Back to BlogSecuring Remote Work: Detection & Response With G Suite
The rise of remote work has accelerated the digital transformation and global shift to increased reliance on cloud-based remote access, productivity and collaboration tools.
With this change comes a significant increase in targeted attacks on cloud productivity tools like G Suite. All too often does early detection of an attack go overlooked by security and IT teams, leaving a crucial gap in the time it takes to respond and contain a potential threat.
Blumira can help you secure your distributed remote workforce, including collaboration, productivity and cloud tools by detecting and responding to an increase in remote attacks – as we’ve seen an 85% rise in unauthorized remote access attempts since late last year.
For more tips on how to secure your remote workforce, register to attend our joint virtual roundtable with Google next Thursday, Sept. 24. In the Google Cloud Digital Forum: How to Secure G Suite & Your Remote Workforce with Google Cloud and Blumira, participants will offer tips on how to implement best security practices for a remote workforce, including how to integrate Blumira with G Suite for detection and response.
In this webinar, you’ll learn:
- How to protect your G Suite environment using best security practices
- What types of security findings you should be able to detect, alert and respond to
- How you can easily detect early indicators of a compromise within G Suite
Blumira Joins Google Cloud Partner Advantage Program
Blumira integrates with cloud-based productivity tools like Google’s G Suite and Microsoft’s Office 365 to monitor for any suspicious activity and indicators of potential internal and external threats.
To provide value for Google Cloud customers, Blumira joined the Google Cloud Partner Advantage Program to offer a security integration for organizations that rely on G Suite to support their remote workforce’s productivity.
Learn more by visiting Blumira’s Google Cloud Partner page.
Examples of Blumira Detections for G Suite
Once easily integrated with G Suite, Blumira streams security events and logs to its platform to parse, analyze and correlate data for automated threat detection and response.
Blumira detects and alerts IT teams of G Suite activity in near real-time, including when users download or externally share G Suite documents that may present an exposure risk to internal information.
An example alert can be found below, sent via email to our administrators when I shared a document with an external participant:
Below you can see another example of a similar detection and response workflow in the responder view of Blumira’s platform:
In this example finding, external document shares are categorized as a data exfiltration threat, at level Priority 3. Data exfiltration refers to when an adversary is trying to steal data, typically following other attacker tactics like discovery, lateral movement, etc.
If data is leaving your network (unauthorized), it means you’ve had an intrusion, and it indicates that earlier protective measures prior to exfiltration failed to detect or prevent against stolen data. Learn more about detecting data exfiltration in Top Security Threats: Detecting Data Exfiltration.
Along with the detection, Blumira’s platform provides pre-built security playbooks to walk your team through next steps and response, as well as additional stacked evidence for further investigation or reporting/compliance purposes – information such as the timestamp of the detection, actor email address (who did the sharing of the doc), document title, type, event name and target email (who the doc was shared with).
Blumira also detects identity-related incidents, such as G Suite administrative role changes or multiple G Suite account login failures that could potentially indicate repeated access attempts by an attacker with malicious intent.
Watch a demo to learn how Blumira provides automated threat detection and response in one easy-to-use platform.