Gmail Security: Advanced Security Features to Protect Your Organization (Cloud Next ’19)
Articles,  Blog

Gmail Security: Advanced Security Features to Protect Your Organization (Cloud Next ’19)

Welcome, everyone. I’m Nicolas Kardas. I’m a Product Manager
for Gmail Security. And my colleague
is Nicolas as well. NICOLAS LIDZBORSKI: Hi
I’m Nicolas Lidzborski. I’m a Technical Lead working
on Gmail and G Suite Security Engineering. NICOLAS KARDAS: So welcome
to the session, CP211, Gmail Security, on
advanced security features. And thanks to all of
you for being here. I’m going to switch slides. So I looked at who came
today, and I saw a lot of you are responsible for security
within your organization. So you’re basically the
heroes of your organization because protecting users is one
of the most important things these days. It’s a top priority
for business because, of all the issues
that you’re all aware about, like business email
compromise, phishing attacks, and others. So G Suite protection
starts with Gmail. And why Gmail? Why email? Because email is actually
one of the easiest vectors to reach the
largest number of people. So in this presentation,
we go through three different sections. The first one being advanced
phishing and malware protection. The second one would
be about encryption and what Gmail is
doing to better protect email on transit. And the third one would be
around right management, information right management
that we provide to users. So we leave time at the end for
Q&A if you have any questions. So starting with
Gmail and phishing. Phishing has been
around for a long time. It used to be pretty
straightforward to detect phishing attacks because
the emails were not very difficult to identify. There were typos and
things like that. But phishing has
evolved quite a lot. Malware, also something that
is distributed primarily via email. Two thirds of malware
come from email. And enterprise corporate
account of users receive, on average 4.3
times more malware via emails than regular consumers. So corporate accounts
are much more targeted. Another category of attacks
are around data breach. It can be either via users
unintentionally making mistake and leaking
data, or it can be also the attack to the
corporate infrastructure. And one category
of malware where we’ve seen large growth–
and these numbers are not from Google. These are public numbers from– I think the notes are
at the bottom right– from Verizon and other studies. But ransomware is
a type of malware. I’ve seen huge growth
over the last few years. There’s been a lot
of news about it. And it cost businesses
billions every year to address this issue. So that’s really a
category of malware where we’ve seen
a lot of growth. So what is Google
and Gmail, what are we doing to protect you? Gmail uses machine
learning technologies that are developed across
Google and apply that to fighting phishing attack. When you use machine
learning, one of the information that we
need you need to train models is ground truth. And because Gmail has
over 1.5 billion users, we have a lot of ground truth
coming from users and feedback loop, which helps us improve
our models and train our models. It’s also Gmail– it was last
week Gmail’s 15th birthday. So Gmail has experience now
on fighting spam, phishing. And from the beginning, Gmail
was one of the first services to really focus
on spam detection. Here are some
numbers I’m not going to go through each of them. But as you can see, the
numbers are pretty large. Every minute, just
as an example, 10 million spam
messages are blocked from being delivered
to the user’s mailbox. So it’s really a
business at scale. And this slide is
about early detection. There are two ways to– the better we are
detecting– and this is what Nico is
going to talk about– and avoiding delivery in the
mailbox of bad emails, the less remediation there
for businesses. So focusing on
improving detection is the top priority for us. I already mentioned
that earlier, the self-learning models. So that’s something that
Google is investing a lot on. And we have a mix of heuristic
and self-learning models. Over time, we are
doing more and more on the machine learning side. And we’ve seen really,
really big improvement in the quality of detection
by using machine learning. And as I mentioned,
the technologies have been developed across
Google in different businesses. For example, we use machine
learning for image analysis to recognize logos or
fake logos into images. This was developed by
other teams within Google. And we’re using that in
Gmail to improve detection. And the last bullet,
the last part there is personalized for you. As an example, for spam, not
everyone is going to find– for a given email,
it’s going to be considered spam for a certain
user and not spam for others. So we need to have models that
are personalized for each user. Because spam doesn’t
mean the same thing for everyone, and not all
emails are spam for all users. It’s different for phishing
and really malicious messages, which don’t have
to be personalized. But spam is really a
category of messages where personalization
is very important. So what is phishing? Now, we are going to talk a
little bit about phishing. Phishing is basically
a fraudulent attempt to obtain sensitive
information by disguising as a trustworthy entity in
electronic communication. So today, phishing is
one of the major attacks used on the internet. And why phishing vessels
other types of attacks? One of the things is phishing is
relatively simple for attackers to use compared to malware. Creating a malware,
