How to Use Splunk Remote Work Insights (RWI) to Secure Your Organization in 2023

In Security Tips for Work From Home (WFH) Life, we explored guidelines on how to efficiently and safely set up your work-from-home environments. Looking past the individual worker, companies are now tasked with providing a productive and secure remote work environment for their colleagues. 

How can organizations achieve this if they’re not already there yet? Here, we’ll show you how to use Splunk to monitor the safety and performance of your remote workforce.

What is Splunk Remote Work Insights?

In light of COVID-19, Splunk has released the Remote Work Insights (RWI) Application. This free-to-download application contains reports and dashboards that provide insight into the critical applications your organization is using to keep the business running. Along with application management, the RWI solution gives immediate insight into business performance and network security. As we get through this pandemic and beyond, the Splunk Remote Work Insights solution will help your business monitor the success and safety of its remote workforce.

This Splunk application can be added to Splunk to increase your security posture and provide critical insight into how your applications are being used, who is using them, and from what locations. It’s also mobile-friendly so you never miss an alert.

How Splunk Remote Insights Work

When you open up the RWI application, you’ll see the Executive dashboard view. This dashboard is an aggregate summary view of all dashboards within the application. The major purpose of this dashboard is to provide the CTO/CIO or a data center of critical insights into remote business operations. RWI gives visibility into your company’s critical applications and how they are performing and being used.

Remote Work Insights Dashboards

Executive Dashboard

Use this dashboard to get a bird’s eye-view of how applications are performing across your organization. The metrics displayed on this dashboard include:

• VPN Sessions
• Zoom Meetings In Progress
• Most Popular Applications on the Network
• Geographic Locations of Logins

  

VPN Ops

Use this dashboard to monitor how securely your team is able to connect to different applications accessible through your VPN.

VPN Login Activities dashboard shows where your colleagues are logging in from, the success/failure rate for these logins, and the top login failure reasons. This dashboard is a one-stop shop to audit your VPN activities. The data shown here is from GlobalProtect, but any VPN logs can be integrated into these dashboards.

The Global Protect VPN Login Activities dashboard is key for insights into VPN activities of your remote colleagues. In this example, you have a workforce that’s fully based in the U.S. Now, check out that top panel… there are some workers accessing the VPN client from China, if this is unexpected, you may have a breach on your hands.

Figure 2 – Global Protect VPN Login Activities

The metrics displayed on this dashboard include:

• Geographic Locations of Logins
• Failure Rate of Connections (over time)

Authentication Ops

• Authentication of Login Attempt Activity
• Failures of Legitimate Login Attempt Activity
• Infrastructure Stress and Failure

Zoom Ops

The Zoom Ops dashboards show an aggregate view of your organization’s Zoom metrics. Looking at this dashboard, you’ll gain visibility into historical metrics and real-time information on active Zoom meetings. You can even see what devices the meetings are being accessed from, the types of meetings being conducted, and metrics surrounding the length of the meetings.

Figure 3 – Zoom Ops Dashboard

• Zoom Adoption and Utilization
• Number of Active Meetings
• Number of Participants in Meetings
• Length of Meetings

Protect Your Team From External Threats

The external threats facing organizations are greater than ever. With the shift to a remote workforce, it is crucial for businesses to have these insights into their day-to-day operations to protect the safety of their organization and colleagues. 

Interested in learning more about the Splunk Remote Work Insights solution or looking to implement the application? You don’t have to master it by yourself in order to get the most value out of it. Small, day-to-day optimizations of your Splunk environment can make all the difference in how you understand and use the data to manage all the work on your plate.

Cue Atlas Assessment: a customized report to show you where your Splunk environment is excelling and opportunities for improvement. Once you download the app, you’ll get your report in just 30 minutes.

The external threats facing organizations are greater than ever. With the shift to a remote workforce, it is crucial for businesses to have these insights into their day-to-day operations to protect the safety of their organization and colleagues. Paired with all applications your organization uses today, the Splunk Remote Work Insights Application can dramatically increase your organization’s visibility into application performance. Interested in learning more about the Splunk Remote Work Insights solution or looking to implement the application? Contact our Kinney Group team of experts below.