Collecting Google Drive Activity in Magnet AXIOM Cyber
With AXIOM Cyber you can now get even more Google Drive Activity data from Google Workspace thanks to the ability to collect a record of user activity on a Google Drive account.
One of the most popular cloud-based tools for businesses is Google Workplace, which provides an integrated suite of cloud-native collaboration and productivity apps—including Google Drive.
While the flexible sharing and storage capabilities of Google Drive are important elements for collaboration in modern workplaces, the increased availability of corporate data needs to be trackable to manage the risk of data exfiltration.
Activity That Can Be Collected From Google Drive in AXIOM Cyber
When data exfiltration is suspected to have occurred in your organization, AXIOM Cyber can be used to collect Google Drive activity as artifacts, including action details like Create, Edit, Move, Rename, Delete, Restore, PermissionChange, Comment, DataLeakPreventionChange, and more.
Once the Google drive activity is in AXIOM Cyber, there are a range of features that can be used to further understand the extent of the exfiltration.
- Timelines – Intentional insider exfiltration most commonly occurs one month before or after a resignation. In AXIOM & AXIOM Cyber, you can build a timeline of events around those dates to examine activity within that window to help narrow in on suspected data exfiltration.
- Connections – The connections feature outlines the path of files and documents to provide insight on where they went, who they were sent to and who sent them.
- Magnet.AI – A common way that bad actors attempt exfiltration is through the use of screenshots. Using artificial intelligence, Magnet.AI will immediately surface screenshots no matter where they’re saved in the evidence and uses OCR to identify the content of images.
For a walk-through of the initial setup required to use AXIOM Cyber in your Google Workspace investigations, checkout our recently updated article: Google Workspace in Magnet AXIOM Cyber.
The Risk of Authorized Insiders
Google Workspace includes several controls to prevent phishing and Data Loss Prevention, however the biggest risk of data exfiltration is from within an organization. 43% of data breaches are caused by insider threats with users exfiltrating data that they are already authorized to access.
In approximately half of cases, data exfiltration by insiders is accidental or the result of not following proper IT protocols. Regardless of the intent, the exposure of company data can be very costly. The intellectual property (IP) value of Fortune 500 companies can represent over 65% of their total value and as much as 90% of technology-based companies value.
Get Magnet AXIOM Cyber Today!
Regardless of what platform your company uses to manage data storage and collaborations, with AXIOM Cyber you can quickly investigate suspected exfiltration to help protect your organization’s valuable data.
To try AXIOM Cyber for yourself, request a free trial today!