an application, can be much more complex,
or scripts inside an Office document or something like that. But phishing is pretty
straightforward and easy to do. The second way is scalability. With phishing sent by
email, your attacks can be very scalable. And the last one is
return on investment. It’s sort of a result of
the previous two, simplicity and scalability. These days, attackers are often
people who try to make money, and they look at the ROI. If it costs them too
much to do an attack, they are not going to
spend their time on that, and they are going to
use another vector. There are exceptions,
like with state sponsored attacks, but
don’t do that for money. But for the large
majority, things like ransomware and
others, the people, the attackers, what they
want is to make money. So the harder their life
is to do the attack, it reduces, basically,
the risk of them using that vector for attacking. So phishing. These are just a
screenshot of a newspaper. But it has evolved over time. When it started, phishing
was pretty easy to detect. It was not targeted at all. Today, non-targeted phishing is
still the majority of phishing. But we see more and
more– and it’s growing– targeted phishing. And the way attackers do that is
they are going to, for example, look at a company and do some
research about the company. What are the suppliers
of this company? What are the other companies
this company makes business with? And they are going
to do phishing by using the name of a supplier
or something like that. They would do spoofing. These are much more
advanced attacks that are smaller scale, so
more difficult to detect. And that are much more
effective because people are not as cautious when they see
an email coming from someone who is a supplier, for example,
or that fakes to be a supplier. So these targeted
attacks are much, much more difficult to identify. But we have
technologies for that. And now I’m going
to have Nicolas provide some insight
about phishing and what we do for phishing. NICOLAS LIDZBORSKI: All right. So today we’re
going to go mostly about credential phishing
now, as it’s the most prevalent form we have seen. The reason for the
popularity of these attacks is basically that
phishing attacks make it really easy
for an attacker to ask the victim all
the relevant information for successful hijacking. You can ask for username,
password, additional information, and some
victims are going to answer. So this vector, despite being
one of the easiest to pull off, is also one of the
more successful ones. So a couple years ago, we
studied the different type of attacks that are
phishing on internet. And we published a paper
how we reveal that– our discovery was the
victims of phishing are actually much more
successfully hijacked afterwards than the victims of
other major hijacking vectors, like keyloggers or
credential leaks. It’s back to the point that
phishing allows the attacker to get all the
information they need to access the target system. So phishers try to make it
very difficult to pin down. They try different
methods and move forward. So they know that
window of vulnerability is actually very small. Like, they are
reported very quickly. And then the attack
will stop to work. So what they are doing? They are trying to go very
small in a short period of time. And then they are going to
switch to a different attack before the defense mechanism
has opportunity to catch up. So we know that the median
number of phishing emails in campaign is only 250 emails. So the half life of a
campaign is only 12 minutes. So the defense here needs to
be extremely fast and reactive, to be able to handle this. So we’re going to go over the
different phases of phishing attack, as well the
protection we provide. We generally can
categorize the components that need to fail for a
successful phishing attack are first, email service. It needs to basically
let the email go through and not provide enough
information to the user to prevent it. Then the phishing
website is going to gather the credentials. And finally, the
stolen credentials are going to be used
on the target website. So the first attack, Gmail is
going to be here to defend you. We have a machine system
as well as extensive UX to help users defend themselves. Then the Chrome browser
is going to provide the additional protection
against phishing website. And finally, we’ll go over
security keys [INAUDIBLE].. So to understand the
many opportunities the defense has
here, we’re going to go over the lifecycle
of phishing email. So the first element
is the one everybody is very comfortable with. It’s the delivery. Everybody is aware
of email delivery. It comes to SMTP. At this stage, that’s when
you have a lot of mail filters that’s going to catch,
immediately or not, the attack. So at Google, we use a
wide array of techniques to actually distinguish
good email from bad ones. The techniques here range
from reputational analysis, where we are going
to just understand the sender, message
header, understand what email comes from. Then we have content
understanding, where we’re actually going
to go through the content, and our systems are
going to determine whether something is risky in
the content of the message. And finally, we have clustering. Clustering are an
array of techniques that groups familiar behavior
and finds patterns of [INAUDIBLE]. So the first one
of the techniques is feature reputation. It’s a fairly straightforward
reputation technique. It’s similar to
blacklisting of bad actors. And then we have observation
