Google's Advanced Protection Cybersecurity Now Available to Nest Users

Google | June 04, 2020

  • Google's had an extra-high level of cybersecurity that can be applied to people's accounts if they're particularly at risk of malicious hacking attempts or online attacks.

  • Google account signed up for both the Advanced Protection Program and for use as a Nest account in your smart home.

  • Nest devices and the Advanced Protection Program at the same time, tying up a feature that's apparently been heavily requested by the relevant users for some time .


Here's something you might now know - for a while now, Google's had an extra-high level of cybersecurity that can be applied to people's accounts if they're particularly at risk of malicious hacking attempts or online attacks. This covers professions like journalism, politicians, activists and election workers, among others, and has been around since 2017, giving people extra layers of security to ensure they're safe from attacks. It limits access to your Google accounts and services more rigidly than otherwise, to make sure that unauthorised processes can't get access. However, until now it's had a slightly annoying drawback. Namely, you couldn't have your Google account signed up for both the Advanced Protection Program and for use as a Nest account in your smart home.


Now, though, a blog post from the security team at Google has confirmed that users can use both Nest devices and the Advanced Protection Program at the same time, tying up a feature that's apparently been heavily requested by the relevant users for some time. That makes sense, at it's always annoying to be locked out of mutually useful services, not least when cyberattacks on people and organisations' smart devices are becoming more and more prevalent. Google has been beefing up security for its Nest devices in the last few months, leading up to this change, including the addition of reCAPTCHA verification layers to make it harder to people to spoof logins. All of which should hopefully serve to reassure anyone worried about security risks from their smart home.



Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

The scheme has been expanded to include additional Google services, including GSuite, the Google Cloud Platform, and the Chrome browser. In March, the tech giant expanded APP to cater to Android devices.

~ Google


The Advanced Protection Program was originally introduced to provide an additional layer of security for Google accounts considered to be at a higher risk of compromise or cyberattacks, such as those used by journalists, lawyers, political figures, and civil rights group members. Over time, the scheme has been expanded to include additional Google services, including GSuite, the Google Cloud Platform, and the Chrome browser. In March, the tech giant expanded APP to cater to Android devices. Previously, users were not able to connect their Google accounts to the APP program and Nest home devices at the same time. Seamless integration, therefore, has been constantly requested by users, the executive says.

Google's APP-Nest integration follows reports of vulnerabilities in Nest security cameras and device hijacking, including a case in Wisconsin involving a couple reportedly subjected to taunts made by a hacker through their Nest camera .


Google's APP-Nest integration follows reports of vulnerabilities in Nest security cameras and device hijacking, including a case in Wisconsin involving a couple reportedly subjected to taunts made by a hacker through their Nest camera. The introduction of the Advanced Protection Program to the Nest family also builds upon recent changes made by Google to try and bolster the security posture of its products. Google has already rolled out login notifications to Nest users to warn them when a login attempt has been made, and back in February, the tech giant rolled out two-factor authentication (2FA). Anyone that has not enrolled in the scheme or moved their Nest account to a Google account will need to perform extra security checks via email. reCAPTCHA Enterprise was also recently integrated with Nest accounts to mitigate the risk of credential stuffing attacks, in which stolen or easy-to-guess credentials are automatically applied to devices in order to hijack them.


When passwords are changed on Nest products, Google now also performs a search on behalf of users to see if they have potentially been exposed in third-party data leaks. Earlier this year, Google rolled out several new security features to Nest, including requiring two-factor authentication for users who had yet to migrate their Nest accounts to Google accounts. To enroll in Advanced Protection, users need two physical security keys — a main and a backup — and a phone running Android 7 or higher or iOS 10.0 or higher. Android users can enroll their phones and activate the built-in security key, while Apple users need to download the Google Smart Lock app. Even the most security-conscious users can be tricked by a sophisticated phishing attack. To protect you from this threat, Advanced Protection goes further than traditional 2-Step Verification. In addition to a password to sign in to your Google Account, it requires you to use either a physical security key


Read more: AI IS CRITICAL FOR AUTOMATION OF CYBERSECURITY THREAT DETECTION AND PREVENTION

Spotlight

Web application and API protection (WAAP) is the evolution of cloud web application firewall services that were designed to protect internet-facing web applications and web APIs (application program interfaces).


Other News
PLATFORM SECURITY,SOFTWARE SECURITY

Stellar Cyber Integrates with Netskope to Deliver World-Class User Context, Speeding Investigations and Improving Security Outcomes

Stellar Cyber | December 20, 2022

Stellar Cyber, the innovator of Open XDR, today announced a new integration with Netskope, a global leader in secure access service edge (SASE). This powerful integration makes it easy for enterprise and MSSP users of the Stellar Cyber Open XDR platform to improve visibility of risks and threats by incorporating the rich user-centric data generated by Netskope in every investigation conducted by their security analysts. Under this integration, Netskope maintains visibility and control across five lanes of user traffic, including web, managed SaaS, unmanaged SaaS, cloud service providers, and public-facing custom apps in one single-pass cloud architecture. At the same time, Stellar Cyber ingests, normalizes, and analyzes Netskope data and all other collected data to identify potential threats creating prioritized, investigation-ready incidents. As security analysts complete incident investigations, Stellar Cyber automatically initiates response actions to third-party products integrated into the solution, including Netskope. “Making it easy for our customers that use Stellar Cyber to incorporate Netskope’s valuable user insights into their investigations is another way for us to bring them new levels of security visibility. “Making security analysts more productive means attacker dwell time decreases, reducing the risk of breach across our customer's environment.” Andy Horwitz, VP of Business Development at Netskope “Automatically incorporating Netskope’s rich user data into every investigation in the Stellar Cyber platform adds critical context that previously required significant manual effort, which should be especially important to customers with lean security teams focused on reducing the workload on their SOC analysts,” said Andrew Homer, VP, Technology Alliances at Stellar Cyber. “With this integration, we continue to deliver what our customers, and the market, expect.” About Stellar Cyber Stellar Cyber’s Open XDR platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

Spotlight

Web application and API protection (WAAP) is the evolution of cloud web application firewall services that were designed to protect internet-facing web applications and web APIs (application program interfaces).

Resources