Imagine one of your employees (m,f,d) logs into your company’s internal wiki in Aachen. Everything is fine. However, the same employee logs in 10 minutes later in Berlin.
How can the employee get from Aachen to Berlin in 10 minutes? Usually it is not possible. A security monitoring tool like Splunk detects this potential security threat and raises the alarm immediately.
A first possible measure is to temporarily block the account and then contact the employee. This simple but very effective measure can massively reduce or almost completely prevent damage.