Description
Track the security posture & activity of users (e.g. MFA, logins & inactivity) and their mailbox rules (e.g. forwarding).
Requirements
Admin access to the Guardz portal.
The Process
Clicking on the Home icon in the left menu, and then the Cloud Posture pie slice will bring up the Cloud Posture issues.
Guardz will report on
- Any accounts lacking MFA.
Detects lack of MFA for users & admins, exposing a critical vulnerability in identify & access management and reducing the security posture. - Any suspicious logins.
Guardz detects unusual login attempts, signaling potential security breaches & prompting immediate measures to safeguard account integrity. These are generally location based. Initially all logins are suspicious until the location is added to an allow list. - Suspicious mailbox rules.
Guardz detects suspicious mailbox rules that could automate data exfiltration to external addresses & other methods facilitating unauthorized data access. - Inactive users.
Guardz continuously monitors user activity to identify inactive accounts that may lead to uncontrolled or unauthorized access. An inactive user is one who hasn't had any login for 30 days.
Remediation of these issues is manual, however Guardz will provide step by step instructions on how to remediate the issue.
For example, to remediate a Google workspace MFA account not having MFA: