Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
There are legitimate reasons why a VPN client could be receiving a large amount of data from an internal source. But an unusually large data transfer to a VPN client might indicate that an attacker has obtained VPN credentials and is preparing to exfiltrate data. The business impact of this type of exfiltration can vary based on the privileges of the VPN user and the value of the resources that can be accessed.
The system might change the risk score for this detection.
Kill Chain
Risk Score
65
Attackers often target valuable data to steal, such as sensitive customer data, financial information, or trade secrets. Data exfiltration is the transfer of valuable data to unauthorized users outside of the network. Data can be exfiltrated by employees with authorized access to critical assets, or by attackers who gain unauthorized access to their credentials. If an attacker has compromised a device and obtained VPN credentials, the attacker can transfer data to an external device through a VPN. A VPN is a valuable target for attackers because it provides remote access to internal resources and can enable the attacker to establish a persistent presence on the network and hide malicious activity, including data exfiltration, among other VPN traffic.
Implement network segmentation and the principle of least privilege on accounts to minimize the damage caused by a compromised device
Apply VPN software updates regularly to reduce the number of vulnerabilities that can be exploited
Enforce multi-factor authentication for remote users
Require strong authentication and maintain audit logging for remote access users
