Many attacks detonate post-delivery, meaning they easily get by email scanners and are only dangerous after the user clicks on the link. URL rewriting, along with time-of-click analysis, allows the security solution to analyze links and block them, as necessary.

Preventing such attacks means analyzing links both when the email is delivered and at click-time. This is important because some attackers enable the malicious content only after the email message has reached the inbox. Additionally, prevention means using the hacker's own obfuscation techniques as a way to identify the attack. Because the web-scanning algorithm looks for known obfuscation methods as Indicators of Attack (IoAs), these sites self-incriminate themselves by their usage of a hacking method.

Every time an end-user clicks on a link, the Click-Time Protection engine tests the website for reputation using HEC's URL Reputation and emulates the target website to detect zero-day phishing indicators using URL Emulation.

Emails that detonate post-delivery are designed to land in the inbox as clean and are only dangerous after clicking. If you don't re-write every URL, end-users will be affected by this. 

Proper URL scanning has the following benefits:

  • Another layer of post-delivery protection

  • Anti-malware and enhanced protection for zero-day attacks, as sometimes it takes a few minutes to detect malicious emails

  • Forensics

Implementing proper URL scanning that can detect the attacks like the ones mentioned above is a crucial part of any security structure.