Virtual private networks (VPNs) have surged in popularity as individuals and enterprises look to enhance their privacy and data security online. According to one survey, 30 percent of people use VPNs for personal reasons, and nearly 25 percent rely on VPNs for business purposes.
This technology has become even more popular and commonplace as the ongoing pandemic accelerated remote work trends and expanded people’s media consumption.
VPNs are intended to protect a user’s internet connection and enhance privacy by creating a private, encrypted tunnel for data to travel, obfuscating users’ IP addresses, location, and internet traffic. However, VPN services have also been used by threat actors to execute cyber attacks, while one consumer report study found that many of the most popular VPN providers misrepresented their products and data retention practices. As cybersecurity reports for The New York Times explains, “Any performance or security feature is worthwhile only if the company that provides it is trustworthy.”
The Problem with Surging VPN Usage
Today, a plethora of VPN providers have entered the market, including high-end premium services and residential VPN proxy services, which seek to harvest the IP addresses of consumers who come through home residential IP address connections. Additionally, some VPNs offer features favored by nefarious actors, such as no-logging and anonymous payments.
Too often, VPN connections are not trustworthy, a reality made more clear by a flurry of cybersecurity and data privacy incidents, including:
- Suspected Chinese hackers exploited Pulse Secure VPN to access multiple agencies and companies in the US and Europe.
- 500,000 Fortinet VPN account passwords leaked online.
- The CIO of Kape Technologies, parent company of several VPNs including ExpressVPN, Private Internet Access (PIA), Cyberghost, Zenmake and PrivateVPN, helped a nation-state hack into phones and computers.
- Former Ubiquiti employee, arrested for stealing company and customer data, had also attempted to extort $2M USD from the firm.
- The FBI warned of hackers selling stolen University VPN accounts
Unfortunately, even well-meaning solutions can put companies and their customers at risk. VPN attacks increased by nearly 2,000 percent last year as companies shifted operations online and off-site. These recent changes in the VPN market pose new threats to corporate and government networks and data, requiring new solutions that enable security professionals to make smart decisions to protect their infrastructure and data.
How to Identify VPN Traffic
In today’s digital environment that’s increasingly defined by expanding VPN usage, security professionals need to identify network traffic using proxy servers. Nodify, Digital Element’s data solution, helps you detect if a user is using a VPN by delivering key IP address contextual insights, including VPN classification (masked, public, private), provider’s name/URL, whether the provider allows for user anonymity and logs user activity, IP addresses related to a provider, languages of the target market of the VPN provider, and more.
This context allows security professionals to differentiate between extremely risky VPN connections and more benign ones. This allows security professionals to protect revenue streams by determining which transactions pose a risk and preventing bad actors from infiltrating or hijacking their systems by identifying anonymized connections. Nodify also helps professionals protect against corporate espionage by ensuring inbound and outbound connections are not from a VPN, proxy, or darknet.
With Nodify, companies can leverage IP address data to check for characteristics of a VPN, allowing companies to:
- Enhance cybersecurity. VPN intelligence equips companies to block inbound or outbound traffic from a VPN, which is especially critical for protecting corporate networks, financial services, retail and commerce entities, and government agencies.
- Improve digital rights management. Identifying VPN usage enables companies to better control access to content to adhere to geographic, licensing, and compliance laws.
- Enable bot detection. VPN data ensures that platform engagement is real and authentic by harnessing IP address data to identify and eradicate bots.
VPN usage exploded during the pandemic, and it continues to grow. While not all VPN usage is nefarious, enough of it is to warrant security professionals to look more closely at the VPN traffic that hits their networks.
Insight & Understanding Enhance Security
Responding to heightened VPN usage requires new insights and understandings to enhance security. To be sure, some aspects can feel complicated, but understanding the primary elements can drive awareness and support outcomes. This includes:
- Proxy: A server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It is a way to disguise your IP address to make it look like you are coming from somewhere else on the internet.
- Nodes: A more precise name for an IP address category (VPN/Proxy/Darknet) and a type (exit, entrance, or relay). Examples: VPN exit, Darknet relay, or Proxy entrance.
- Entrance node: The beginning connection chain for proxying traffic.
- Exit node: The end of the connection chain. This is the IP address the world sees where you are visiting from.
- Relay node: An intermediary hop in the connection chain, which should not be visible to the world but one more layer of protection.
Ultimately, companies need to consider the implications of VPN data, and make decisions about who can and cannot access their networks, and implement rules to enforce their policy decisions.
Digital Element can simplify the process and improve outcomes. What’s more, the ability to carry out VPN identification is just a part of what Digital Element can provide. To learn more, visit our Nodify solution page.