Lean on Splunk for your Remote Work Insights

In Security Tips for Work From Home (WFH) Life, we explored guidelines on how to efficiently and safely set up your work from home environments. The individual colleague has the responsibility to ensure they’re maintaining a secure remote-work environment. Looking past the individual worker, companies are now tasked with ensuring a good remote work environment for their colleagues to stay productive and secure. How can organizations get these critical insights? Let’s jump into Splunk and see your company can monitor the safety and performance of your remote workforce.

Splunk Remote Work Insights (RWI)

In light of COVID-19, Splunk has released the Remote Work Insights (RWI) Application. This free-to-download application contains reports and dashboards that provide insight into the critical applications your organization is using to keep the business running. Along with application management, the RWI solution gives immediate insight into business performance and network security. As we get through this pandemic and beyond, the Splunk Remote Work Insights solution will help your business monitor the success and safety of its remote workforce.

This Splunk application can be added to Splunk to increase your security posture and provide critical insight into how your applications are being used, who is using them, and from what locations.

Figure 1 - Splunk Remote Work Executive Dashboard

Figure 1 – RWI Executive Dashboard

When you open up the RWI application, you’ll be dropped into the Executive dashboard view. This dashboard is an aggregate summary view of all dashboards within the application. The major purpose of this dashboard is to provide the CTO/CIO or a data center of critical insights into remote business operations. RWI gives visibility into your company’s critical applications and how they are performing and being used.

Be the VPN Champion

VPN Login Activities dashboard shows where your colleagues are logging in from, the success/failure rate for these logins, and the top login failure reasons. This dashboard is a one-stop shop to audit your VPN activities. The data shown here is from GlobalProtect, but any VPN logs can be integrated into these dashboards.

The Global Protect VPN Login Activities dashboard is key for insights into VPN activities of your remote colleagues. In this example, you have a workforce that’s fully based in the U.S. Now, check out that top panel… there are some workers accessing the VPN client from China, if this is unexpected, you may have a breach on your hands!

Figure 2 - Global Protect VPN Login Activities

Figure 2 – Global Protect VPN Login Activities

Zip-Up Zoom Operations

The Zoom Ops dashboards show an aggregate view of your organization’s Zoom metrics. Looking at this dashboard, you’ll gain visibility into historical metrics and real-time information on active Zoom meetings. You can even see what devices the meetings are being accessed from, the types of meetings being conducted, and metrics surrounding the length of the meetings.

Figure 3 - Zoom Ops Dashboard

Figure 3 – Zoom Ops Dashboard

The following data sources were used to populate these dashboards:

  • GlobalProtect VPN
  • Office 365
  • Zoom Video
  • Okta Authentication
  • Google Drive
  • Webex
  • Slack

The external threats facing organizations are greater than ever. With the shift to a remote workforce, it is crucial for businesses to have these insights into their day-to-day operations to protect the safety of their organization its colleagues. Paired with all applications your organization uses today, the Splunk Remote Work Insights Application can dramatically increase your organization’s visibility into application performance. Interested in learning more about the Splunk Remote Work Insights solution or looking to implement the application? Contact our Kinney Group team of experts below.

Author

Start typing and press Enter to search