Here’s why you need CASB, SASE, DLP, Data Lifecycl...

Early_Adopter · ‎03-06-2024

… and a whole lot of analytics!

Maybe Google will “Chronicle” this… 😛

https://www.bbc.com/news/world-us-canada-68497508

Caute_cautim · ‎03-07-2024

@Early_AdopterSecurity the AI models from the outset, would have reduced some of these issues. But without it being built in from the outset, we are all in experimentation land and catch up mode.

This issue should have been detected a lot earlier on.

Regards

Caute_Cautim

Early_Adopter · ‎03-07-2024

With the right kit and integrations this kind of behaviour is detectable at outset in real time and straight up preventable.

The attacker took critical company data and sent it to his personal Google account, just with a CASB there are at least five vendors that can detect and prevent that out of the box.

Add in the rest of the controls and send them to a good SIEM, and do anomaly detection and properly staff it. Well, probably you’re looking at a 10-20 million dollar investment for a company the size of Google with its assets, however this was not a skilled attacker so you could have been aware from the moment he tried to take the first file, and very likely before. Just a policy preventing transfer of documents to a personal Google Google account would have detected and prevented this.

However as a very good salesman once said:

”No one want’s back-up, everyone wants recovery…”

Here’s why you need CASB, SASE, DLP, Data Lifecycle Management(Including classification), UEBA, PAM!