Jump to Content
Chrome Enterprise

Chrome Insider: Managing BeyondCorp Enterprise's threat and data protection capabilities in Chrome

May 6, 2021
https://storage.googleapis.com/gweb-cloudblog-publish/images/Managing_BeyondCorp_Enterprise.max-2600x2600.jpg
Fletcher Oliver

Chrome Enterprise Customer Engineer

Learn more about Chrome Enterprise Core

Powerful and flexible management capabilities both in the cloud and on premises, at no additional cost.

Learn more

Google's BeyondCorp Enterprise recently launched, offering organizations a zero trust solution that enables secure access to applications and cloud resources with integrated threat and data protection. These threat and data protection capabilities are delivered directly through Chrome, so organizations can easily take advantage of our web-based protections. 

Due to BeyondCorp Enterprise’s agentless approach utilizing the Chrome browser, these capabilities are extremely easy to adopt and deploy. The solution is delivered as a non-disruptive overlay to your existing architecture, with no need to install additional software, clients, or agents. Threat and data protection features in BeyondCorp Enterprise help prevent web-based threats such as malware, phishing and social engineering. Additionally, because BeyondCorp Enterprise leverages the browser, users are able to support different operating systems, meaning you can use things like file scanning, Data Loss Prevention (DLP) rules, and security alerts regardless of whether you operate on Windows, Mac, Linux or Chrome OS. 

The administration of those capabilities is directly integrated into Chrome Browser Cloud Management, a no-cost cloud-based solution that provides enhanced visibility, reporting and management of Chrome Browser. Below we’ve covered threat and data capabilities your organization can use with Chrome and BeyondCorp Enterprise and how they work:

Protect Chrome users with BeyondCorp Enterprise threat protection

With BeyondCorp Enterprise enabled through Chrome Browser Cloud Management you can protect against threats such as malware and phishing for your Chrome users as they download and upload files. 

Imagine one of your users is downloading a file found on the web to reference for an upcoming presentation. Or maybe they are uploading a file to a sharing site that they have never used before. In each of these scenarios, BeyondCorp Enterprise provides three layers of protection:

  1. First, BeyondCorp Enterprise uses real time URL checking against Google Safe Browsing to determine if it is malicious or a phishing site. 

    1. If the site is deemed to be unsafe, you can configure the upload/download to be blocked or to log the activity.

  2. If the site is deemed safe, the verification continues by examining the file’s metadata.

  • The file’s binary strings, hashes, certificates and file signature are analyzed for the presence of malware by Google Cloud.

  1. If the file is verified to be safe by Google Cloud based on the metadata, the user can proceed. If the file fails the verification, additional actions can take place where the file can be blocked or sent securely to advanced sandboxes in Google Cloud to execute the file and determine its authenticity. During this process, the file can be delayed until checks are completed or released right away with the verification occuring in the background. These actions are determined by the administrator and can be configured accordingly.

  2. After all these checks, if the file is still found to be safe, the file can be successfully downloaded or uploaded by the user. If not, the download/upload is blocked to protect your user and your internal site. 

Protect your data with BeyondCorp Enterprise data protection in Chrome

This capability prevents sensitive data from being uploaded, downloaded or pasted from a user's clipboard into a web form. Here is a workflow demonstrating this:

https://storage.googleapis.com/gweb-cloudblog-publish/images/BeyondCorp_Enterprise_data_protection.max-1400x1400.jpg
Click to enlarge

Using BeyondCorp Threat and Data Protection, you can integrate Data Loss Prevention (DLP) features to use with Chrome to implement sensitive data detection for files that are uploaded and downloaded, and for content that is pasted or dragged and dropped.

Data protection features work by creating rules that trigger actions to happen. These actions include blocking data from being uploaded/downloaded/pasted and/or logging activity details. 

This capability provides 90+ different preconfigured content detectors to trigger actions based on certain types of data, but you can also define your own custom detectors. If you are a Google Workspace customer, you may be familiar with this data protection engine as it is used for data protection in Gmail and Google Drive. 

Give it a try

BeyondCorp Enterprise was built to provide an easy to use experience for both end users and administrators. All of the settings in Chrome Browser Cloud Management are configurable to provide the user experience that you desire, and for your analysts, log reports can be easily accessed and viewed within the Security Dashboard in the Google Admin Console.

https://storage.googleapis.com/gweb-cloudblog-publish/images/Security_Dashboard.max-1100x1100.jpg
Click to enlarge

With BeyondCorp Enterprise and these Chrome features, you can improve your security posture and provide a seamless experience for your workforce. 

Looking to learn more about BeyondCorp Enterprise and Chrome? Tune into Google Cloud Security Talks on May 12, 2021, or watch on-demand.

And for step-by-step instructions on how to set up BeyondCorp Enterprise in Chrome Browser Cloud Management, check out this demo video. For additional information on the BeyondCorp Enterprise threat and data protection features available in Chrome, view this video.

Posted in