Let’s face it - attackers are known to take advantage of any and all opportunities to exploit and abuse users and organisations. One such example of this is when, in October 2014, Snapchat fell victim to bad actors and potentially hundreds of thousands of teenagers’ images were leaked from third-party servers (source). The rise of cyber attacks is the reason that safety and security are at Google’s core. In this blog, I will go over the new advanced admin security features available to admins and users (you can read the full announcement here).
Alert Centre enrichment with VirusTotal threat context
The Alert Centre has been an important feature used by IT admins to maintain the security of organisations’ safety and security. It provides admins with the ability to receive actionable, real-time alerts and security insights about the important security-related activity in their domain.
Recently, Google announced that they are enriching the Alert Centre with industry-leading VirusTotal threat context and reputation data. This allows IT admins will be able to investigate alerts in more detail. Notifications will now contain:
Indicators of compromise: Monitor and analyse latest threat relationships within the VirusTotal dataset;
Threat graph: Data visualisation of threat relationships providing accurate determinations for any alerts they study;
Multi-angular detections: Enhanced reputation information via crowdsourcing of YARA, SIGMA, and intrusion detection system rules;
In-the-wild details: Understand common attacker deception techniques, and more through VirusTotal submission metadata; and,
One-click search pivots: Immediately launch VirusTotal Enterprise advanced searches to uncover other related malware in VirusTotal, all with a single click following a suspicious-threat attribute.
User blocking in Drive
Google Drive has proven to enhance productivity and collaboration for many users; however, bad actors are able to abuse tools that are meant to facilitate this. Hence the importance of stringent security controls. Recently, Google announced that they are rolling out user blocking as part of the effort to improve security measures.
User blocking will help protect Drive users in three ways:
1. Block another user from sharing any content with you in the future. This can be a useful control if, for example, another user has a history of sending spam or abusive content.
2. Remove all existing files and folders shared by another user. This is an easy way to get rid of all spam or abusive content shared by a specific user at one time.
3. Remove another person’s access to your content, even if you’ve previously shared it with them.
Restricting access to Google Workspace resources
With the introduction of stricter government regulations regarding the protection of personal information, organisations are seeking to protect any and all sensitive data not only from bad actors but also from apps that are not compliant.
In order for IT admins to control access to data with more precision, there are now two enhancements for restricting Google Workspace resource access: blocking all OAuth 2.0 API access with app access control and new context-aware access for Google mobile and desktop apps.
Google now allows admins to control access to Google Workspace data by third-party and internal apps. Additionally, there is a new setting that enables admins to block all third-party API access to Google Workspace and end-user data. When enabled, users can’t use their Google Workspace accounts to sign in to third-party apps and websites.
Taking the safety and security of your organisation’s data seriously is crucial in the 21st century. Google is constantly and consistently reevaluating its security controls to ensure IT admins are able to effectively manage these safety measures. There will always be bad actors waiting on the sideline for an opportunity to take advantage of users and organisations’ data. With this in mind, Google’s main concern is keeping its customers’ data safe at all times. You can read the full announcement here. To find out more about Google Workspace or other Google products, you can contact us here.