Avanan’s virtual Inline technology provides anti-phish protection for email after it has been scanned by Microsoft’s servers, but before it reaches the user’s inbox. In most cases, a malicious URL will be blocked before it is even seen by the user.
New attacks, however, use compromised servers that appear benign until after the message has been delivered. Click-time Protection checks a URL when the user clicks, blocking access should the website be malicious.
Click-Time Protection (CTP) is based on URL "rewrites". Every link within incoming emails is replaced with an Avanan URL. When anyone clicks on the link, Avanan tests the site before redirecting the user.
Click-time Protection is available for Office 365 Mail and Gmail.
When security gateway replaces a URL - O365 ATP can’t scan it anymore. Avanan comes after ATP, and thus can replace URLs after ATP already scanned the email. As a result, CTP can be enabled in addition to ATP, as another layer of protection.
When enabling Click-time Protection from the platform the admin has three options for how malicious sites should be handled by Avanan for the end-user:
Once enabled, all links contained in an incoming email are replaced with an Avanan link. When the user clicks on the link, it triggers an immediate scan of the target site. If it is determined to be benign, the user continues without interruption. If it is determined to be malicious, the user is forwarded to a warning page.
Click events are recorded in a new type of event - “Malicious Url Click”.
For more information on Click-Time protection see here:
https://www.avanan.com/docs/click-time-protection