Google rolled out today a series of security-themed updates to G Suite, its an enterprise productivity suite, a product similar to Office 365, made up of commercial versions of Google services such as Gmail, Docs, Sheets, Sites, Slides, Drive, and more.
Today's updates impact only admin accounts of G Suite offerings, who now have access to new features in their respective security alert centers.
Probably the most useful feature rolled out today is a new type of security alert that triggers when a "data export" operation was initiated for a business domain's data.
Such operations usually take place in two scenarios --either when an admin is performing a backup operation, or when an attacker using a compromised account is attempting to export and steal information from a company in bulk.
Since data export operations take around 72 hours to finish, according to Google, this would give enough time for the legitimate admin account owner or other admin accounts to spot and investigate the ongoing export, and possibly detect any intrusions before any data theft happens.
Google also rolled out an alert deletion option. This new feature allows users to delete alerts, but also keep the alerts on hand for 30 days, allowing admins to reinstate or investigate deleted alerts.
This, again, is a very useful feature in the case of admin account compromises, where the attacker might delete security alerts before the real admin sees them.
Another new security-focused feature included in today's massive G Suite update is improved phishing detection for Gmail accounts managed through a G Suite console.
"We're leveraging machine learning to generate alerts on suspicious incoming mail in Gmail," Google said today. "The new alerts will notify admins when malware or phishing is detected after an email has been delivered to user inboxes. In these events, admins in G Suite Enterprise domains can proactively investigate the emails and if necessary, bulk remove suspicious emails from users' inbox."
Last but not least, Google also added a new button on the alerts page. This button allows admins to trigger a one-click search for email or IP addresses in previous G Suite logs, allowing the admin to get a better view of past activity related to a suspicious item.
In the previous months, Google also rolled out G Suite features that let admins remotely lock company-owned Android devices, and Google also enabled (by default) security alerts for situations where Google believes a company has been the target of cyber-attacks from government-backed cyber-espionage groups.
More security coverage:
- Ransomware suspected in cyberattack that crippled major US newspapers
- Security researcher cracks Google's Widevine DRM (L3 only)
- EU to fund bug bounty programs for 14 open source projects starting January 2019
- City of LA sues Weather Channel app for sharing location data with advertisers
- Most home routers don't take advantage of Linux's improved security features
- Marriott says less than 383 million guests impacted by breach, not 500 million
- Why router-based attacks could be the next big trend in cybersecurity TechRepublic
- Security researchers find flaws in chips used in hospitals, factories and stores CNET