of previous bad behaviors, as well as a ranking on them. And we are going to use that
to identify what is wrong. We identify like IP address. Are they a cluster
that are known as bad? Subnets, AS number,
domains, URL prefix. And this provides
very direct feature to know that something is bad. We also have feedback loop
of users helping us there, both to mark things as
bad, as well as mark that things are not bad. And sometimes, in the
case of IP address, we want actually to end up
whitelisting them so they are not blocked forever. The next element is
content understanding. Specifically, understanding the
content of message for system to be able to
identify something is similar to known
good or bad pattern. So we’re using text and
image similarity detection to enhance all different
systems and identify spoofing. In this case, you
can see we identified text looking like
Google, or images that look like Google logo. And we can use that to
notify that something is suspicious down the system
that will reject or not email. Finally clustering. Clustering is absolutely
critical nowadays. And AI is really enabling
Google to efficiently protect billions of users today. We used a different technique. And we have been
early adopter of AI. We have multiple layers of
linear regression models, as well as neural networks. And those multiple
techniques are allowing us to have
extremely efficient model to separate the good
from bad traffic. So now that we are done with
delivery, it’s not over. One very important concept here
is the temporality of emails. You get delivery, but you’re not
opening the email right away. And it is additional
time you can take advantage of to provide
additional defenses for users. So syncing time is basically
when the email is synchronized from storage into your client. This opportunity–
first, we have eliminated most of the
phishing during delivery. It’s only a subset now. And we are going to add
additional information in the message to allow
the client to display the right information to user. In particular, for elements
that are suspicious, we are going to let some
information flow through. So we know that. We’re also providing
synchronization of the content to ensure that the content
will render similarly on multiple clients. So people cannot have selective
content in one account versus the other to hide attacks. The next stage is message open. At this stage, the email
is opened by the user. If you have suspicious
element in the message, we want to provide them
as clues to the user. The machine learning system,
the automated detection was not able to provide
a verdict that was bad, but we may know that
something is suspicious. And this is a really
critical opportunity to help users defend themselves. So Google had security
warnings in Gmail for extremely long time. However, as part of
the Gmail redesign we worked on last year, we
worked extremely closely with user experience team
on the security aspect of warning banners. The new warning banners
are extremely bold and with a clear call to action. So for risky messages, we
even disable capabilities such as links and attachments. And this had a huge impact
on reducing interaction with malicious emails. Time is of the essence here. And we can actually benefit
from constant evaluation of bad sites by the attachment
and reclassify content. Even after the message
came to an inbox, it is possible to change
our opinion of it. We may have some
new data that tell us this is actually dangerous. And we can modify the banner. So we are never just
delivering the email and forgetting about it. Instead, we are constantly
monitoring afterwards. So user benefits from new
rules, new model, and they focus on user safety. So a real example
of that is something we launched very recently, which
is outbreak wanting banners. Basically, if an employee
of your organization is reporting an
email as phishing, we are going to propagate
quickly that information across the organization. And similar emails will be
very quickly labeled as such, preventing a widespread attack. So after we have message
opened, the next element of the phishing flow is
actually link clicking. In that case, that’s
when the attacker is going to redirect the user to
a phishing website [INAUDIBLE] for instance. So here, we provide
real time check, which means that we do an
additional check of phishing links. When you click on the
link, it goes technically to a redirector Gmail that will
analyze, again, the latest Safe Browsing definition for phishing
as well as malware site. The point here is to be the
most up to date possible. Another vector for
phishing attack is reply. People are going to ask for
information by an email. And sometimes people
will fall for it. So a protection we added here
is defenses on lookalike name inside the domain. If someone is pretending to
be someone in your domain, we’ll be able to let you know
that the name is confusing and you need to be
very careful about it. We had a vast array
of phishing attacks that pretended to be
the CEO contacting people in the company. And this is what this
defense is targeted at. So in addition, we
provide a vast array of additional controls
for domain administrator to improve the defenses and
select multiple techniques that will defend the user. So Nicolas is now going
over malware protection that we offer to our users. NICOLAS KARDAS: So for malware,
we also, like for phishing, have a multi-layer approach. So we do use many
AV engines, and we are running [INAUDIBLE]
for all these AV engines. So when you use
Gmail and G Suite, you’re protected by
