Hi I have a customer that was almost successfully phished due to heavy domain squatting that tricked the user into thinking it was a company owned domain.Seemed to be one of those trying to trick users into entering credentials and then harvesting those credentials for vpn or mail access.
As is usual the XG threw the web request into the Information Technology (UGGGGH) category and allowed it through.Luckily user suspected something was amiss and called IT to investigate as page looked a bit naff.We are busy with the customer at present effectively blocking/decommissioning the Information Technology category and whitelisting things we require to function correctly that the customer needs inside the category.
Can we please get Regex Filtering parsing going for Web Categories or worst case URL groups ?
Have done this successfully on other platforms and whilst painful to initially go through to get all known good trusted domains working it makes company impersonating phishing urls really difficult to succeed on users browser.
Actually there is something in the works to do this for you. See: ai.sophos.com/.../
Bro that looks very promising.