Using Splunk to Secure Your Productivity and Team Collaboration Environment

Productivity and collaboration tools are key components for any business today – we use mail, docs, spreadsheets, shared whiteboards and many other cool tools daily. In this post, we will talk about how Splunk helps teams work and collaborate securely while using Google Chrome and Google Workspace.

Google Workspace and modern browsers like Google Chrome support effective collaboration within an organization – from mail, docs, spreadsheets up to calls, meetings, and scheduling. Google Workspace provides comprehensive logging, monitoring, and audit telemetry.  Google Chrome provides many security and data protection features,from protecting end user from malware and dangerous sites and up to advanced technologies such as site isolation, sandboxing, and predictive phishing protection. Splunk’s integration with Chrome and Workspace allows companies to provide a secure working environment for their employees.

Let’s start with Chrome browser. Earlier this year, Chrome introduced the Chrome Enterprise Connectors Framework, enabling plug-and-play integration with partner solutions, and Splunk was one of the inaugural Reporting Connector partners. You can now easily have data from your Chrome browser fleet within your organization sent directly to Splunk for further forensic analysis. 

The chrome browser is the ultimate endpoint where most end-user interactions happen and most data flows cross. This makes web browsers one of the top origins for many kinds of cyberattacks – from malware transfer and security vulnerabilities, up to high-risk and unsafe end-user behavior, like visiting malicious web resources. Splunk provides a complete set of capabilities to monitor and mitigate all these attacks – please refer to "Get Extended Security Insights from Chrome Browser with Splunk" for more details.

In order to provide security for Chrome users, organizations will use the Splunk HEC and Chrome Reporting Connector. They provide Google Workspace administrators the means to connect with Splunk and configure which Chrome events to send. Today, the available security events include password reuse, password change, unsafe site visit, malware transfer, login event, password breach, and potentially unsafe content transfer. These events cover most core scenarios for malware and intrusion detection through web resources and online browsing. For more details on setup and configuration check out our demo video and our blog on how to get extended security insights from Chrome browser with Splunk.  

For businesses using Google Workspace, Splunk’s Google Workspace add-on provides comprehensive integration capabilities. This add-on enables advanced security monitoring by easily sending Google Workspace events into Splunk and utilizing out of the box and custom rulesets to analyze the data for potential security threats. Our engineering team frequently updates this add-on to keep up with new or modified event types, logs sources and metrics. Today, the add-on covers a wide range of use cases, such as:

• Analyze email metadata to help detect phishing, spoofing, malware distribution, spam, data exfiltration and other email-focused attacks.
• Monitor user activity in Google Drive to detect suspicious activity that could indicate abuse or an attack. Get visibility into items such as unsafe content, sensitive document access, suspicious visibility, and access changes.
• View login trends for users and key security events such as leaked passwords, failed logins, blocked logins, and suspended users.
• Create, delete, grant, and revoke privileges.
• Analyze and monitor user logins, authorized apps, locked accounts, and other usage metrics.

To get started today monitoring your Google productivity tools with Splunk, you can visit our Splunkbase page for the Chrome Add-on for Splunk or the Splunk Add-on for Google Workspace. Gain some peace of mind that your Google users are getting business done in a safe and secure way. Stay tuned for updates on Splunk and Google!