Skip to main content

Securing a work-from-home organization

  • Updated

Scenario: A global pandemic has forced all your employees to switch to working from home. Now, with so many employees working on their home networks, instead of the corporate network, you are concerned about data security. Additionally, the alerts you had previously configured, such as those for unusual login times, are firing constantly as people's work habits have changed. You need to realign your organization's security policies and practices with these new circumstances. 

How Splunk software can help

You can use Splunk software to create new baselines, You can then use this data to establish new alerts, monitoring, and reporting that fit with a home-based workforce.

What you need 

To succeed in implementing this use case, you need the following dependencies, resources, and information.

People

The best person to implement this use case is a CISO, Security Operations Manager, or Security Analyst who is familiar with safeguarding an organization with a remote workforce. This person might come from your team, a Splunk partner, or Splunk OnDemand Services.

Time

Depending on the maturity of your organization's security posture and whether you previously had remote employees, establishing safeguards for an organization with a remote workforce can take between a few days and a few weeks.

Technologies 

The following technologies, data, and integrations are useful in successfully implementing this use case: 

How to use Splunk software for this use case

You can run many searches with Splunk software to safeguard an organization with a remote workforce. Depending on what information you have available, you might find it useful to develop some or all of the following: 

  • New baselines for logons
  • New baselines for network traffic
  • Updated phishing investigations  
  • Remote logons to hosts

As the habits of your organization's employees continue to evolve, the need to correlate events, rather than looking at them independently, will become more important because what was suspicious before might not be now.

Other steps you can take

To maximize their benefit, the how-to articles linked in the previous section likely need to tie into existing processes at your organization or become new standard processes. These processes commonly impact success with this use case: 

  • Determining whether to have split tunnel or full tunnel VPN
  • Establishing two-factor authentication for your VPN
  • Updating or enhancing password policies
  • Establishing or improving monitoring of your cloud services
  • New methods of team collaboration and communication 
  • Identification of experts for new types of log data 

Related resources 

These additional Splunk resources might help you understand and implement this use case:

Related articles

Comments

0 comments

Please sign in to leave a comment.

The information provided in Splunk Lantern is intended for informational and educational purposes only. All information is provided in good faith, however, Splunk disclaims any and all representations and warranties, express and implied, regarding the information provided, including without limitation any warranties and representations regarding the completeness, adequacy or accuracy of the information. You agree to take full responsibility for the results arising from the use of the information provided.