Jan 04 2018
11:01 AM
- last edited on
Nov 30 2021
10:10 AM
by
TechCommunityAP
Jan 04 2018
11:01 AM
- last edited on
Nov 30 2021
10:10 AM
by
TechCommunityAP
A majority of IT teams use Virtual Private Network (VPN) connections as a method to grant remote users access to corporate resources from outside the company’s network. A VPN connection provides employees flexibility by allowing them to work on the go and helps to increase productivity.
Since VPN connections are fully encrypted, they are secure and therefore their content is not always inspected. However, VPN offers an entry point for attackers to use existing credentials and remotely connect into a corporate network. With the release of version 1.8, Advanced Threat Analytics (ATA) now detects when and where credentials are being used via VPN and integrates that data into your investigation. This new capability complements all the other abnormal behavior and known malicious detection capabilities ATA already provides. Capturing and analyzing the origin of VPN connections increases your chances of identifying where and how attackers are leveraging stolen credentials in your network.
Read about it in the Azure blog.
Jan 27 2018 07:21 AM
Jan 28 2018 01:29 AM
You can query any collection in mongo that starts with "VpnAuthenticationEvent" to see if you are getting any VPN events into ATA.
The collections are created on demand, so if you see you have those, at some point events were coming in...
from the mongo bin folder, run:
mongo ATA --eval "db.getCollectionNames().filter(function (c) { return c.indexOf('VpnAuthenticationEvent') == 0; })"
Feb 02 2018 05:02 AM
When will you support other VPN vendors like Barracuda NG?
Feb 04 2018 04:56 AM
We will support more vendors due customer demand. Vendors that support radius accounting can possibly be supported quite easily.
Feb 12 2018 02:52 PM