Notification

Duet AI is now Gemini for Google Workspace. Learn more

Monitoring for insider risk and data loss

Insider risk monitoring is available only for customers who have purchased BeyondCorp Enterprise.

Insider risk monitoring adds to the security dashboard four reports that summarize content transfer activity:

These reports help you identify unusual activity and risky behavior. They report on activity using Chrome browser on Windows, Mac, Linux and the Chrome operating system. Other platforms are not supported at this time.

Note: The insider monitoring reports do not include activity in Incognito windows. For information about how to prevent users from opening new Incognito windows, read about the Incognito mode setting.

Configure insider risk and data loss monitoring

To enable insider risk and data loss monitoring, an administrator must have and assigned BeyondCorp license. Click the View details & enable link in the Monitor data leaks and insider risks box on the Admin console home page. Review the details about the security protections involved with insider risk and data loss monitoring, then click the Enable button. 

Enabling insider risk and data loss monitoring automatically enables these enhanced Chrome security protections for users with the BeyondCorp Enterprise license assigned:

  • Chrome security event logging records user activity in Chrome that may be relevant from a security perspective, such as Content unscanned, Unsafe site visit, or Password reuse
  • Chrome data insights scanning and reporting initiates review of uploaded, downloaded, and printed content to check for sensitive data
  • Chrome Enterprise connectors perform the data review for up to 50 MB of content
    • Upload content analysis scans uploaded files for sensitive data and malware
    • Download content analysis scans downloaded files for sensitive data and malware
    • Bulk text content analysis scans large blocks of pasted text for sensitive data when a Data Loss Prevention rule is defined
    • Print content analysis scans printed text for sensitive data
    • Real time URL check scans accessed URLs in real time to protect users against dangerous sites, based on the Safe Browsing Protection Level setting
    • Sensitive data analysis can be expanded by creating Data Loss Prevention rules

These protections are enabled for the entire organization, that is, they are enabled at the root organizational level.

You can customize insider risk and data loss monitoring by changing which organizational units it applies to or updating the configuration; for example, you can limit which security events get logged or prevent certain files from being sent for analysis or downloaded.

Chrome security event logging
  1. Your current account, , might not have permission to do these steps. To continue, make sure you're signed in to an administrator accountLearn more

  2. In the Admin console, go to Menu and then Devicesand thenChromeand thenSettingsand thenUsers & browsers.
  3. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  4. Go to Browser reporting.
  5. Next to Event reporting, select Enable event reporting.
  6. (Optional) Configure additional settings. Choose the reported event types that you need, based on what type of content you want to send for analysis. For details, see Chrome audit log.
    • Default event types—Chrome threat and data protection events include malware transfer, password reuse, and unsafe site visits.
  7. Click Save.
Chrome data insights scanning and reporting
  1. Your current account, , might not have permission to do these steps. To continue, make sure you're signed in to an administrator accountLearn more

  2. In the Admin console, go to Menu ""and then"" Securityand thenAccess and data controland thenData protection.

  3. Under Data protection insights setting, make sure that Data protection insight scanning and report is ON.

If you change the Data protection insight scanning and report to OFF, it pauses production of the new insider risk monitoring reports. When you turn the setting back on, the reports will be available in a day or two.

Chrome Enterprise connectors

For details about configuring how Chrome connectors review content, see Set Chrome Enterprise connector policies for Google BeyondCorp Enterprise

Related topics

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
7306893856569591055
true
Search Help Center
true
true
true
true
true
73010