Home / Use cases / Web-AV

Web-AV

SquareX Web-AV is an advanced in-browser analysis engine that monitors websites, files, clipboard activity, extensions, and overall user behaviour with identity awareness. This enables SquareX to deliver sophisticated Data Loss Prevention (DLP) solutions, such as allowing text copied from authorised sites to be pasted only on other authorised sites. To combat phishing attacks, SquareX goes beyond standard checks, one of them being performing live OCR to compare content against enterprise-defined content. Additionally, SquareX’s Web-AV includes in-depth file analysis to identify potentially malicious and suspicious files, ensuring comprehensive protection for enterprise users.

Block download of files when file scanner verdict is malicious / suspicious

SquareX's in-browser malicious document detection is capable of looking through Macro-enabled Office Document's file structure, and source code to flag out the use of invasive functions, tampering, and AV evasion tactics used. Files deemed malicious or suspicious by SquareX's file scanner pose a threat to user systems. Blocking these downloads ensures that potentially harmful files are not executed. Admins can prompt ‘Block download of files when file scanner verdict is malicious / suspicious’ to create this policy. The outcome will be:

Policies Against Evasion Tactics by AiTM Phishing Pages

To effectively combat evasion tactics used by AiTM (Adversary in the Middle) phishing pages, robust policies are essential. Attackers often obfuscate code and text within their source code or block proxies from reading their actual content to evade detection. They also use Browser in the Middle (BiTM) based platforms or obscure the phishing platform signatures to make it even before difficult to detect. SquareX empowers organizations to create policies that utilize advanced techniques like rules-based on-screen OCR (Optical Character Recognition). These policies allow blocking pages based on matching the actual visible content on the page to match with the organization's SSO login page, effectively countering AitM detection evasion.

Block files containing VBA Macro

Files with embedded code, such as macros, can execute harmful scripts when opened. Blocking these files ensures that any potentially malicious macros are contained and cannot harm the user's system. Admins can leverage the policy generator by prompting ‘Block Files with VBA Macros’ to establish this policy. The expected outcome is

Block download of files with file type mismatch

Attackers often evade security solutions by altering file extensions and sending malicious files via email or other communication channels. These platforms, optimised for delivery, typically do not perform in-depth file scanning, allowing potentially harmful files to slip through. SquareX detects signs of file tampering to ensure that such files do not reach the user’s device. For instance, files with mismatched types can disguise malicious content such as .exe as more 'harmless' PDF files. Blocking these downloads prevents users from opening harmful files that appear benign. Using the policy generating copilot, admins can prompt ‘Block Download of Files with File Type Mismatch’ to generate the appropriate policy. The expected outcome would be:

Block advanced Browser-in-the-browser attacks

There are classes of attacks that are orchestrated entirely within the browser that both cloud proxies and endpoint security have no visibility into. One such attack is the Browser-in-the-browser (BitB) phishing attack, where a browser view is embedded within a page, appearing as a window popup. Users get tricked into entering their data into these seemingly unassuming pages.Enterprises can leverage SquareX to block employees from facing BitB attacks. For instance, if an enterprise is using Okta for authentication, then a simple site content policy to check for Okta login content against the domain can be done effectively, using SquareX. A demonstration of this is shown against the recent and ongoing ‘Steamcommunity’ phishing attack that is propagated through Discord. Simply using a screenshot of the actual phishing page, you can see the power of SquareX’s detection technology.