Avanan’s virtual Inline technology provides anti-phish protection for email after it has been scanned by Microsoft’s servers, but before it reaches the user’s inbox. In most cases, a malicious URL will be blocked before it is even seen by the user.

New attacks, however, use compromised servers that appear benign until after the message has been delivered. Click-time Protection checks a URL when the user clicks, blocking access should the website be malicious. 

Pre-Inbox and Post-delivery Campaign Protection

When combined with Avanan’s complete Pre-Inbox and Post-Delivery solution, Clicktime Protection protects users against the increasingly prevalent zero-day malware sites.

In most cases, a malicious link will be blocked before the inbox. Otherwise, every email link is replaced with an Avanan URL. When anyone clicks on the link, even if it is forwarded to someone else, Avanan tests the site before redirecting the user. 

At the same time, Avanan will retract any other emails across the company that might have been targeted by the same campaign.

How it Works

When enabling Clicktime Protection from the platform the admin has three options for how malicious sites should be handled by Avanan for the end-user,

  1. Do nothing and allow the user to go through to the site
  2. Completely prevent the user from visiting the site
  3. Display a warning to the user with the option for them to continue to the site.


configuration-screen

Functionality

Once enabled, all links contained in an incoming email are replaced with an Avanan link. When the user clicks on the link, it triggers an immediate scan of the target site. If it is determined to be benign, the user continues without interruption. If it is determined to be malicious, the user is forwarded to a warning page.

warning

 

Depending upon the company’s policy choice, the user may be provided a link to the malicious page.

Forensics

Each stage of the Click-time Protection process is recorded for forensic and auditing purposes, from the original URL substitution event to the result of the time-of-click scan. If configured in ‘warning only’ mode, user clicks of the continue link are recorded.

events

 

malicious-URL-event

 

Campaign Protection

The Clicktime Protection system is an important part of Avanan’s complete anti-phishing solution. 

  • Pre-inbox, ‘virtual-inline’ protection blocks malicious email before it reaches the inbox
  • Click-time protection replaces potentially malicious links
  • Post-inbox protection removes emails messages found to be malicious after delivery
  • Campaign Forensics monitor and report on every email and click event
  • Full-SaaS protection goes beyond email to protect the full suite including OneDrive and Teams