This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Igor_Freidin
Employee
Employee
‎2020-08-25 01:42 AM

CloudGuard SaaS new feature: Click-Time URL Protection (CTUP)

CheckMates_CGS_update_2_new_round.png

 

Dear SaaS community,

We are releasing these days CloudGuard SaaS Click-Time URL Protection (CTUP) feature.

Attackers use sophisticated attacks to include  initially benign links, to bypass security solutions, before switching the URL point to a malicious site after the fact. Click-time URL Protection (CTUP)  rewrites every link in incoming emails and evaluates URLs every time a user clicks on the rewritten link. If it is found to be malicious, the user will either be blocked from accessing it or be able to proceed according to company policy.

Full details can be found in the SK168190

 

Clean links rewriting:

ClickTime Protection link rewrite cleanClickTime Protection link rewrite clean

ClickTime Protection Benign link click eventClickTime Protection Benign link click event

 

Malicious links rewriting:

ClickTime Protection link rewrite maliciousClickTime Protection link rewrite malicious

 

ClickTime Protection malicious link Page BlockedClickTime Protection malicious link Page Blocked

 

ClickTime Protection malicious link click eventClickTime Protection malicious link click event

5 Replies
Julian_Sanchez
Collaborator
‎2020-08-31 09:03 AM

Good news. This feature can be configurated in mode detect or is in prevent? If one link is detected as malicius is possible do an exception?

Regards,

Julian S. 

0 Kudos
Igor_Freidin
Employee
Employee
‎2020-09-02 07:41 AM
In response to Julian_Sanchez

The feature works in Prevent mode allowing user to either access or not original link  according to configured policy.  Exception can be configured at domain level.

0 Kudos
Igor_Freidin
Employee
Employee
‎2020-09-02 07:51 AM

We further improved  CTUP feature: now when mouse pointer is hovering over the link you'll have the ability to see original address pointed by link with added prefix "Protected by Check Point".  Clicking on link will actually follow replaced link, scanning  the real link in real time before allowing you to browse it.

CTUP_see_orig_link.png

SteveHernou
Explorer
‎2020-10-01 04:15 AM
In response to Igor_Freidin

Hi Igor

Just setup the click protection and I notice a difference between OWA and Outlook desktop app. While in OWA I do see the 'Protected by CheckPoint:' prefix to the original URL but in Outlook desktop (latest Monthly channel release 2009.13231.20262) I do not see this. Only the https://checkpoint.url-protection.com/v1/...... is showing.

Is this coming or a functionality discrepancy between OWA and Outlook desktop?

Cheers

Igor_Freidin
Employee
Employee
‎2020-10-01 07:04 AM
In response to SteveHernou

Hi Steve,

We'll investigate it, tnx for reporting

0 Kudos
Trending Discussions
HEC temporary bypass - possible?
Upcoming Events

    Sort by:
    CheckMates Events