many antivirus engines. So that’s one thing. The second thing is
we block attachments that are not trusted. So we block executable in Gmail. So you can’t send
executable by email. Or we block attachments that
are encrypted and with scripts. That’s an option you
can disable as an admin. By default, it’s off. But that’s something that you
can enable in your domain. It really depends
on your companies. And the third one
is 0-day protection. So if the malware
already known, they will be caught by the
default AV engines. But for new malware, for the
ones that are created today, they’re basically not
listed yet on the AV engine. So what we do is we do a mix
of static and dynamic analysis. So we look at the
script inside the file and we evaluate the level
of risk for these scripts. So this is a
technique that proves to be quite effective for
detecting 0-day malware. Another thing that we do and
that we are launching in beta tomorrow– so that’s the news– is Security Sandbox. So for files that are
potentially at risk, we open them in
virtual machines and we look at what they do in
the operating system. And based on that, we decide
to block the file or not. We do that for all users
based on the risk associated with the file. And if you use the
Enterprise Edition, we do that exhaustively
for all your files that are not already caught
by another antivirus. So you get, basically,
100% of your files scanned that way if you’re using
the Enterprise Edition of G Suite and if the file
hasn’t been already caught by an antivirus. Another thing
created to malware, to protect against malware
on the end user side, is when you use Gmail,
when you open a file, it opens as preview in
Gmail, as a preview. The result of that
is, in most cases, the users don’t have to download
the file on their computer and open the file
from their computer. So by previewing
a file in Gmail, it eliminates the
risk associated with that file of script
running and things like that. So it’s completely safe to
open the file in Preview mode in Gmail. So that’s for
phishing and malware. We’ve covered the section,
Phishing and Malware in Gmail, the
detection in Gmail. Now I would like to talk about
the detection of phishing website with Chrome. As Nicolas mentioned earlier,
it’s really a layered approach. So in Chrome, what consumers
see today is that when you get to a page that is known
by Chrome and Safe Browsing to be malicious, there is a page
like that that warns the user. It’s available for
consumers as well. But as a consumer, you still
have the ability to go further. What we provide is
we have a policy. Admins can decide for
the users of their domain to block users and
prevent them to go further if they try to
visit a page that is known to be a malicious page. So that’s something that is
managed for group policy. And you can also
use Active Directory if that’s what
you prefer to use. Another thing that we provide
is password detection. So here is an example
of a video displaying. A user goes to a travel site
and uses his corporate password to log in. And what happens is
that Chrome detects that the user is trying to use
a corporate password to log in to a site that is a
public internet site and blocks the user from it. And then the user is forced to
change his corporate password. So that really
provides protection because the same password
being used on multiple sites is a known source of risk. Because if your
corporate password is on a site that
then gets hijacked, the attackers of
that site are going to have the credentials
of the users. And they are going
to be able to log in to the corporate
account of these users. So password alert is a
policy of Chrome browser that IT admin can use it to
protect corporate account. And corporate account can be
both Google and non-Google account. So the last part is
about account protection. So two factor
authentication is better than just one factor, just
regular credential, email and password. But something to keep in mind
that two factor authentication with a passcode, whether
it’s a passcode given by an app running on your phone
or an SMS that you receive, is vulnerable. So if we look at this
example, imagine the user here logs in with his credential
email and password and there is a man
in the middle here. The man in the middle is
usually not a real person. It’s a proxy. So everything is
done automatically. So the person here
is trying to log into a site, the right
box here thinking that’s a legitimate
site on the right side. And he enters his
email and password. The man in the middle
does the same and logs in. And then the user
enters the passcode that he has to log
into a site, enters it. The man in the middle
catches it and is able to log in to
the legitimate site. So what we’re seeing is we
are more and more open source toolkits available for
an attacker to easily do this type of attack. Although it’s
better than nothing, second factor with
passcode is vulnerable. So what we use at Google,
and what more and more G Suite customers are now
using, is the security keys. And the way securities work is
imagine the lady here logs in with her email and password. And then, instead of
entering a passcode, it’s basically the
security key that sends a passcode to the site in
the middle, the malicious site that is supposed to
send the passcode. But the security key sees
that is not the real
and is not going to send this authentication. And as a result of
that, the authentication is going to fail. And the man in the
middle will not be able to access
the legitimate site. So security keys, we
