Work from Home VPN Solution
Enable quick, safe, and reliable work-from-home monitoring with our Work from Home Solution, a suite of in-depth SaaS apps that provide visibility and management for your remote employee workforce with SSO, remote access, endpoint security, and productivity.
This solution provides support in all areas of remote work management for your enterprise, including:
- SSO: Auth0, Duo Security, Okta, One Login, Azure Active Directory
- Remote Access: Cisco Meraki, Zscaler Web Security
- Productivity Apps: Google Workspace, Office 365, Salesforce, Sailpoint, Slack, Microsoft Teams, Workday, Zoom
- Endpoint Security: Crowdstrike Falcon Endpoint Protection, Carbon Black, Cylance
VPN Monitoring Use Cases
These days, as more and more people work from home, it’s especially important to ensure that your work from home infrastructure is healthy, and your VPN is keeping your employees connected and your data secure.
You can use Sumo Logic to monitor traffic, user activity, successful and failed logins, and more. This page summarizes Sumo Logic resources and recommendations for monitoring your VPN.
Step 1: Configure Data Collection
To configure data collection, you'll first need to decide on the Work From Home app you want to install, as it will determine need to set up an Installed Collector or Hosted Collector.
What are Collectors?
- Installed Collectors are deployed in your environment, on a local machine, a machine in your organization, or even an Amazon Machine Image (AMI). Installed Collectors require a software download and installation. Upgrades to Collector software are released regularly by Sumo Logic.
- Hosted Collectors reside in the Cloud, allowing for seamless collection from cloud sources.
App | Sumo Logic Collector Type |
---|---|
Office 365 | Hosted Collector |
Okta | Installed Collector |
G Suite | Hosted Collector |
OneLogin | Hosted Collector |
Auth0 | Hosted Collector |
Salesforce | Installed Collector |
Cisco Meraki | Installed Collector |
Slack | Hosted Collector |
Duo Security | Hosted Collector |
Azure Active Directory | Hosted Collector |
Zscaler | Installed Collector |
Carbon Black | Hosted Collector |
Cylance | Hosted Collector |
CrowdStrike Falcon | Installed Collector |
Zoom | Hosted Collector |
If you want to use multiple apps that need a hosted collector, you can install one hosted collector across all apps. You do not need a special hosted collector for each app.
If you are using multiple apps that need an installed collector, we recommend starting out using a single installed collector for all apps. Then, depending on the size and performance of the machine you are running your collector, you may need to add additional collectors for each app.
Step 2: Install a Work from Home app
To find our Work from Home apps, go to the App Catalog > Work from Home Solution section.
To install any of these apps, follow their directions by clicking on an app link below:
- SSO: Auth0, Duo Security, Okta, One Login, Azure Active Directory
- Remote Access: Cisco Meraki, Zscaler Web Security
- Productivity Apps: Google Workspace, Office 365, Salesforce, Sailpoint, Slack, Microsoft Teams, Workday, Zoom
- Endpoint Security: Crowdstrike Falcon Endpoint Protection, Carbon Black, Cylance
Step 3: View Dashboards and insights
Monitor availability, performance, user activity and collaboration, and security across your workforce locations.
Dashboards for VPN monitoring
We've created these dashboards to help you monitor commonly used VPNs. The dashboards are open source and published on GitHub.
- Dashboard for Cisco AnyConnect VPN Monitoring. This dashboard displays successful and failed logins, session durations, connections, and concurrent users.
- Dashboard for Palo Alto Networks GlobalProtect VPN Monitoring—This dashboard displays successful and failed logins and malicious IP activity.
- Dashboard for Netscaler VPN Monitoring—This dashboard displays successful and failed logins, users authenticating from multiple IPs, and rare user agents.
Tips for creating your own searches and dashboards
When you build your own searches and dashboards consider these VPN monitoring best practices:
- Successful logins. Monitor for spikes or drops in logins, and whether they are coming from expected locations.
- Total
- By location
- Logins from multiple IPs
- Trend over time
- Failed logins. Monitor for spikes in failed logins and where those login attempts are coming from.
- Total
- By location
- Trend over time
- Events and connections. Monitor both the most common and least common events from your VPN service.
- Top events
- Events trend over time
- Connections over time
- Suspicious activity. Use our Threat Intelligence and ASN Lookup integration to monitor for malicious connections.
- Top suspicious IPs and threat intelligence
- Suspicious IPs trend over time
- Abnormal session durations
Community Resources
The Work from Home Solution includes Remote Access apps for Cisco Meraki, Zscaler Web Security, and Zoom. In addition, the following VPN solutions are now also available on our GitHub repository:
- Palo Alto Networks GlobalProtect VPN Monitoring
- Cisco AnyConnect VPN Monitoring
- Netscaler VPN Monitoring
- Zoom
If you’d like assistance with custom content, a Customer Success representative would be happy to spend an hour working with your team to tailor a solution. If content for your Remote Access platform isn’t supported yet, check out the next section for common use cases.