Skip to main content
 
 
Splunk Lantern

Securing a work-from-home organization

 

A global pandemic has forced all your employees to switch to working from home. Now, with so many employees working on their home networks instead of the corporate network, you are concerned about data security. Additionally, the alerts you had previously configured, such as those for unusual login times, are firing constantly as people's work habits have changed. You need to realign your organization's security policies and practices with these new circumstances. You want to use Splunk software to create new baselines, then use this data to establish new alerts, monitoring, and reporting that fit with a home-based workforce.

How to use Splunk software for this use case

You can run many searches with Splunk software to safeguard an organization with a remote workforce. Depending on what information you have available, you might find it useful to identify some or all of the following:

Next steps

As the habits of your organization's employees continue to evolve, the need to correlate events, rather than looking at them independently, will become more important because what was suspicious before might not be now. You may want to look at the use case Creating a timebound picture of network activity and consider developing some of the following:

  • New baselines for logons
  • New baselines for network traffic
  • Updated phishing investigations
  • Remote logons to hosts

Any actions you take likely need to tie into existing processes at your organization or become new standard processes. These processes commonly impact success with this use case:

  • Determining whether to have split tunnel or full tunnel VPN
  • Establishing two-factor authentication for your VPN
  • Updating or enhancing password policies
  • Establishing or improving monitoring of your cloud services
  • New methods of team collaboration and communication
  • Identification of experts for new types of log data

The content in this use case comes from a previously broadcast webinar, one of the thousands of Splunk resources available to help users succeed. These additional Splunk resources might help you understand and implement this specific use case:

Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at ondemand@splunk.com if you would like assistance.