Box Shield will be adding new automated response actions as an option to our Suspicious Location alerts, increasing speed of response to detected threats and reducing the burden on the admin.
Box Shield Suspicious Location alerts enable admins to detect when their organization’s Box account is being accessed from a prohibited location. They can create either allowlists or blocklists that identify permitted geographic regions, and can also build in exceptions for known travel. These alerts have helped our admins detect international bad actors seeking to compromise their content, and we are making them even faster and easier.
Admins will now have the ability to enable automated response actions for managed users when access is detected from a non-permitted location. Upon detection, Box Shield will:
-
Immediately terminate the session that triggered the alert
-
Block the account from accessing Box until it returns to a permitted location
To learn more about Box Shield Threat Protection, look here.