Threat Intelligence Protection

Online threats such as malware, phishing scams, and cyber attacks are becoming increasingly common, posing a significant risk to individuals and organizations. With the rise in the number of websites hosting malicious content, it has become more critical than ever to ensure that users do not access websites that could potentially harm their devices or organization.

Atmos provides a solution to mitigate these risks by using threat intelligence protection to prevent users from accessing websites that could be harmful. By leveraging its advanced technology, Atmos ensures that users can browse the internet safely without worrying about potential security breaches.

The detection of high-risk websites is accomplished by analyzing various factors, including web content, domain registration information, and reputation data. By leveraging advanced algorithms and techniques, the threat intelligence protection system can accurately identify websites that pose a significant risk to users and organizations.

Click here to watch a demo.

Enabling threat intelligence protection

It is possible to enable threat intelligence protection using an External Web Profile. Policy rules that enable threat intelligence will block high-risk websites regardless of whether they are set to Allow or Block.

  1. Go to Policy -> External Web.
  2. Click on New Profile or edit an existing one.
  3. Check the Enable threat intelligence protection option.

Whenever a user attempts to access a website and the access is validated against a policy rule pointing to the External Web Profiles with threat intelligence protection option enabled, the website will be blocked if it has a high-risk reputation level, classified as high-risk web category (Malware Sites, Phishing and other Frauds, Proxy Avoidance And Anonymizers, Spyware and Adware, Bot Nets, SPAM URLs, Keyloggers and Monitoring), or a very recent registration (less than 1 month).

Block reason indication to the admin

When an access has been blocked with threat intelligence protection, the admin can see an indication in the activity exploration table.

To navigate to the activity exploration table, go to Insights -> Exploration.

The block reason indication will be in the Status column.

Block reason indication to the end-user

The end-user can get an indication for the block reason if the policy rule points to a custom block page with Display block reason for external web traffic enabled.

  1. Go to Settings -> Customization.
  2. Check the Enable threat intelligence protection option.

Enabling this option allows the user to understand the reason for the block and take appropriate action if necessary. For example, if the block is due to a high-risk reputation or recent registration, the user may choose to avoid accessing the website again or contact the administrator in case he thinks that website is incorrectly blocked.

Access was blocked due to low reputation

Access was blocked due to low reputation

Access was blocked due to a newly registered domain

Access was blocked due to a newly registered domain

Access blocked due to high-risk domain category

Access was blocked due to high-risk domain category

Getting a general information about a URL

You can query for URL information using the URL Lookup.

  1. Go to Policy -> Web Categories.
  1. Click on URL Lookup.
  2. Type the URL and click on the search button.

The results contain the URL categories, domain age and the reputation level.