Google Workspace (formerly G Suite) is one of the easiest, free and low-barrier-to-entry ways for startups and other small-to-medium-sized companies to leverage their collaboration and email tools.
Now Google Workspace log monitoring, threat detection and response is available for free with Blumira’s Free SIEM edition. Free SIEM users can choose up to 3 cloud integrations, including Microsoft 365, Duo Security, SentinelOne, Cisco Umbrella, Webroot, Mimecast and now Google Workspace.
Earlier this year, we also doubled the length of data retention for Free SIEM users from one week to two weeks.
Every Free SIEM user gets:
- Easy setup using Cloud Connectors
- Log collection (unlimited data) and threat analysis
- Managed detections and response playbooks
- Summary dashboard and basic reporting
- Notifications (via phone call, text and email)
- 14 days of data retention
Upgrade to Meet Compliance and Gain Endpoint Visibility, Automated Response and 24/7 SecOps Support
Our Free SIEM is a great first step toward securing your organization. However, you will want to upgrade to our advanced editions if you meet any of the following criteria:
- Compliance or cyber insurance-driven – You’ll need at least one year of data retention, along with a SIEM for log monitoring, endpoint visibility and response, endpoint isolation technology, and more to meet compliance and insurance regulations to drive your premiums down.
- No 24/7 security staff – Without a large team of people fully staffed around the clock, you’ll need emergency after-hours support from an experienced Security Operations (SecOps) team, plus help from dedicated Solution Architects (SAs) to answer your security questions and help with guided response. You can also immediately block known threats or contain endpoints with our automated host isolation and automated blocking via dynamic blocklists.
- Have remote endpoints – Most companies have hybrid work models or are fully remote these days, with a need to monitor remote endpoints for threats and respond quickly when detected. Without an agent with advanced detection rules applied to your environment, you’ll have a pretty big blind spot and critical gap in security coverage.
All paid users have access to all cloud and on-prem integrations, including the following Cloud Connectors:
Detect & Respond to Google Workspace Threats
Google Workspace, like any cloud application, is not immune to security risks. Some of the top threats to look for include:
Data Exfiltration, Leaks or Exposure
This is when internal data is copied or transmitted out of your company’s domain, which can be done for malicious purposes. Blumira detects whenever a new Google document is shared externally, providing information about the user account, document file name, and shared email address. A finding is sent to your team via phone call, email or text. With that finding, Blumira provides a playbook, or a set of recommendations from our security engineering team on what next steps you can take to prevent future events.
A malicious insider is a legitimate or approved administrator or user within your domain who intentionally leaks sensitive information outside of your organization. Blumira detects when a user downloaded an item from Google Drive, which could expose internal documents and files to external entities through other methods of transporting data. Blumira notifies your team of this event and provides security advice and instructions on what to do next.
Account or User Breaches
This is when an unauthorized user gains access or attempts to gain access to a legitimate user’s account. One way this can happen is if an attacker steals a user’s login credentials. Blumira detects whenever a user has account login failures, including a large number of failures within a short period of time. While it could be due to legitimate user login failures, it could also indicate an attacker is maliciously attempting to access the user’s Google Drive account. Blumira notifies your team and sends playbook instructions on how to verify if the attempts were valid or not, and advice on how to remediate.
Elevation of Privileges
This refers to an attacker who already has access to a legitimate user account and is trying to change their access permissions to gain administrative access. Blumira detects when there’s been an administrative change in your company’s Google Workspace portal, and sends you instructions on how to verify if this was an authorized change or steps to take if you cannot verify.
Set Up Google Workspace SIEM in Minutes
Setting up an integration to collect Google Workspace logs, then send them to Blumira’s platform for advanced detection and response is quick and easy using Cloud Connectors (no sensor required).
On the Google Workspace side, you’ll need to create a Google Cloud Platform (GCP) project for your organization’s workspace, then create a service account and gather the JSON key file. Then you’ll enable admin SDK and IAM APIs for the project, and link your APIs to the service account. We provide more detailed instructions on how to complete this preliminary configuration in our documentation.
- In the Blumira app, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector. Then choose Google Workspace.
- If you want to change the name of the connector, type the new name in the Cloud Connector Name box.
- Enter your Google Workspace API credentials that you collected previously, then click Connect.
On the Cloud Connectors screen under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).
Important: If you previously deployed a sensor module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.
Get Free SIEM For Google Workspace
Sign up for our free SIEM and set up three cloud integrations in minutes today. Our managed detection rules are automatically deployed and work right out of the box, ideal for organizations with small teams. Every finding comes with instructions on how to respond to guide your team through faster resolution. See how easy it is to protect your organization with our Free SIEM.