Automate Silo Log Correlation With New Splunk Integration for SOCs
A new feature of Silo for Safe Access provides a Splunk integration for SOCs and IR teams, giving them complete visibility into the users’ activities and actions on the web.
Alert fatigue is real and only getting worse for most security operations center (SOC) and incident response analysts. More devices connected to the network means more data, which in turn means more alerts and more chances to miss important information.
Increases in technology have brought a lot of benefits for the enterprise, such as quick enablement of remote working for most, if not all, employees. With the shift towards remote work, IT infrastructure has had to catch up while employees have had to adjust how they get work done. But the situation has led to the issue of monitoring remote employees’ work activity.
Additionally, BYOD has become central to the modern worker, with estimates of the market growing to the hundreds of billions a year for BYOD technology and security surrounding it. BYOD creates huge potential for information leakage and, with the rise of remote work, the attack surface only expands while visibility decreases.
How Organizations Are Handling the Problem (or Not)
Some organizations require remote employees to use a VPN. But unless the systems they need to access are only available via the enterprise network, there’s nothing stopping them from sidestepping the VPN and accessing them anyway. Internet searching from a personal device, for example, would be outside this relegation.
Some organizations may have decided they don’t need to track non-enterprise access. But this approach ignores all the SaaS platforms that the organization uses and contain critical and potentially sensitive data.
If a user has the ability to co-mingle their work and personal life on a single device with full control over capabilities (like copy and paste), the risk of sensitive data leakage expands. And if you are not monitoring those activities, you’ll never know about them until it’s too late.
Silo for Safe Access: Splunk Integration for SOCs
There’s no easy solution to all the problems an IT department faces, but a new feature in Silo for Safe Access can certainly minimize them. Silo for Safe Access capabilities combined with a new Splunk integration protects employees and information while giving SOCs and incident response teams complete visibility into the users’ activities and actions on the web using a single, prebuilt and easy-to-setup connector.
The Splunk integration for SOCs allows SIEM teams to set up granular log collection and indexing of Silo user logs any way they desire, with all relevant log ingestion automatically mapped to the Splunk CIM. This functionality means there’s no need to change existing workflows. The Silo single log ingestion gives teams the power to cover everything from:
- What websites a user visits
- What they upload and download from Silo Secure Storage or, if allowed, their personal endpoint
The latest features in Silo for Safe Access provide peace of mind knowing that all employees’ activity is monitored when they access the internet and sensitive corporate information.
Get an overview and details of the “Authentic8 Silo Add-on for Splunk” on Splunkbase or by clicking on this link: https://splunkbase.splunk.com/app/5249/.
*** This is a Security Bloggers Network syndicated blog from Authentic8 Blog authored by Daniel Ben-Chitrit. Read the original post at: https://blog.authentic8.com/automate-silo-log-correlation-splunk-integration-for-socs/
