Home » VPN Detection Myth Series: Myth One – All VPN-driven Data is the Same.
VPN Detection Myth Series: Myth One – All VPN-driven Data is the Same.
A Five-Part Blog Series to Bust the Myths Surrounding VPN Intelligence Data
It’s no secret that VPN usage is exploding. Driven by the pandemic and lockdown orders, consumers everywhere signed up for a VPN service in order to access content that was otherwise off limits to them. Others were keen to secure their privacy.
Today, some 1.6 billion people — about 31% of the world’s Internet users — rely on a VPN to surf the web and access apps anonymously.
That enormous pool of users is an irresistible draw for entrepreneurs, investors, consumers and nefarious actors who see an opportunity to cash in on the trend. There are thousands of VPN services (though most are owned by the same subset of parent companies). Obviously, a great deal of VPN usage is benign, but not all of it. For instance, the credentials of 21 million VPN users were stolen from just three VPN apps, SuperVPN, GeckoVPN and ChatVPN, and are now up for sale on the dark web.
Residential users aren’t the only victims, as the FBI has warned that cyber criminals are exploiting home VPN usage to break into corporate systems. Meanwhile, streaming companies and compliance teams have seen VPN users circumvent their geographical rights management and digital rights restrictions.
The crimes are both serious and costly given that many VPN providers are happy to turn a blind eye to the activities of their users, providing them with a gateway for a range of malicious activities, including scraping, scanning and testing passwords in order to access your network.
Today, corporate security and compliance teams must navigate treacherous waters. With remote and hybrid work models a permanent fixture, employees sign into their workspaces via the corporate VPN by day, and their personal VPN by night, exposing the company’s systems to unprecedented risk.
Security and compliance teams feel a tremendous urgency to get a handle on the VPN market so they can make smart decisions about which VPN traffic to allow, which to investigate, and which to ban altogether. To make those distinctions, however, they need context and insight. VPN intelligence data is essential. But not all VPN data is equally valuable; critical differences exist, and those differences can spell the difference between a hack that is cauterized quickly, and one that makes national headlines.
There are many myths about VPN data. In this five-part blog series, we examine those myths one at a time. First up: the myth that all VPN-driven data is the same.
Fact: No, Not All VPN-Driven Data is the Same
Too often we hear that “all VPN-driven data is the same.” The differences begin with where the data originates — the VPN provider itself — and its intentions when offering a service to the market.
For instance, some VPN services are built for securing an organization (e.g. Zero-Trust Gateways), while some are privacy focused (e.g. Google VPN). Some allow the user to determine his or her exit destination to circumvent restrictions (e.g. NordVPN) in order to bypass digital rights restrictions. This means that each and every traffic source must be evaluated in its own right to determine which is safe, potentially suspect, or outright nefarious.
Additionally, the breadth of data can vary from provider to provider. A lot of VPN intelligence data providers get their data from a limited scope of sources, such as gambling apps. This is a huge problem because it misses vast swaths of VPN usage. For instance, schools and universities require students to use their VPN to register for classes or pay their tuition. None of this traffic will be covered by a service that relies on limited sources for their main source of data.
Millions of people who are not gamblers sign up for a VPN service in order to circumvent digital access rights so that they can stream content outside of their geo-location (e.g. stream The Office via UK Netflix rather than pay for a Peacock TV subscription).
And there are corporate VPNs which convolutes things. Let’s say an employee is at her desk researching products for her job via your corporate VPN. When she visits a website outside your network, she will appear to that website as an unknown actor hiding behind a VPN. Is she a legitimate customer or a competitor seeking to steal company secrets? To make that determination, the security team for that website will need more context around your VPN itself, such as the company name, provider URL, and so on.
Here’s another example for why context is critical: you may consider all VPN traffic originating in Russia as suspect and block it automatically. But what if you have employees (or students, if you’re a university) traveling there for work or a study abroad program? You may block legitimate people from accessing your network based on broad brushstrokes.
The Bottom Line
There is no one “best source” of data to protect business interests. The datasets that are right for your industry depends on your sector, geo-location, users, employees, and a host of other factors. There is no one-size-fits-all.
The Digital Element Difference: We don’t rely on a single source for our IP address intelligence data. Rather, we tap into multiple sources to ensure we have no gaps. And importantly, we distinguish between different types of VPN traffic and provide context around each VPN to help security teams understand the user behind the traffic.
Next up: The common myth that VPN breadth doesn’t matter. Once you have one IP, you have the VPN covered. We look forward to getting the facts straight on this one.
We would love to learn more about your specific use case. Please contact one of our experts to discuss how we can best address your unique needs.