Email remains one of the easiest entry points for attackers, and while many security tools claim to stop sophisticated threats, only a handful truly understand the evolving landscape of phishing, impersonation, and business email compromise. Mimecast Incdyr is Mimecast's answer to this problem — a deep-intelligence, behavior-aware system designed to not only block threats but also help organisations make sense of them.
In this review, we break down what Mimecast Incdyr actually is, how it works, and whether it lives up to its promise.
What Exactly Is Mimecast Incdyr?
Mimecast Incdyr is a threat intelligence, detection, and correlation engine built into the Mimecast platform. Instead of acting like a traditional email filter, Incdyr pulls data from multiple sources — global threat feeds, behavioural analysis, identity signals, and Mimecast's own detection ecosystem — to give security teams richer visibility into email-based attacks.
Think of it as both a filter and an analyst. It catches threats, but it also tells you what happened, why it happened, and what it could mean next time.
Setting Up: Seamless If You're Already in the Mimecast Ecosystem
If your organisation is already a Mimecast customer, Incdyr integrates naturally into the existing dashboard. There's no complicated onboarding, and most policies inherit what you've already set up.
For teams new to Mimecast, the learning curve is slightly steeper. Incdyr's interface has plenty of information — sometimes too much — and admins may need time to familiarise themselves with the dashboard, detection logs, and reporting sections. However, the setup is straightforward, and Mimecast's documentation is solid.
Threat Detection: Where Incdyr Shines
Mimecast built Incdyr as an advanced detection engine, and in day-to-day use, this is where it truly shows strength. Some standout capabilities include:
Instead of just scanning attachments and URLs, Incdyr studies sender behaviour, communication patterns, and anomalies.
This helps detect sophisticated impersonation attempts that traditional filters might miss.
Incdyr doesn't look at email alone. It correlates signals across web interactions, domain reputation, identity patterns, and previous attack attempts to create a richer context.
Mimecast's global threat intelligence network feeds into Incdyr in real time. When a new campaign hits one organisation, protection rapidly rolls out to others.
Each threat is assigned a severity score, giving security teams a quick way to prioritise what matters.
For businesses dealing with constant phishing noise, these layers make Incdyr more reliable than simpler filters.
Investigations and Reporting: Deep, But Not Overwhelming
One of Incdyr's biggest selling points is its investigation dashboard.
Security teams can trace the full path of an attack attempt — who sent it, how it got past perimeter defences, whether users engaged with it, and what tactics were used. The UI isn't flashy, but it's practical, and the drill-down features help SOC analysts understand incidents without jumping across tools.
Reports are customisable, exportable, and granular enough for audits or compliance reviews.
AI and Automation: Useful, Not Gimmicky
Incdyr includes several AI-powered features, but Mimecast avoids turning AI into a marketing buzzword. The platform uses AI mainly for:
It doesn't replace your SOC team — but it does save them time, especially on low-level investigations.
Limitations: Not Perfect, But Far From a Deal-Breaker
No security platform is flawless, and Incdyr has a few areas where it can improve:
You get the best experience when it's paired with Mimecast's Email Security Cloud Gateway. If you're mixing vendors, some features may not feel as tightly integrated.
Mimecast's pricing is tiered, and some advanced threat intelligence layers may require additional modules depending on your plan.
The dashboard offers a lot of information, and new admins may need time to adjust to the amount of data presented.
Despite these limitations, Incdyr remains one of the more balanced and mature email-intelligence platforms available.
Who Should Consider Mimecast Incdyr?
Incdyr is a strong fit for:
If your organisation relies heavily on email — and most do — the addition of intelligence and correlation layers can significantly strengthen your defence posture.
Final Verdict: A Smart, Mature Addition to Email Security
Mimecast Incdyr isn't just another add-on feature. It genuinely enhances threat visibility and gives security teams better context behind every attack attempt. Its behaviour-driven detection and investigation features are especially valuable for companies dealing with high-volume or targeted phishing campaigns.
While it's best paired with Mimecast's broader platform and may require some admin familiarity, Incdyr offers intelligence and depth that traditional email gateways can't match.
For organisations seeking a modern, well-integrated approach to email threat detection, Mimecast Incdyr is absolutely worth considering.
Comments