web Services and steal information. 'The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached SolarWinds and multiple government agencies,' Saryu Nayyar, CEO at Gurucul, said via email.
