Cloud productivity suites like Google’s G-Suite are becoming increasingly common as organizations continue to migrate toward cloud-based solutions across the board. Yet few organizations using G-suite are prepared to detect and respond to threats targeting their environment or their users, leaving them vulnerable to a growing number of attacks specifically designed to exploit cloud productivity suites. This problem is particularly acute with a highly distributed user base working around the clock.
LogicHub’s 24x7 MDR analysts analyze audit logs either collected directly from G-Suite via API, or from any SIEM/log management platform, depending on the individual organization. Using a combination of built-in machine learning and expert-defined feedback in our playbooks, analysts can establish an automated baseline of multiple vectors, like authentication and login behavior, geolocation and activity volume. Deviations like suspicious login activity from multiple sites in an unlikely timeframe or abnormal activity during non working hours can be investigated and triaged for either immediate one-click or fully automated response, or for additional investigation by the LogicHub SOC.