Get more information about the user of a VPN. Is that possible?

A VPN connection is used to make secure and anonymous use of the internet. With a VPN you prevent companies, the government, but also hackers, from seeing confidential information about you as an internet user. In many cases this is beneficial, but what if cyber criminals use a VPN to break into your network? You would like to prevent that. In this post an explanation about our VPN detection module with which more information about the user of the VPN can be obtained to prevent abuse.

Recognize and filter VPN providers to prevent abuse

While using a VPN can be a godsend for a well-intentioned individual or entity, there is also a major drawback to using this service. VPN subscriptions are increasingly used in digital attacks. With the option of obtaining VPN subscriptions via anonymous payments, such as Bitcoin, cyber criminals are easily able to remain anonymous on the internet. It is often difficult for SOCs (Security Operation Centers) to recognize and filter out VPN providers from legitimate traffic. DeepBlue has developed the VPN scraper for this.

VPN subscriptions are increasingly used in digital attacks.

VPN detection with DeepBlue VPN scraper

Thanks to our proprietary technology, we are able to recognize the traffic from VPN providers. On a daily basis, we collect information about new and existing VPN providers. We store this information historically so that information about IP addresses can also be consulted with retroactive effect. Thus, DeepBlue is able to recognize VPN traffic and provide context and interpretation about IP/domain data coming from a VPN provider. Of course, this data is easy to query or link via an API.

What can our VPN scraper do for you?

• The VPN scraper can detect suspicious traffic on the network based on IP address. If employees never use a VPN connection, you can sound the alarm the moment traffic from a VPN provider is signaled on the network.
• The VPN scraper can preventively block VPN use of (former) employees.
• The VPN scraper provides context for alerts from your SIEM or Monitoring system. Knowing that an IP address belongs to a particular VPN provider can help with triage.

More information about VPN detection

Would you like to know what DeepBlue can do for you? For more information, please contact us by e-mail info@deepbluesecurity.nl or by telephone on +31(0)70 800 2025.