A VPN connection is used to make secure and anonymous use of the internet. With a VPN you prevent companies, the government, but also hackers, from seeing confidential information about you as an internet user. In many cases this is beneficial, but what if cyber criminals use a VPN to break into your network? You would like to prevent that. In this post an explanation about our VPN detection module with which more information about the user of the VPN can be obtained to prevent abuse.
While using a VPN can be a godsend for a well-intentioned individual or entity, there is also a major drawback to using this service. VPN subscriptions are increasingly used in digital attacks. With the option of obtaining VPN subscriptions via anonymous payments, such as Bitcoin, cyber criminals are easily able to remain anonymous on the internet. It is often difficult for SOCs (Security Operation Centers) to recognize and filter out VPN providers from legitimate traffic. DeepBlue has developed the VPN scraper for this.
VPN subscriptions are increasingly used in digital attacks.
Thanks to our proprietary technology, we are able to recognize the traffic from VPN providers. On a daily basis, we collect information about new and existing VPN providers. We store this information historically so that information about IP addresses can also be consulted with retroactive effect. Thus, DeepBlue is able to recognize VPN traffic and provide context and interpretation about IP/domain data coming from a VPN provider. Of course, this data is easy to query or link via an API.