Week 19, 2023

This week we’ve released a new check that helps you to detect when employees are using personal VPNs that may be against your corporate policy. Read on to learn more!

⚠️ Detect Personal VPN Use

Many organizations still have employees that rely on VPNs to access company systems and data. Security teams secure employees' use of corporate VPNs through implementing strict access controls, enforcing multi-factor authentication, monitoring network traffic, and regularly updating and patching VPN software to mitigate vulnerabilities.

However, we often see employees using their personal VPNs to connect to their work accounts, which creates risks. Personal VPNs can lack the robust infrastructure, encryption, and authentication mechanisms provided by dedicated corporate VPNs, making sensitive data more vulnerable to unauthorized access and potential breaches. Furthermore, personal VPNs can obscure network visibility by evading firewalls to bypass security and policy enforcement. Because of this, companies often have policies that prohibit the use of personal VPNs.

In this release, you will now see a “​​Personal VPN Usage” check. This check looks for sign-ins from personal VPNs, as defined by IPInfo, in the last 30 days. You can set the threshold for the percentage of sign-ins that came from the VPN (the example below has been set at 50% of sessions).

Armed with this insight, you can then go and verify private VPN usage with the account and clarify the access policies.

Bug Fixes and Minor Improvements

• Salesforce Integration. A new field for “Password Change Date” will be available in the User 360 profile.

• User Population. By default, do not show disabled, deprovisioned, or deleted users in the Users tab. You can edit or remove these default filters. This release also fixes a bug in the filters for “last seen”.

• System Logs. All dates are shown in UTC by default. Now, you can hover over these dates to show the local time.