Google is rolling out new advanced security defender features for Google Workspace to help admins combat cybersecurity threats.
Google is tapping parent company Alphabet’s VirusTotal, a malware research website Google bought in 2012, for a new capability within Google Workspace’s Alert Center.
The Alert Center will now feature real-time alerts with insights about security events in the admin’s domain that are powered by VirusTotal.
The goal is to help reduce the load on admins of security notification noise and provides a unified view of the most critical alerts, according to Google.
VirusTotal in 2018 moved to Alphabet’s Chronicle enterprise cybersecurity division, which is now part of Google Cloud. Chronicle provides cloud-based security information and event management (SIEM) services not unlike Microsoft’s Sentinel SIEM.
The VirusTotal integration helps admins dig deeper into security events and covers supported VirusTotal entities, such as a domain, file attachment hash, or IP address.
This capability follows last week’s release by VirusTotal of VT Augment — a way for displaying VirusTotal in third-party security products such as CrowdStrike’s recent integration of its Falcon product with Google Cloud, including Chronicle, VirusTotal Enterprise and Google Cloud Security Command Center.
Paid VirusTotal subscribers will get richer malware hunting reports, including indicators of compromise to see links between things in the VirusTotal dataset, a threat graph to visualize threat relationships, and crowdsourced reputation information. It also provides information about how malware spreads across geographies based on malware submissions to VirusTotal as well as quick search options.
“No customer information is shared from Google to VirusTotal except when an admin clicks to retrieve a VirusTotal report for a specific entity,” Google says.
“These enhancements are starting to roll out in the coming weeks for Google Workspace Business Plus, Enterprise Standard and Plus, and Education Standard and Plus licenses, and will help empower admins to take an in-depth look at threats and potential abuse to better protect their organizations.”
Google is also offering admins a way of locking down Google Drive accounts that are being misused by insiders.
Admins will be able block another user from sharing any content with you in the future. This control could help when another user within a domain has spammed people or sent abusive content.
Admins can also remove all existing files and folders shared by another user and remove another person’s access to a user’s content, even when information has previously between shared between them.
“User blocking will not only preserve Drive sharings’ helpfulness, but most importantly preserve the safety of Drive users. Drive user blocking controls are rolling out over the next few months,” Google says.
Google is also rolling out more granular controls to help restrict access to Google Workspace resources, including blocking all OAuth 2.0 API access with app access control and new context-aware access for Google mobile and desktop apps. This is meant to address situations where scammers or attackers using apps to trick users into granting access to company data.
App access control gives admins the controls to choose whether to trust, limit, or block access to Google Workspace data.