Enable quick, safe, and reliable work-from-home monitoring.
A suite of in-depth apps that provide visibility and management for your remote workforce with SSO, remote access, endpoint security and productivity SaaS apps to ensure that your employees can work from home productively and safely. Monitor availability, performance, user activity and collaboration, and security across your workforce locations.
Our Work-from-Home Solution provides support in all areas of remote work management for your enterprise, including:
- SSO: Auth0, Duo, Okta, One Login, Azure Active Directory
- Remote Access: Cisco Meraki, Zscaler Web Security
- Productivity Apps: G Suite,Office 365, Salesforce, Slack, Zoom
- Endpoint Security: Crowdstrike Falcon, Carbon Black, Cylance
Configure Data Collection
All of these apps are available in our App Catalog. To get your data collection configured, you need to use one of the following collectors:
- Installed Collectors are deployed in your environment, on a local machine, a machine in your organization, or even an Amazon Machine Image (AMI). Installed Collectors require a software download and installation. Upgrades to Collector software are released regularly by Sumo Logic.
- Hosted Collectors reside in the Cloud, allowing for seamless collection from cloud sources.
Apps in the Work-from-Home Enterprise solution package use the following collector types:
|App||Sumo Logic Collector Type|
|Office 365||Hosted Collector|
|G Suite||Hosted Collector|
|Cisco Meraki||Installed Collector|
|Duo Security||Hosted Collector|
|Azure Active Directory||Hosted Collector|
|Carbon Black||Hosted Collector|
|CrowdStrike Falcon||Installed Collector|
If you want to use multiple apps that need a hosted collector, you can install one hosted collector across all apps. You do not need a special hosted collector for each app.
If you are using multiple apps that need an installed collector, we recommend starting out using a single installed collector for all apps. Then, depending on the size and performance of the machine you are running your collector, you may need to add additional collectors for each app.
Install Working from Home Apps
You can find any of these apps in our Working from Home Solution Section of the App Catalog.
To install any of these apps, follow their directions:
- Azure Active Directory
- Carbon Black
- Cisco Meraki
- Crowdstrike Falcon
- G Suite
- One Login
- Office 365
- Zscaler Web Security
The Work-from-Home Solution includes Remote Access apps for Cisco Meraki, Zscaler Web Security, and Zoom. In addition, the following VPN solutions are now also available on our Github repository:
- Palo Alto Networks GlobalProtect VPN Monitoring
- Cisco AnyConnect VPN Monitoring
- Netscaler VPN Monitoring
If you’d like assistance with custom content, a Customer Success representative would be happy to spend an hour working with your team to tailor a solution. If content for your Remote Access platform isn’t supported yet, check out the next section for common use cases.
VPN Monitoring Resources and Tips
These days, as more and more people work from home, it’s especially important to ensure that your work from home infrastructure is healthy, and your VPN is keeping your employees connected and your data secure. You can use Sumo Logic to monitor traffic, user activity, successful and failed logins, and more. This page summarizes Sumo Logic resources and recommendations for monitoring your VPN.
Other solutions and apps for infrastructure monitoring
These ready-to-run apps are a good starting point for monitoring critical parts of your infrastructure that support a work from home workforce:
- Work-from-Home Solution—This solution allows you to monitor all aspects of the infrastructure you use to enable employees to work from home, safely and securely—including your productivity apps, and the services you use for SSO, remote access, endpoint security.
- Sumo Logic App for Cisco Meraki—You can use this app to monitor and troubleshoot network security, end-to-end performance, switch port management, and device management of your Cisco Meraki wireless infrastructure management platform.
- Sumo Logic App for Zscaler Web Security—This app provides visual insights into web traffic behaviors, security, user browsing activities, and risk in Zscaler.
Dashboards for VPN monitoring
We created these dashboards to help you monitor commonly used VPNs. The dashboards are open source and published on GitHub.
- Dashboard for Cisco AnyConnect VPN Monitoring—This dashboard displays successful and failed logins, session durations, connections, and concurrent users.
- Dashboard for Palo Alto Networks GlobalProtect VPN Monitoring—This dashboard displays successful and failed logins and malicious IP activity.
- Dashboard for Netscaler VPN Monitoring—This dashboard displays successful and failed logins, users authenticating from multiple IPs, and rare user agents.
Tips for creating your own searches and dashboards
When you build your own searches and dashboards consider these VPN monitoring best practices:
- Successful logins—Monitor for spikes or drops in logins, and whether they are coming from expected locations.
- By location
- Logins from multiple IPs
- Trend over time
- Failed logins—Monitor for spikes in failed logins and where those login attempts are coming from.
- By location
- Trend over time
- Events and connections—Monitor both the most common and least common events from your VPN service.
- Top events
- Events trend over time
- Connections over time
- Suspicious activity—Use our Threat Intelligence and ASN Lookup integration to monitor for malicious connections.
- Top suspicious IPs and threat intelligence
- Suspicious IPs trend over time
- Abnormal session durations