To ensure protection to admins and the control over their users and organizations against security threats and abuse, Google introduces new advanced security features to Google Workspace.
According to Google, they are upgrading its Alert Center’s alerts by integrating with VirusTotal threat context and reputation data. When an Alert Center notification contains a support VirusTotal entity, such as a domain, file attachment has, or IP address, a VirusTotal report enrichment widget (VT Augment), will be shown right in the Alert Center Dashboard. For paid VirusTotal subscribers, an enhanced version of the report will automatically populate.
Enhanced reports contain advanced threat analysis details such as:
• Indicators of compromise: See threat relationships with other artifacts in the VirusTotal dataset, allowing analysts to map out threat campaigns and pinpoint malicious network infrastructures like command-and-control servers, distribution sites, and more.
• Threat graph: Visualize threat relationships graphically so that analysts can easily make quick and accurate determinations for any alerts.
• Multi-angular detections: Enhanced reputation information via crowdsourcing of YARA, SIGMA, and intrusion detection system rules.
• In-the-wild details: Understand geographical and time-spread details for threats, common attacker deception techniques, and more through VirusTotal submission metadata.
• One-click search pivots: Immediately launch VirsuTotal Enterprise advanced searches to uncover other related malware in VirusTotal.
Google notes that the VirusTotal provides an investigation layer on top of alters, but isn’t being used directly for detection or alterting. Additionally, no customer information is shared from Google to VirusTotal except when the admin clicks to retrieve a VirusTotal report for a specific entity.
These enhancements are starting to roll out in the coming weeks for Google Workspace Business Plus, Enterprise Standard and Plus, and Education Standard and Plus licenses.
Google is also introducing User Blocking in its Drive, which will help users in three ways:
• Block another user from sharing any content with you in the future.
• Remove all existing files and folders shared by another user. This is used to get rid of all spam or abusive content shared from a specific user.
• Remove another person’s access to your content, even if you’ve previously shared it with them.
Drive user blocking controls are rolling out over the next few months.
Furthermore, Google has launched two enhancements for restricting Google Workspace resource access: blocking all OAuth 2.0 API access with app control , and new context-aware access for Google mobile and desktop apps.