Detect and Prevent mode provides an increased level of protection that scans email using journaling leveraging the SaaS email and storage provider APIs. Automated policy actions quarantine email messages and files that might contain such threats as malware, data leaks, and phishing attacks. User notifications and release workflows are available in this mode.
Incoming email or file arrives in the respective mailbox or storage folder.
Cloud App Security detects new that new email or file has arrived and scans it.
If an email message or file is classified as malicious, Cloud App Security takes action based on the policies that have been defined. Otherwise, the email or file is passed or stored unchanged to the intended recipient.
Optionally, the email user maybe notified of the actions taken on email messages or files sent to them.