Armorblox for Box: Stop Phishing and Data Loss Using NLU

Abhishek Iyer
Written by Abhishek Iyer
Product Features /
Armorblox for Box: Stop Phishing and Data Loss Using NLU

Communications are the lifeblood of any organization. But in a world dominated by remote work and digital workflows, humans don’t communicate in silos, whether they’re in office or at home. Email might be the true system of business record, but it’s supported - and in some cases, supplanted - by file-sharing applications such as Box. While this cross-channel communication and collaboration has done wonders for organizational agility, it has also paved the way for targeted attacks and data loss.

The widespread adoption (and misuse) of cloud-hosted files have caused gaps in data visibility and security. Attackers can get hold of an employee’s Box credentials and host malicious URLs or malware on enterprise Box accounts to infect high-value targets such as customers and third-party vendors. Whether accidentally or maliciously, employees can share sensitive PII/PCI information over cloud-hosted documents with noncompliant recipients. With these lapses being stringently penalized under regulations such as GDPR and CCPA, organizations need to safeguard compliance by investing in both native and third-party security controls for file-sharing applications.

While Box Shield effectively secures your Box environment, lateral data loss over applications like email and messaging is prevalent. Since the security solutions analyzing each environment are siloed, organizations lack a unified layer of context to protect their communications. Box customers can augment native Box capabilities with Armorblox for complete protection against targeted attacks and data loss across cloud office applications.

Armorblox for Box

Armorblox is a cloud office security platform that protects enterprise communications across email, messaging, and file-sharing services using natural language understanding (NLU). The platform connects with Box over APIs to analyze thousands of signals across identity, behavior, and language. Organizations can use pre-configured Armorblox policies to stop malicious URLs and attachments, prevent PII/PCI disclosures, and protect against lateral data loss across cloud applications.


Integration Features

  • Detect and delete malicious zero-day URLs and malware shared over Box or stored on Box.
  • Detect accidental or malicious data loss over Box files such as SSNs, bank account details, and unencrypted passwords.
  • Prevent lateral data leaks across Box, email, and messaging services.
  • Study detailed message-specific analysis that draws insights from identity, behavior, and language signals.
  • Leverage preconfigured policy actions to automatically warn users of noncompliant actions, delete malicious Box files, and block data leaks.
  • Send Armorblox detected Box incidents to downstream SIEM and SOAR solutions over APIs.

Use Case 1: Stop Phishing Attacks Hosted on Box


The decentralized nature of cloud-hosted files often brings data protection and compliance into question, especially if an employee’s Box credentials are compromised. Attackers can host malicious URLs or malware on enterprise Box accounts to attack high-value targets such as customers and third-party vendors. In case these are zero-day attacks, the payload can reach thousands of targets before someone reports it and gets it taken down.


Armorblox analyzes all unstructured Box files to build baselines around identity, behavior, and language for every organization. Armorblox also leverages threat feed data and global insights from its cross-organizational ML model. These thousands of signals enable the platform to detect zero-day links hosted on or shared over Box files, including links with multiple redirects and lookalike pages. Security teams can set predefined actions that automatically delete or quarantine malicious Box files.


Fig: Detect and stop the loss of sensitive data on Box with Armorblox


Armorblox safeguards your organization’s reputation by stopping these attacks before adversaries weaponize public cloud-hosted files to compromise vendors, suppliers, and clients. Detecting every malicious URL enables security leaders to accurately measure and contain risk exposure. Customizable actions (quarantining, deleting) help security teams assign response steps according to the severity of the violation, safeguarding people and data without sacrificing organizational productivity.

Use Case 2: Prevent Lateral Data Loss Across Box and Email


The disparate and siloed nature of DLP solutions has made it tougher for security teams to gain visibility over sensitive data, whether at rest or in transit. Since there’s no universal context identifying data as sensitive across applications, an employee can easily download sensitive data from Box and share it with noncompliant recipients over email.


Armoblox connects with email, messaging, and file-sharing services over APIs to build contextual baselines that run across applications. Based on preconfigured policies and user-defined inputs, the Armorblox platform has a universal understanding of what constitutes sensitive and confidential data. Organizations can set predefined actions that warn users of noncompliant actions and block confidential/sensitive data from being shared with unauthorized parties.


Fig: Stop lateral data loss across Box, Slack, and email with Armorblox


Armorblox helps security teams avoid the swivel-chair fatigue that comes from piecing together context across multiple security solutions. Predefined and automated response actions ensure compliance while also minimizing manual, repetitive work. Customizable actions (warning, blocking, deleting) help security teams assign response steps according to the severity of the violation, safeguarding people and data without sacrificing organizational productivity.

We hope you found this integration overview useful! To learn more about the Armorblox integration with Box, download our solution brief below.

Get Solution Brief

Read This Next