Cloud Security - Huntress Launches ITDR for Google Workspace

What Happened

Huntress has launched its Managed Identity Threat Detection and Response (ITDR) specifically for Google Workspace (GWS). This service aims to protect organizations from emerging identity threats, particularly focusing on business email compromise (BEC), inbox rule manipulation, and account takeovers. As GWS becomes a central hub for business operations, attackers are increasingly targeting these accounts, viewing them as gateways to broader access across various platforms.

The need for such protection has grown significantly due to the rapid adoption of GWS by businesses of all sizes. Attackers exploit compromised accounts to gain access to sensitive information, conduct fraudulent activities, and manipulate communications. With a proven track record of protecting over 10 million identities, Huntress is extending its SOC-led response capabilities to the GWS environment, ensuring that organizations can secure their identities effectively.

Who's Affected

Organizations utilizing Google Workspace for their operations are at risk. This includes small businesses, mid-market companies, and managed service providers (MSPs) managing multiple tenants. The rise of identity-related incidents highlights the vulnerability of these environments, where a single compromised account can lead to significant breaches across various SaaS platforms. In 2025, 79% of critical incidents reported by Huntress were identity-related, emphasizing the urgent need for robust identity protection solutions.

As attackers evolve their tactics, organizations must remain vigilant. The modern BEC landscape is not just about phishing emails; it involves sophisticated multi-stage attacks that can go undetected for long periods. This shift in attack strategy necessitates advanced detection and response capabilities focused on identity threats rather than traditional malware defenses.

What Data Was Exposed

The potential data exposure from compromised Google Workspace accounts can be extensive. Once an attacker gains access, they can manipulate inbox rules to hide security alerts, access sensitive emails, and even reset passwords across various platforms. The interconnected nature of GWS means that a single breach can unlock access to multiple accounts and sensitive workflows, leading to severe financial and reputational damage.

In real-world scenarios, attackers have been known to create malicious inbox rules that delete security notifications, allowing them to operate undetected. This manipulation can lead to unauthorized transactions, data theft, and a complete breakdown of trust within business communications. The implications of such breaches are significant, making proactive identity protection essential for organizations.

What You Should Do

To safeguard against these identity threats, organizations should consider implementing Huntress Managed ITDR for Google Workspace. This service focuses on detecting unusual login activities, malicious inbox rules, and suspicious authentication patterns. By leveraging SOC-led investigations, organizations can respond swiftly to potential threats, minimizing the risk of identity compromise.

Additionally, organizations should educate their employees about the risks associated with identity theft and the importance of maintaining strong security practices. Regularly reviewing account access and monitoring for unusual activities can further enhance security. As attackers increasingly target identities rather than endpoints, adopting a comprehensive identity protection strategy is crucial for maintaining organizational security.