4.3 URL Protection
URL Protection is a key security function that proactive-
ly prevents Salesforce users from accessing malicious or
unwanted content through web links added to Chatter posts
and comments, Case descriptions and comments, as well as
bodies of messages received via Email-To-Case.
This makes it a particularly eective security component, as
the early intervention greatly reduces the overall exposure
to malicious content, and thus attacks. For example, it will
prevent users from being tricked into accessing seemingly
legitimate phishing sites, malicious sites, or accessing content
that is deemed inappropriate in a business context, such as
adult or gambling sites.
URL Protection was created to deal eciently with the
billions of sites available on the Internet and their constantly
uctuating security status. It is based on realtime lookup
queries to WithSecure's scurity Cloud. All queries go through
several layers of anonymization to ensure utmost business
condentiality.
The query fetches the latest reputation of the websites and
their les, based on various data points, including: IP address-
es, URL keywords, site patterns, extracted website metadata
like iframes and le types, and website behavior like exploit
attempts, malicious redirects or scripts.
4.3.1 URL Security Check
The solution intercepts URLs that users post to Chatter or
forms part of the email body (Email-to-Case) and replaces
them with special redirect links, as shown on the screenshot
below. The original link is included in brackets for recognition
purposes, but the user cannot click it. Copying is prevented by
obfuscating the URL.
In case the link is deemed malicious based on the information
received from the query, entry to the website is blocked before
any content in loaded, and the end-user receives a warning.
When the user clicks a redirect link, WithSecure™ Cloud
Protection will send the original URL to the WithSecure™
Security Cloud for a threat intelligence check. Based on URL
threat intelligence, access to the original URL iseither allowed
or blocked.
4.3.2 URL Classication
URL Classication allows administrators to control and
enforce the web pages that Salesforce users can access. They
can, for example, deny access to non work- related destina-
tions, such as social media sites, to avoid loss of working time.
Sites in higher risk categories such as Adult or Gambling can
be blocked to avoid potentially malicious sites and the viewing
of inappropriate content in the business environment and on
customer or partner portals.
When the user clicks a redirect link, WithSecure™ Cloud
Protection sends the original URL to the WithSecure™ Secu-
rity Cloud for a threat intelligence check. Based on the URL
threat intelligence information, access to the original URL is
either allowed or blocked.
Solution administrators can enforce usage rules in 28 dierent
categories: Abortion, Ad services, Adult, Alcohol and tobacco,
Anonymizers, Auctions, Banking, Blogs, Chat, Dating, Drugs,
Entertainment, Gambling, Games, Hacking, Hate, Job search,
Payment service, Scam, Shopping, Social networking, Soft-
ware download.
WithSecure™ Cloud Protection for Salesforce 12