Google Brings Data Export, Phishing Alerts to Domain Admins

by Chris Brook on Wednesday January 9, 2019

Contact Us
Free Demo
Chat

Google now makes it possible for admins to better see phishing emails and data exports from business web domains.

Google announced this week that it's rolling out a handful of new alert features for domain administrators to gain more insight into malware, phishing, and data exfiltration across their environment.

Included in the updates are phishing alerts that inform admins when a suspicious email has arrived and a data exfiltration alert that informs admins when a data export activity has been initiated.

Admins also have the ability to delete alerts, and dig deeper – via links from G Suite – into audit logs surrounding alerts to gain insight around past user activities. Google lets admins access multiple audit logs, including logs that keep track of conversations in Hangouts, devices used across their organization, along with successful and failed logins to SAML applications, to name a few.

These logs can be used in conjunction with the company's investigation tool, launched last year, to identify security issues within their domain.

The features, which are turned on by default, are already available for admins who oversee rapid release domains and scheduled release domains.

While helpful and certainly welcome additions for G Suite admins, the features still lack the advantages of enterprise class data loss prevention.

For one, the features are limited to Google's own products, like Google Docs and Gmail, something which could curb their effectiveness for admins. Google's data export alert only provides context around a particular set of users: super administrators who export data, via the Data Export tool, which allows users to export data from Google entities.

G Suite does allows admins to deploy data loss prevention rules to prevent users from sharing content but the feature is only available for top tier G Suite Enterprise and G Suite for Education users. The company also can't guarantee all sensitive data will get caught and flagged.

Tags: Phishing

Recommended Resources


  • Why EDR is important to your firm's security
  • Analysis of EDR vendor landscape
  • Breakdown of vendor capabilities
  • The Five Stages of Threat Hunting
  • A Proactive Approach to Threat Hunting
  • Expert Tips

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.