Email appearance changes when URLs are not originally formatted, and hyperlink are rewritten which may impact user experience.Events of CTUP are currently shown in the New state instead of remediated.For one same URL, up to 100 events may be created.This user is not necessarily the user who clicked the link. The user shown in a CTUP event (both event types) is always the initial recipient of the email containing the rewritten URL.
Under Config, select the menu Click Time Protection Exceptions. Ignore List: URLs that are part of the Ignore List will not be rewritten by CTUP.ģ.Allow List: URLs that are part of the Allow List are handled as if found to be benign by CTUP.Block List: URLs that are part of the Block List are handled as if found to be malicious by CTUP.You can create exceptions of 3 types for the Click-Time URL Protection feature: Both types of events be created in this case. (This link is available on the landing page if your selected CTUP workflow is Prevent access to the malicious URL. Malicious URL click: each time a user clicks the link Proceed anyway for a malicious URL. Malicious URL: for each rewritten URL user clicked and was found malicious before allowed to proceedĢ. Two types of events can be generated by CTUP:ġ. User has option to proceed: If a user clicks on a rewritten URL that was found malicious, they will be redirected to the following page: As an admin, if you select the workflow Prevent access to the malicious URL. User cannot proceed: If a user clicks on a rewritten URL that was found malicious, they will be redirected to the following page:Ģ. If you select the workflow Prevent access to the malicious URL. In the example below, the email signature contains the link not formatted as a hyperlink.ġ. When links are not formatted as hyperlinks, the end-user sees the rewritten URL. In the example below, the email signature contains the hyperlink and therefore shows up differently after it has been rewritten. When a link is formatted as a hyperlink in an email, the end user sees no visible change. To apply CTUP, CloudGuard SaaS rewrites the URLs in the email. Define the rule scope and expand the Advanced section to configure alerts. Select your cloud email app (Office 365 Mail or Gmail) and under Security choose ClickTime Protection.Ħ. Navigate to the Policy tab and click on Add New Policy Rule.ĥ. (Refer to the next section for end user experience based on the chosen workflow.)Ĥ. To activate the feature, select an alternative workflow. By default, the selected workflow should be Do Nothing. Under Config, select the menu Click Time Protection Settings. Otherwise, navigate to Email & Storage\Config.ģ. If your portal has 2 main tabs called Threat Protection and Identity Protection, navigate to Threat Protection\Config.
#Clicktime office 365 how to#
How to activate CTUP in your CloudGuard SaaS portalĢ.
In that case, this action will be logged in CloudGuard SaaS portal.Ĭlick-Time URL Protection is available for Office 365 Mail and Gmail. If it is found to be malicious, the user will either be blocked from accessing it, or be able to proceed according to company policy. To neutralize such attacks, Click-time URL Protection (CTUP) evaluates URLs every time a user clicks on the rewritten link. However, more sophisticated attacks use compromised servers that appear benign when the email is delivered before switching the URL point to a malicious site after the fact. Through its inline mode, you can ensure that emails are inspected before delivery to the end-user mailbox, which is what happens when there is a malicious URL in the email. CloudGuard SaaS protects emails against phishing attacks by inspecting all emails after they have been scanned by Microsoft (Office 365 Mail) or Google (Gmail).
0 kommentar(er)
