New Silo for Safe Access feature provides Splunk integration for SOCs to monitor employee web and SaaS app access on any device, managed or unmanaged.

Alert fatigue is real and only getting worse for most security operations center (SOC) and incident response analysts. More devices connected to the network means more data, which in turn means more alerts and more chances to miss important information.

Increases in technology have brought a lot of benefits for the enterprise, such as quick enablement of remote working for most, if not all, employees. With the shift towards remote work, IT infrastructure has had to catch up while employees have had to adjust how they get work done. But the situation has led to the issue of monitoring remote employees’ work activity.

Additionally, BYOD has become central to the modern worker, with estimates of the market growing to the hundreds of billions a year for BYOD technology and security surrounding it. BYOD creates huge potential for information leakage and, with the rise of remote work, the attack surface only expands while visibility decreases.

How Organizations Are Handling the Problem (or Not)

Some organizations require remote employees to use a VPN. But unless the systems they need to access are only available via the enterprise network, there’s nothing stopping them from sidestepping the VPN and accessing them anyway. Internet searching from a personal device, for example, would be outside this relegation.

Some organizations may have decided they don’t need to track non-enterprise access. But this approach ignores all the SaaS platforms that the organization uses and contain critical and potentially sensitive data.

If a user has the ability to co-mingle their work and personal life on a single device with full control over capabilities (like copy and paste), the risk of sensitive data leakage expands. And if you are not monitoring those activities, you’ll never know about them until it’s too late.

Silo for Safe Access: Splunk Integration for SOCs

There’s no easy solution to all the problems an IT department faces, but a new feature in Silo for Safe Access can certainly minimize them. Silo for Safe Access capabilities combined with a new Splunk integration protects employees and information while giving SOCs and incident response teams complete visibility into the users’ activities and actions on the web using a single, prebuilt and easy-to-setup connector.

The Splunk integration for SOCs allows SIEM teams to set up granular log collection and indexing of Silo user logs any way they desire, with all relevant log ingestion automatically mapped to the Splunk CIM. This functionality means there’s no need to change existing workflows. The Silo single log ingestion gives teams the power to cover everything from:

  • What websites a user visits
  • What they upload and download from Silo Secure Storage or, if allowed, their personal endpoint

The latest features in Silo for Safe Access provide peace of mind knowing that all employees’ activity is monitored when they access the internet and sensitive corporate information.

Get an overview and details of the “Authentic8 Silo Add-on for Splunk” on Splunkbase or by clicking on this link:

About the Author

Daniel Ben-Chitrit
Daniel Ben-Chitrit

Daniel Ben-Chitrit is the PM for CTI and OSINT at Authentic8, bringing experience building security products and supporting intel collection and analysis across both the public and private sectors.

Related Resources

Data Sheet
Data Sheet

Silo for Safe Access

A cloud-based browsing environment that enables access to untrusted web content without introducing risk to your infrastructure

Success Story
Success Story

Shields up: how a military unit simultaneously increased network access and decreased cyber risk

Silo ensures that mission-focused research and analysis doesn’t unintentionally open military network to attacks

Solution Brief
Solution Brief

Enable remote work on any device with full IT governance

From traveling executives to work-from-home employees, IT needs to assert positive control over their computer environment