use them at Google. Since we’ve used them, we
haven’t had any hijacking successful at Google. So it’s really very effective. And it’s also affordable. The price range is
between $20 to $50, depending on the
model, US dollars. Compared to the price of a
computer, it’s not a big cost and really adds a
lot of security. So we really recommend
that you consider using it. So I just talked about it. And now I would like
to talk a little bit about what is available for
administrators, basically. Our approach on security
for G Suite and Google is to provide
simple tools for you to configure, to tune the
security that we provide by default. We want users
to be safe by default even if you do nothing. But if you want to tune the
security, it should be simple. So here is the example of
a screenshot of something called Security
Centers, where you can get analytics and
security best practices, as well as some
security investigation. You look at charts,
drill down into the logs, and do all of that from a
simple user interface for admin. We also provide
control to fine tune the security, the phishing
and malware protection. Some examples. I will not go through the list. If you go to the
Admin console, it’s available to all
editions of G Suite. And you can look at the
breadth of the controls. But some examples
are protections against an encrypted
attachment that are sent by untrusted
senders, or protection against anomalous
attachment type of emails. An example of that is
you have your company, and you receive a file
type, the type of file. One of your employees
receives a file that no one in your
company ever receives. So it may be legitimate. But most likely, there
is a high likelihood that there is a risk
associated with it. So the admins now have
the ability to say, when a file like that comes,
move it to quarantine. So we apply intelligence and
we do analysis to identify, for each domain,
what are the file types that are very uncommon. And it’s possible to add
whitelist for admins. But most of the work
is done for you. So all you have to
do is check a box. We also provide spoofing. Nick will talk about it. And additional protection like
looking behind shortened links or looking inside
images to see if there are logos that are being
used for phishing purpose. So it’s a lot. So as a summary– and I won’t go through
each and every box here because Nicolas
covered most of it. But in summary, for
Gmail, what do we do? We provide different layers of
protection via Gmail, Chrome, and security keys for account
protection against hijacking. We use a breadth
of technologies– clustering, machine
learning models using thousands of features, we
use computer vision for images, do static or dynamic analysis
of attachments and Security Sandbox that I mentioned. One of the differentiators
of G Suite is the breadth. We have 1.5 billion users,
and they report feedback. And we have a very large number
of users on Chrome as well. So all of this data
that we receive can help us train our
machine learning models to be more effective. Another thing here is what
Nico mentioned earlier, is making the best use of time
by checking at click time, for example. Time is really
critical for detection because the more time we
have, the more signals we have coming from
antiviruses, from users reporting phishing messages. So by doing things like
checking at click time, it increases the chance of
catching malicious link. And also the
enterprise protection that I mentioned earlier. So now, Nico is going to talk
about what Gmail is launching soon to increase safety of
email in transit, in encryption. NICOLAS LIDZBORSKI: All right. So very important
topic for us had been how to protect email at
scale going over internet. So Gmail has led a
very big scrutiny on email protection in transit. Basically, encryption
of SMTP in transit has been an afterthought
of email protocol. And we invested extensively
to actually make people understand where
there’s improvement to be done. So in 2014, we
launched a dashboard showing people the reality
of the situation, where you had 3/4 of the
emails reaching Gmail that was
not encrypted when it came from other provider. This actually led to a
big increase in encryption in transit. Then, in 2016, we added
an indicator in Gmail showing users, when
they receive email from sender that
sent clear text email and did not care as much
about their security. However, it doesn’t
change the fact that the SMTP protocol itself
is doing opportunistic security. Basically, when you
send an email, when Alice is trying to
send an email to Bob, email used to be
totally clear text. Then STARTTLS was
added in 1999, which offered an opportunistic
encryption, which means if both ends agree
on supporting encryption, they will encrypt the transit. Sounds great. However, an attacker can,
at any point in time, do an active man-in-the-middle
attack against the traffic and basically break encryption. So attacker can just place
themself in the middle. They can just break the
capability detection of the service, and the
traffic will go clear text. And the attacker can
actually listen to traffic. So over the last
three years, we have worked within the
IETF standard body to build a new standard
for email in transit. And we have amazing
work from Google, as well as other
large email providers, and the internet
community at large. And we’re very
excited to announce that Gmail is going to
become the first major email provider to follow the
new MTA-STS, as well as TLS reporting standards. So I’m very proud that my team
actually designed and built the first large scale
