Google Workspace updates from October 28

New features and improvements for Google Workspace

View this email in your browser Update(s) in this email: Improved and updated security menu in the Admin Console VirusTotal integration with the security investigation tool provides deeper insight into Gmail events Improved and updated security menu in the Admin Console October 28, 2021, 2:00 pm Quick launch summary  We have updated the "Security" category within the left-hand navigation of the Admin console by:  Adding navigation access to security features previously only accessible from the Security settings page.  Adding Authentication, Access & data controls, and Security center subcategories making it easier to find the features available.  Updating the name of the Security Settings page to Overview.  We hope these improvements will make it easier for admins to discover, access, and manage our suite of security tools. The updated Security navigation within the Admin console Additional details Instead of the previous single list, security features are now categorized by Authentication, Access & data controls, and Security center.  Availability of some subcategories and features will depend on your specific Google Workspace edition: Authentication provides account and password management capabilities including: 2-step verification Account recovery Advanced Protection Program Login challenges Password management SSO with SAML applications SSO with third party IdP Access and data controls provide granular capabilities to manage your data through devices, browsers and applications including: API controls Client-side encryption Context-Aware Access Data protection Google Session control Google Cloud session control Less secure apps Security center provides advanced security information and analytics including: Dashboard Investigation tool Security health Getting started Admins: This update will be available automatically. End users: There is no end user impact or action required. Rollout pace Rapid Release and Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on October 28, 2021 Availability Available to all Google Workspace customers, as well as G Suite Basic and Business customers Resources Google Workspace Admin Help: Security and Data Protection Google Workspace Admin Help: View Alert Center notifications directly from the Admin console toolbar Google Workspace Updates Blog: One-click recommended actions in the Alert Center  Google Workspace Updates Blog: Updated design for the Admin console home page  Google Workspace Updates Blog: Easily navigate through the Admin console using the updated left-hand navigation bar  Google Workspace Updates Blog: New streamlined experience for managing users and domains in the Admin console VirusTotal integration with the security investigation tool provides deeper insight into Gmail events October 28, 2021, 11:50 am What's changing Earlier this year, we announced an integration between VirusTotal and the Alert Center, giving admins the ability to look into security alerts at a deeper level. Beginning today, admins can also use the Security  Investigation tool to view VirusTotal reports to gain richer information regarding Gmail event logs and use that information to make more informed decisions on protecting their users and data. Within the security investigation tool, you select "View VirusTotal report" for a given investigation result. The report will surface more details about potential security threats. The Standard version of VirusTotal reports includes the following: File identification: Identifiers and characteristics allowing you to reference the threat and share it with other analysts (file hashes, file type, size, etc). Threat reputation: Maliciousness assessments coming from 70+ security vendors. Threat time spread: Key dates that enable you to understand when a given threat was first observed in-the-wild and how long it's been active. The Enhanced version of VirusTotal reports includes additional features such as: Multi-angular detection: Additional threat analysis coming from crowdsourced rule matches and community scoring (for example: YARA, Sigma, and IDS rules). Allowlist information: Useful details to power false positive discarding (National Software Reference Library, Software Distributors, Microsoft Clean Metadata Feed, etc.).  Related indicators of compromise (IOCs): Examples of IOCs include a network infrastructure distributing a malware file, servers acting as a command-and-control for a given threat, first-stage delivery vectors for a file being studied, etc. Interactive threat graph: Graphical format that maps out entire threat campaigns by visualizing the relationships between IOCs. Security-relevant metadata: Includes software publisher information, identification of malicious macros in documents, Android application permissions, etc. In-the-wild details: Geographical and time-spread details for threats, common attacker deception techniques, and more, through VirusTotal submission metadata. Suspicious attribute pivoting: Clickable details in VirusTotal reports, allowing you to explore the global VirusTotal dataset for other threats that share the same properties. Who's impacted Admins Why it matters Integrating VirusTotal with existing notifications and warnings surfaced through the security investigation tool provides Admins with richer information regarding potential threats.  By giving our admins greater context over these threats, they can confidently take swift action to protect their users and data. For example, Admins can use VirusTotal to further investigate inconsistencies with users' accounts to determine whether their device is infected with a virus. Using the VirusTotal integration tool to determine whether any shared attachments are malicious and whether the attachment has been seen elsewhere across their organization. Additional details VirusTotal provides an investigation layer on top of alerts but isn't being used directly for detection or alerting.  Data (file attachment hashes) is only shared to VirusTotal after your admin selects to view the VirusTotal report. No data is otherwise shared. VirusTotal data is shared with the broader security community. This enables security vendors to collaborate with each other, share important details, and take action to fight security threats. The VirusTotal report has two versions: Standard and Enhanced. The Standard version is displayed for admins who have the Security Center > VirusTotal > View report privilege, and who have one of the required Google Workspace editions. The Enhanced version is automatically displayed for paid VirusTotal subscribers who have an active virustotal.com login session with their VT Enterprise user account. Visit the Help Center for more information. Getting started Admins: VirusTotal reports are available to administrators who have access to the security investigation too. Visit the Help Center to learn more about using VirusTotal reports in the security investigation tool. End users: There is no end user impact. Rollout pace Rapid Release and Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on October 28, 2021 Availability Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers Resources Google Workspace Admin Help: View VirusTotal reports from the investigation tool Previous Posts: Manage and share private iOS apps through Google Endpoint Management Enhanced menus in Google Sheets improves findability of key features Google Workspace Updates Weekly Recap - October 22, 2021 Google Meet meeting hosts now have more control of participant's audio and video feeds for smoother, more productive meetings Visual updates and improvements for the To, Cc, and Bcc fields in Gmail Note: We've recently changed how we send these emails. Please let us know if you have any feedback on this change here.  Google Workspace Updates Blog Google Workspace Release Calendar @GoogleWorkspace @GoogleWorkspace Google Cloud Community © 2021 Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 You're receiving this email as you're subscribed to updates from the Google Workspace Updates blog. To change how you receive these emails, update your preferences or unsubscribe from this list.