cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Community Manager
Community Manager

SEM Features to Use When Remote Working Increases

The increase in remote workers due to the Coronavirus is creating some additional challenges for IT, especially in security. I wanted to make sure you were aware of some SolarWinds® Security Event Manager (SEM) features that might help. 

  • VPN Availability: With more remote workers, you’ll see more users accessing your systems through VPNs. SEM can provide real-time visibility into your firewall logs to monitor for any issues with a potential impact on your users’ ability to connect to your corporate VPN. With the sheer volume of logs VPN connections can generate, separating the signal from the noise can be a challenge. However, using the SEM live filtering and correlation rule capabilities, you can easily view and alert on important events affecting your VPN. It’s worth checking the number of concurrent VPN sessions your firewalls are currently configured to handle. You don’t want to see a message like %ASA-3-316001: Denied new tunnel to IP_address. VPN peer limit exceeded. This means your firewall has reached the maximum number of VPN connections and new users will be unable to connect.
  • Authentication: As the number of remote workers rises, it may be difficult to monitor who is authenticating or attempting to authenticate to your network. Brute force attacks to gain access to a corporate network is a common approach for attackers, so keeping a close eye on failed VPN logon attempts is vital. The SEM dashboard can be used to identify anomalies and trends based on these authentication logs. Having a range of near real-time widgets can go a long way in identifying a spike in failed authentication attempts for a particular user.KMSigma_0-1583854839153.png
  • Threat Intelligence: Malicious outsiders may try to slip in to your systems amid the increased access requests. SEM downloads a list of bad known actors from the internet daily. These bad known actors are generally associated with malicious activity including ransomware, malware, and phishing attacks. Correlation rules are provided out of the box to monitor for any connections to or from these bad known actors. If a user falls victim to a phishing email or malware is executed on their machine while working remotely, the SEM cyberthreat intelligence tool will aim to provide some indicators of compromise. 
  • Workstation Monitoring: Just because users aren’t in the office doesn’t mean you should lose visibility into their workstation activity. Deploying the SEM agent to users’ workstations will provide insight into what they’re up to on their machines while working from home. Monitoring USB device usage, file activity, configuration changes, and software installations can help identify unauthorized activity.

Are there other ways you’ve been using SolarWinds SEM to track your infrastructure security as more of your workforce is remote? Post them below.

"Shoot for the stars to reach the moon"
Tags (1)