Email Threat Isolation 101 for Email Security.cloud

book

Article ID: 170869

calendar_today

Updated On:

Products

Email Security.cloud Email Threat Detection and Response

Issue/Introduction

Learn how to properly configure Email Threat Isolation settings for Email Security.cloud, and how to troubleshoot common issues.

Resolution

Contents

About Email Threat Isolation

The URL Isolation feature executes web sessions remotely on an isolation platform. Malicious content is isolated and is prevented from being delivered to your network or your end users' devices. Only safe or sanitized content is delivered to your organization. URL Isolation uses risk level assessments to determine whether to isolate a URL. The antiphishing protection and sensitive data protection policies can also isolate risky URLs. Note that for this release, neither the risk levels or default policies can be modified.

Configure URL Threat Isolation

You can configure your organization's URL Isolation Settings on this page in the portal: Dashboard > Services> Email Threat Isolation > URL Isolation Settings.

The Click-time URL Protection feature MUST be enabled as a prerequisite to enabling URL Isolation. The two features work together at each click for the lifetime of a URL to ensure that malicious content is isolated.

  • Add common trusted domains to your whitelist (including your own domains if appropriate).
    • Configure domain whitelists, if needed.
    • Configure recipient whitelist, if needed.
  • Modify your block page content to match your organizational policy using the default text as a guide.
    • Allow or disallow the user to continue to a suspect URL.
    • Explain how they should report false positives internally.
  • Provide a link to your internal policy.
  • Override those settings on a domain by domain basis as necessary.

URL Isolation Report

The URL Isolation feature executes URLs in an isolation platform, which isolates malicious content and prevents it from being delivered to your network. Only safe or sanitized content
is delivered to your devices. URL Isolation uses risk level assessments to determine whether to isolate a URL. The antiphishing protection and sensitive data protection policies can also isolate risky URLs. URL Isolation logs events for any attempts to access higher risk URLs.

You can run a report on these events and download the data in a .csv format using the Download CSV option. Also, you can access the same data using an API and download the data in JSON format.

Refer to the URL Isolation Report page for further information and instructions on downloading the report data. You can access the page in the portal at Dashboard > Services > Email Threat Isolation > URL Isolation Report.

Troubleshoot Email Threat Isolation

Frequently asked questions about Email Threat Isolation