VPN Security Monitor for HPE ArcSight and IBM QRadar

London, UK – April 28, 2017 – SOC Prime, Inc. reports that remote access systems are an attractive target for adversaries attacks. Technologies are constantly evolving, and for now VPN is commonly used to connect network devices from an untrusted network to the corporate network. VPN protocol itself is highly secure and ensures the confidentiality and integrity of information transmission via the communication channels. Therefore to penetrate the corporate network, attackers use various sophisticated techniques (including phishing and brute force attacks) that are difficult to detect timely.

We present you the new content in Use Case Library – VPN Security Monitor for HPE ArcSight and IBM QRadar that automates monitoring of information security incidents related to VPN. This analytical content for SIEM provides a basic visualization of the service and allows you to determine the most frequently connected users, their IP addresses and location. If combine this data with information about the possible location of certain employees, you can identify unauthorized connection from an untrusted network to organization’s resources and compromised credentials. VPN Security Monitor helps identify brute force attacks on Remote Access Servers and allows the IS officers to take timely measures to localize the threat. Also, with your SIEM system, you can build a report on connection and disconnection time of remote workers.