Employees of corporate firms work in offices and on the field in geographically different places. It is very difficult for these locations and staff to connect to the headquarters from point to point due to costs and infrastructure problems. In these cases, the offices and staff need to securely connect to the headquarters. In order to meet this need, virtual private networks that cryptically carry the outgoing data towards the Internet were developed. VPN connections can be conducted between two locations or with the VPN software (VPN Client) installed on the staff computer. As a result of the increased managerial costs due to the VPN software installed on the computer, web- based VPN solutions (SSL VPN) were created. Illegally exploiting these accesses is possible by obtaining the user access information. Illegal VPN access uses point at the fact that the user broke the speed obstacle and was able to access sources in far away places in a very short time period.
VPN access source logs of the users are collected, and VPN access detection process begins with Logsign SIEM correlation techniques.
Correlation processes and statistical behavior analysis are conducted in order to list the geographical locations where the user connected at specific times.
Following these steps, relevant rules are written on the side of the correlation.
The created activities and relevant correlations are shared with IT managers and e-mail & SMS notifications are sent.