Tech

G Suite update warns you when someone is exporting your company's data

Google also rolls out another update that lets you review deleted security alerts.

Written by Catalin Cimpanu, Contributor Jan. 8, 2019 at 8:59 a.m. PT

Google rolled out today a series of security-themed updates to G Suite, its an enterprise productivity suite, a product similar to Office 365, made up of commercial versions of Google services such as Gmail, Docs, Sheets, Sites, Slides, Drive, and more.

Today's updates impact only admin accounts of G Suite offerings, who now have access to new features in their respective security alert centers.

Probably the most useful feature rolled out today is a new type of security alert that triggers when a "data export" operation was initiated for a business domain's data.

Such operations usually take place in two scenarios --either when an admin is performing a backup operation, or when an attacker using a compromised account is attempting to export and steal information from a company in bulk.

Since data export operations take around 72 hours to finish, according to Google, this would give enough time for the legitimate admin account owner or other admin accounts to spot and investigate the ongoing export, and possibly detect any intrusions before any data theft happens.

Google also rolled out an alert deletion option. This new feature allows users to delete alerts, but also keep the alerts on hand for 30 days, allowing admins to reinstate or investigate deleted alerts.

This, again, is a very useful feature in the case of admin account compromises, where the attacker might delete security alerts before the real admin sees them.

Another new security-focused feature included in today's massive G Suite update is improved phishing detection for Gmail accounts managed through a G Suite console.

"We're leveraging machine learning to generate alerts on suspicious incoming mail in Gmail," Google said today. "The new alerts will notify admins when malware or phishing is detected after an email has been delivered to user inboxes. In these events, admins in G Suite Enterprise domains can proactively investigate the emails and if necessary, bulk remove suspicious emails from users' inbox."

Last but not least, Google also added a new button on the alerts page. This button allows admins to trigger a one-click search for email or IP addresses in previous G Suite logs, allowing the admin to get a better view of past activity related to a suspicious item.

In the previous months, Google also rolled out G Suite features that let admins remotely lock company-owned Android devices, and Google also enabled (by default) security alerts for situations where Google believes a company has been the target of cyber-attacks from government-backed cyber-espionage groups.