G Suite Security Monitoring with USM Anywhere

May 18, 2017  |  Ryan Leatherbury

Organizations have been using Google’s G Suite (formerly Google Apps) business productivity and collaboration tools for over a decade. Yet security concerns grow as organizations turn to cloud applications like G Suite to store their business-critical data. Organizations need complete visibility of their data integrity, privacy, and user access activities within G Suite.

To help our customers address their G Suite security monitoring needs, we recently launched the AlienApp for G Suite, which enables G Suite threat detection and incident investigation directly from USM Anywhere. It allows you to monitor and analyze user and admin activities in G Suite cloud applications, including Gmail, Google Calendar, and Google Drive (Docs, Sheets, Slides, and Forms).

With the AlienApp for G Suite, USM Anywhere users can track user activities, monitor changes to files and policies, and be alerted to suspicious or anomalous activities within G Suite. The app further extends the security orchestration capabilities of USM Anywhere, helping small to mid-sized security teams to monitor their G Suite environments alongside the rest of their critical infrastructure: physical or virtual on-premises, AWS or Azure clouds, or any hybrid of.

Let’s take a closer look at some key features of the AlienApp for G Suite.

Anomaly Detection with G Suite Dashboards

With USM Anywhere, you have at-a-glance summaries of user activity with pre-built dashboards that show trends and summaries of G Suite activities. For example, the G Suite Audit dashboard summarizes login attempts and failures based on user, country, and source IP address. You can drill down on any data point to investigate further, faster.

G Suite Desktop

Alarms & Pre-Built Correlation Rules for G Suite

With out-of-the-box correlation rules written specifically for G Suite, USM Anywhere generates alarms by keying off the events collected by the AlienApp for G Suite. Alarms notify you of suspicious activity, such as when a user:

  • Enables data sharing with malicious entities outside of the organization, possibly resulting in a breach of confidential data
  • Restores files in Google Drive, indicating a possible attempt to retrieve historical data
  • Disables two-factor authentication making a user’s account more susceptible to exploit
  • Fails at multiple login attempts indicating a potential brute force attack

These are just a few examples of the out-of-the-box correlation rules we include with the AlienApp for G Suite, not to mention the ability to create custom orchestration rules and alerts based on your unique environment and security monitoring needs.

Advanced Search & Analytics Capabilities that Accelerate Threat Investigation

The AlienApp for G Suite shows you a wealth of events from your G Suite environment and uses Elasticsearch capabilities to make searching, filtering, and analysis fast and efficient. As you explore the Activity Events page or drill down from a dashboard or an alarm, you’ll notice that you can quickly filter and identify activities related to specific users, helping you to detect insider threats sooner.

Events related to Google Drive include file access, file changes, uploads, and downloads. Google Audit events provide visibility into user login activity, as well as admin user creation, user deletion, and password changes.


USM Anywhere’s AlienApp for G Suite provides you with several key benefits including:

  • Deepens security visibility of G Suite
  • Enables faster, more efficient G Suite threat detection and investigation
  • Out-of-the-box correlation rules and dashboards so you can start monitoring your G Suite environment on Day One.
  • A unified view of your S Suite vulnerabilities, threats, and users in a single, affordable solution.

Start your Free 14-Day Trial of USM Anywhere today to Discover All the G Suite Security Monitoring Capabilities!

Share this with others

Get price Free trial