Skip to main content
McAfee MVISION Cloud

About MVISION Cloud for Google Drive

MVISION Cloud for Google provides a way for organizations to use existing enterprise data loss prevention (DLP) policies and extend them to G Suite, reinforcing compliance and security requirements by providing another layer of control for data stored in Google Drive. 

MVISION Cloud continuously monitors an organization’s Google Drive accounts for file activity and processes those documents using the MVISION Cloud DLP policy engine, an on-premise Enterprise DLP policy, or a combination of both. This is triggered by file activity and generally occurs within 10–15 seconds depending on bandwidth constraints, network latency, and file size.

 API-based Activity Monitoring and Threat Protection for Google Drive is based on logging event name activities (found in https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/drive-event-names).

How it Works

MVISION Cloud monitors Google Drive for content changes. As employees add/modify new files in Google Drive, MVISION Cloud scans the files against DLP policies.

If a document contains information that violates a DLP policy, MVISION Cloud quarantines or tombstones that documents (depending on the DLP policy). Quarantined files can be released or deleted directly from the dashboard. 

If MVISION Cloud Connector has been installed, a list of Google Drive files that need more examination by the on-premise DLP solution is sent to the on-premise Cloud Connector. Cloud Connector downloads the documents directly from Google Drive, and forwards them to an Enterprise DLP policy engine using an ICAP protocol.

Admin-Level Activity Monitoring

In addition to activities users perform, G Suite Admin activities are also monitored and added to Threat Protection. The following Admin activities are included:

Activity Name Activity Category Threat Categories
login_success Login Success Compromised Accounts
login_failure Login Failure Compromised Accounts
login_challenge Service Usage Compromised Accounts
logout Service Usage Compromised Accounts
All Admin Activities Administration Privileged Access

 

Learn more about these activities in Google documentation: 

  • Was this article helpful?