Today’s post continues an ongoing series on Polarity User Tips. We help our users make better decisions, faster, with augmented reality for your desktop. This guide explains how users can get the most out of Polarity via Annotations.
Unfortunately, cybercrime won’t stop because of the ongoing COVID-19 pandemic. These are critical times for security professionals to address increased opportunistic and targeted cyber threats.
If you’re one of the many people across the globe transitioning to full-time remote work for the first time, you’ll be encountering new benefits along with new challenges. In order to effectively keep cyber threats at bay, you’ll first need to learn how to remain productive and secure in your new work environment.
One thing your team may not have implemented yet is a system for tracking employees’ home IP addresses. If your systems (VPN/SIEM/Logs/etc.) don’t automatically keep track of those IPs, we recommend having the team leverage Polarity to annotate known employee IPs into a channel (something like #Employee_Home_IPs). If you set a different color to this channel, you should be able to quickly spot knowledge gaps.
Depending on how static most employees' home IPs are, you could even start by having the security team (and possibly others in IT) annotate their own home IP and then move to automating the process if you find it valuable.
Given social distancing, you would not expect to see too many folks logging in from the same IP (you may have even already lowered your threshold on your SIEM alerts to detect this situation).
For example, if you see something like this in your overlay, it would probably indicate a larger issue:
Thank you all for keeping our systems, data, people, and country safe during this critical time.