| CPC H04L 63/145 (2013.01) [G06F 16/93 (2019.01); H04L 63/0236 (2013.01); H04L 63/0281 (2013.01); H04L 63/1425 (2013.01)] | 23 Claims |
|
1. A method for mitigating phishing attacks against a corporate network via sharing of linked document files from cloud-based applications accessible from the corporate network, wherein a linked document file may include links to malicious content, the method, applied repeatedly to multiple documents, comprising:
intercepting a linked document file, using an inline proxy, responsive to an Application Program Interface (API) access to accept sharing or to access the linked document via a cloud-based application accessible to the corporate network;
determining, for multiple documents, that the linked document is coming from outside the corporate network, and restricting the multiple documents that are coming from the outside, and further processing the restricted documents, including;
determining, for at least one first document, that the linked document is a sanctioned document from a trusted source and allowing the linked document into the corporate network;
determining, for at least a one second document, that the linked document is an unknown or unsanctioned document not from a trusted source;
threat scanning the content of the linked document for malicious links;
for at least one third document, blocking the linked document that contains malicious links; and
for at least one fourth document, accepting the linked document that does not contain malicious links, logging the ownership of the accepted document file by the Globally Unique Identifier (GUID), and allowing the document file access to the corporate network and continued access based on at least the same GUID.
|