How does GLIMPS protect Google Workspace email accounts?

Whether for its ease of use or the productivity gains it delivers on a day-to-day basis, Google Workspace has made a name for itself worldwide, with no fewer than 9 million companies now using the solution.

With its enterprise messaging (GMAIL), videoconferencing solution (Google Meet) and file-sharing system (Google Drive), the Google Workspace collaborative work environment has become one of the market leaders.

Unfortunately, as is also the case for Microsoft 365 environments, Google Workspace is today the target of cybercriminals who use and abuse advanced strategies to break into corporate information systems.

While Google already offers solutions to limit intrusion attempts, the lack of information on how these native solutions work can quickly become an obstacle for SOC teams, who need visibility and, in the worst case scenario, open up a vulnerability following a configuration error.

In response to this challenge, the use of a third-party application offering more advanced detection capabilities and greater visibility for SOC teams can reinforce the security of GMAIL messaging.
With this in mind, GLIMPS has developed a new connector for Google Workspace, integrated into its GLIMPS Malware product. Here’s how it works.

Despite the growing adoption of technologies such as instant messaging (Teams, Slack) and videoconferencing, the use of traditional messaging remains at the heart of modern business operations.

Yet a successful cyberattack often means paralysis, with servers shutting down or customer data lost. It most often starts with the sending of a malicious e-mail, as observed by Vade Secure. According to the company, no less than 90% of cyberattacks involve e-mail as one of the primary attack vectors.

A trend which, according to Hewlet Packard, can be explained by a shift away from the use of macros towards other code execution techniques, notably the exploitation of software vulnerabilities. In the fourth quarter of 2023, in the majority of cases, these attacks would have involved the use of PDF, Excel, Doc, Docx or Docm documents. A well-known modus operandi whose aim is to exploit vulnerabilities in the Office suite, which has evolved as Cédric GIBERT, Product Director at GLIMPS, points out: “It’s not always necessary to invent sophisticated malware. Cybercriminals often rely on simplicity and cunning, hiding their intentions under several layers to evade detection. For example, they may hide a malicious Excel file in a PDF. If the Excel file was directly attached, security systems would probably have detected it as dangerous. By hiding it in a PDF, attackers are able to bypass security measures.” This is where Deep File Inspection (DFI) technology, which involves the in-depth inspection of files by breaking them down into individually analyzed sub-files, can demonstrate its formidable effectiveness. GLIMPS is currently one of the pioneers in this field.

The ingenuity of these attackers raises questions about Google’s ability to detect all these threats.

While GMAIL features particularly robust anti-phishing detection filters, malicious payloads packaged in files remain difficult to detect.

To overcome this constraint, Google integrates sandboxing solutions that are used to analyze attachments to detect ransomware, or any other malware, whether known or unknown (Zero-day).

However, the user experience isn’t necessarily up to scratch, as the expert points out: “It’s extremely time-consuming, taking between 30 seconds and a minute, which can be a deterrent for the end-user. Let’s be clear: fast sandboxing solutions are not very effective. There’s no secret: either you take the time to do a full dynamic analysis, and it works, or you don’t take the time, and the result is often not up to scratch”.

That’s why companies need to adopt a multi-layered protection approach incorporating third-party solutions to effectively protect their messaging. This means that, even if Google’s in-house tools fail, the third-party tool will be able to detect the threat before it infects an employee.

This observation is shared by Gartner, which recommends the use of third-party solutions based on Machine Learning, Natural Language Processing and Computer Vision algorithms.

It’s no longer a question of simply checking whether a file is malicious, but of analyzing it in depth. This is where orchestration and Deep File Inspection (a term suggested by Gartner) come in. This approach uses numerous tools inherited from reverse engineering coupled with artificial intelligence to detect new malware variants, rather than simply determining whether a file is malicious or not.

Finally, by integrating a third-party tool, SOC analysts gain simpler access to real-time threat intelligence without having to use Google’s security solutions. For example, log transfer from Google Workspace requires the user to create a Google Cloud account. In comparison, a third-party tool accessing the feed can more easily transfer the data to the desired SIEM and provide more in-depth details than Google’s solutions can provide.

Based on Deep Learning, GLIMPS Malware technology extracts suspicious signatures using a static analysis of computer code. Called “concept-code”, this mechanism enables in-depth, accurate analysis without the need for a decompilation stage. A technology offering detection capabilities far exceeding those of traditional antivirus software including those using machine learning technology.

“Unlike native antivirus solutions, which take a few milliseconds to analyze a file, GLIMPS performs this analysis in around 3 seconds. Although longer than conventional antivirus solutions, this timeframe is perfectly compatible with the user experience expected when processing emails. GLIMPS thus offers finesse, precision and depth of analysis comparable to that of a sandbox, but much faster.”

The GLIMPS solution features a Google Workspace connector for interfacing with its API.
In concrete terms, when an e-mail is received, it appears with a “not analyzed” label. The connector automatically retrieves the e-mail and analyzes it using its artificial intelligence engines. In just a few seconds, if it is clean, the e-mail is labelled as “safe”, and the user can open it with complete peace of mind from his or her inbox.

If an e-mail is received and found to be malicious, it is redirected to the security team’s quarantine box. The administrator accesses a detailed report via GLIMPS Malware Expert, enabling him to qualify the incident.

In the event of a doubt being raised, the administrator can consult the result of the analysis and apply a manual remediation action by releasing the e-mail with the attachment. The e-mail is then received by the recipient with the “quarantine” label and a comment from the administrator, confirming that it has undergone special treatment and ultimately poses no risk to the recipient.

Despite being one of the leaders in the field of collaborative work environments, Google Workspace remains fallible and unsuitable for SOC analyst teams. To meet this challenge, GLIMPS offers advanced protection thanks to its concept-code technology. Unlike native solutions, GLIMPS detects new threats quickly and accurately, while remaining compatible with the user experience. Its API connectors enable SOC teams to deepen their analysis and improve incident response. By using GLIMPS, companies can strengthen the security of their messaging systems against cyber-attacks.

To find out how GLIMPS can strengthen the security of your communications, contact usContact today and request a demo of our solutions.