Spinbackup’s new Custom Policies allow for greater flexibility in customizing G Suite Apps Audit, Data Audit, and Domain Audit related policies. It includes additional settings that enable G Suite administrators to customize the handling of various events along with the associated actions for those events. Custom Policies allow a more granular control over Security Policies in the environment, allowing for specific rule scopes, exceptions, and notification settings on a per rule basis as well as prioritizing the processing order of the defined Custom Policy rules.
Overview of Custom Policies Rule Types
The new Custom Policies feature set includes the following Rule Types:
Apps Audit Policies
- Blacklist and Whitelist – This allows blocking or whitelisting the name of an application found in the G Suite Marketplace, or listed in the Apps Audit screen.
Data Audit Policies
- Shared Items Control – This disables sharing of files to a specific domain, including external, as well as specific users. Furthermore, it allows G Suite administrators to be notified if the ownership of the file was changed as well.
- Ransomware Protection – Enables automatic actions to be taken when Spinbackup detects the synchronization of Ransomware encrypted files. These actions include the automatic restoration of encrypted files, revoking access to the synchronizing application, and sending notifications for encryption events.
- Sensitive Data Detection (CCN) – Notifies the G Suite administrator when a message contains sensitive information such as credit card number (CCN).
- Restore Filtration – This prevents the restoration of emails with predefined subjects, sender email addresses, or domain names.
Domain Audit Policies
- Abnormal Download Detection – Sends out a notification if a user downloads a specified number of files in bulk.
- Abnormal Login Detection – Sends out a notification when a brute force login attack is detected.
Creating Custom Policies
The process of creating Custom Policies is easily completed in three simple steps – Scope, Conditions and Actions, and Summary.
To start creating and configuring the new Custom Policies, please navigate to the Cybersecurity section within the left navigation panel, and then click Security Policies.
This brings up the Custom Policies screen. Notice the Create Rule and Remove Rule, as well as the Change priority buttons. Using these buttons, new rules can be created, existing rules can be removed, and the priority of the rules can be altered. The rules are processed in the order they are listed. Users can drag and drop the rules to change the order/priority. Also, the status button can be changed from On to Off to effectively enable or disable a rule.
Clicking the Create Rule button launches the wizard to create the new security policy. As mentioned, there are three steps to create the rule set – Scope, Conditions and Actions, and Summary.
Step 1 – Scope
In the Scope screen the following is defined:
- Rule Name – A name for the custom policy
- Rule Description – Description for the custom policy (optional)
- Rule Type – Determines which type of policy is being defined – App, Data, or Domain Audit Policies
- Scope – Defines the users affected by the policy. Possible values are Everyone, User, Organization Unit, and User and Organization Unit
- Exception – Exceptions to the policy rule
Step 2 – Conditions and Actions
The Conditions and Actions screen will change depending on the type of Custom Policy being defined. Below are the Conditions and Actions to be configured for each of the Custom Policies Rule Types.
Apps Audit Policies
Blacklist and Whitelist
- Application Name – This field contains the application’s full name, or part of the name, as found in the G Suite Marketplace or the Apps Audit section.
- Application Category – Detects all applications under the defined application category.
- Application Risk Rate – Detects all applications under the chosen risk rate.
- Use Apps Audit Blacklist Check – If this checkbox is enabled, it will compare detected applications with the blacklist in the Apps Audit section. This rule will be skipped if the blacklist doesn’t contain the detected application.
- Use Apps Audit Whitelist Check – If this checkbox is enabled, it will compare detected applications with the whitelist in the Apps Audit section.
- Remove Application – When selected, the application is removed.
- Send Notification – Sends notification.
Data Audit Policies
Shared Items Control
- File name – You can add the full name of the file or add part of the file.
- Check domains – When checked, Spinbackup will analyze all external domains.
- Check domains or users – If this field is selected, it will analyze files shared with mentioned domains or users.
- Revoke sharing permissions – If selected, it will revoke all sharing permissions for third-party users.
- Send notification – If selected, Spinbackup will send a separate email for each detected sharing event.
- Change the owner – If selected, Spinbackup will change the owner of the detected files with the chosen user.
- Restore encrypted files automatically – If selected, Spinbackup will automatically restore files encrypted by ransomware.
- Revoke an access – By selecting this option, Spinbackup will automatically revoke access for the synchronization application.
- Send notification – Spinbackup will send a separate email for each detected encryption event if checked.
Sensitive Data Detection (CCN)
- Internal Mail Filter – When selected, Spinbackup will skip all emails with CCN information sent inside your domain.
- Send notification – When selected, Spinbackup will send a separate email for each event where sensitive data was detected.
- Subject – When selected, our system will automatically prevent the restoration of emails with subjects under this filter. This field should contain the full subject or its parts.
- Sender – If checked, Spinbackup will automatically prevent the restoration of emails whose sender is under this filter. This field should contain the full sender’s email or a domain.
Domain Audit Policies
Abnormal Download Detection
- Number of files – If this checkbox is enabled, Spinbackup will detect the download with the help of our machine learning algorithms.
- Period – Possible values are 15, 30, 45, and 60 minutes.
- Send notification – When enabled, Spinbackup will send a separate email for each detected download.
Abnormal Login Detection
- Send notifications – If this checkbox is enabled, Spinbackup will send a separate email for each detected brute force event.
Step 3 – Summary
The summary screen will show the configuration options selected in the Custom Policy wizard. Review the information and, if needed, click the Prev button to change the Scope and Conditions and Actions screens.