Frequently Asked Questions
We already have a SOC. Do we still need MEIR?
Most MEIR customers had a SOC when they bought it. The question is where user-reported email sits in your priority stack. For most teams it's noisy, largely benign, and not where their best analysts want to spend time. MEIR removes the highest-volume, lowest-signal queue so your SOC can focus on actionable threats.
How does MEIR compare to an automation-only tool on cost?
Automation tools shift the work — your team still tunes the model, reviews edge cases, and explains misclassifications. The fully-loaded comparison, including tuning time and analyst hours, typically closes the gap or favors MEIR. And unlike a single mid-level analyst dedicated to abuse mailbox work, MEIR is 24×7.
Does MEIR replace our existing phishing report button?
No. MEIR integrates with the reporting button your users already use — Microsoft, KnowBe4, Proofpoint, and others. Your end users don't change how they report email, and you don't change your awareness training vendor.
What happens when the analyst team misclassifies a message?
Mimecast owns the outcome contractually. Admins can dispute classifications and add context via a Follow-up workflow, triggering analyst reassessment. There is one team accountable for the result — not an automation tool that leaves the edge-case responsibility with your SOC.
How do we trial MEIR before committing?
Through a proof of value (POV). Submit real suspicious emails from your environment — or samples we provide — and Mimecast analysts respond exactly as they would for a paying customer. You see the classification, threat intelligence, transmission notes, and remediation actions before you sign anything. No console deployment required for the trial.