implementation that is coming to you starting tomorrow. So the MTA-STS is basically
offering the recipient domain the ability to specify a
policy so that the sender that supports MTA-STS will verify
that the SMTP connection is properly encrypted, as
well as authenticated with a valid public certificate. This is combined with
TLS reporting, which will send a daily report
to the recipient domain for email transit encryption. And the issues will
actually be reported. So this standard is
the first big step of enforcement of security in
transit on internet for email. So in practice, how
does it look like? In this case, the
SMTP sender is going to actually read the policy
set up by the recipient domain. And the sender will
refuse to deliver email without valid TLS and
trusted server certificate. In this case, we can see
if only the sender is not able to communicate
in encrypted manner with the recipient that has
that policy specifying always encrypt, the email would stop. Additionally, the
reporting sender will actually send a report. And the report will contain
information about the failure. So this reporting
looks like that. It’s basically JSON file that
explains exactly what error was observed. And this is deterrents
against anybody who will try to do
interception– not only attempt for interception
of email traffic is going to be prevented. It will also be reported. So why do you need this today? The immediate benefit
you can have today is for yourself to set the
policy for your domain, which means anybody using a
standard stack supporting MTA-STS will actually be able
to have the email encrypted. There’s no guaranteed way. You can also contact
all your partners and ask them to set up a policy. And then, as you’re
sending using Gmail stack, you will actually
have your email protected like that in transit. So again, this is
launching in beta tomorrow. So please check G
Suite update then. And Nicolas is going to go
back on how you can protect sensitive content in email. NICOLAS KARDAS: So we provide
a product, a feature in Gmail called Confidential Mode. And what it does, it provides
basically a right management for email with content
expiration and two factor authentication. We launched this
feature for consumers with the new Gmail last year. And we’ve waited to
launch it to Enterprise. And we launched it in beta
earlier last month, actually. Because we wanted to complete
the integration with Vault for e-discovery for Enterprise. We wanted the
product to be ready. And so what is Gmail
Confidential Mode? Basically, the way it
works is at the time you’re sending an
email, it strips out the content of the body of the
email and replaces by a link. And the email goes over
the internet with the link. And the content itself
stays in your mailbox. So the recipient on that
email, to view the content, will get the content
via HTTPS at view time. So the content will
never physically be in the recipient mailbox. One benefit of that is– and you can request
for authentication of the recipient, that the
recipient gets a passcode by SMS. The value of that is if
the mailbox of a recipient, for example, is
hijacked, the recipient who has hijacked the mailbox,
if there is SMS verification, will not be able
to get the content. Because at the time the
SMS will be requested, it will go to the real
owner of the mailbox. Another advantage of that is
the content transit over HTTPS, which is a secure channel. And you also have the ability
to make content expire. So if you want to send
content to someone but the person doesn’t get
access to content forever, it’s also possible. So we provide for this
feature, as I mentioned, the feature didn’t launch
at the same time as consumer because we wanted to build this
integration with Vault. It’s possible to set up Vault
policies of retention and export on the
recipient mailbox. And if the content is
sent by someone within your organization– so you
have access to the content of the sender’s
mailbox as well– you’re able to set
this policy, basically. And if you do not want,
for whatever reason, to receive Gmail
confidential email, you can always use DLP
rules to block this content. You have full control on that. So to summarize what
we covered today, because we covered quite a lot. One of the things is I hope
we managed to convince you that G Suite really
has, as a top priority, to make communication
secure and using email as secure as possible. That’s a top priority for us. And what we want is that
users are safe by default. That’s our top priority. The second thing is we– what Nicolas just covered,
enhancing protection as well on transit. And the last thing
is helping user protect the content
by playing policies right management into email. These are the three takeaways
of the presentation today. And we have a little
bit of time for Q&A. That’s a quote from one of our
customers, the city of Boston, that has seen great
results by using G Suite. And compared to their
prior system for security, they’ve seen a big upgrade. [MUSIC PLAYING]

One Comment

  • Chip Dolce

    While I appreciate the video, why then do you charge extra for an administrative 'investigation tool' that is VERY helpful in mitigating known phishing attacks or malicious e-mails that have been delivered to users? As an g suite admin, I have NO ability unless we pay-to-play. Being a small PreK-12 school district, I think this is very short-sighted on Google's part to pick this functionality as the place you decide to charge money.

Leave a Reply

Your email address will not be published. Required fields are marked *