DETECTION OVERVIEW

VPN Gateway Access from an Unusual Location

Risk Factors

There are legitimate reasons why a user could be connecting to your VPN from outside your country. But if the VPN connection is from an unknown origin, the likelihood is high that an attacker is attempting to compromise your network. An attacker with any skill level can connect to a VPN across international borders. A connection to a VPN gateway can enable other attacks, such as port scanning, lateral movement, or data exfiltration.

The system might change the risk score for this detection.

Kill Chain

Command-and-Control

Risk Score

Attack Background

Mitigation Options

Monitor and investigate unusual connections to minimize potential damage

Implement multi-factor authentication and secure credential creation

Block inbound and outbound traffic from suspicious hosts or IP ranges at the network perimeter

Apply software and operating system updates regularly to reduce the number of vulnerabilities that can be exploited

Implement network segmentation and the principle of least privilege on accounts to minimize the damage caused by a compromised device

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases