What is the best technology for monitoring VPN traffic? Are there certain considerations my company should take...
into account when choosing a VPN monitoring product? What are some of the top vendors in this category, and are there any open source or free options?
When it comes to VPN traffic monitoring, the most important considerations your organization needs to think about are first, what are you trying to accomplish, and second, what are your requirements?
From a high-level perspective, you might want to monitor:
- General connection information (for example, who, what, when, where and how long);
- Connection problems (such as failures, retries and so on);
- Security attacks, anomalies and other questionable behavior (including large resource usage or packets sent/received by a specific host); and
- Application usage over the VPN connection.
Specific requirements might include:
- Ease of use;
- Client- or network-based;
- Integration with your existing technologies (such as VPN type(s), security information and event management systems, data loss prevention tools, among others);
- Visibility and controls;
- Auditing and reporting capabilities; and
Depending on what's required, your enterprise might already have the means to monitor its VPN traffic. It could be built right into your VPN concentrator, firewall or server.
While I can't speak for "top" vendors, I can recommend a few free and open source products that may be worth considering depending on your needs: CiscoWorks VPN Monitor, Nagios's VPN plug-ins, VPNTTG or VPN Watcher. I've seen these tools in action and they can certainly serve a great purpose for small startups to larger enterprises.
Ask the Expert:
Want to ask Kevin Beaver a question about network security? Submit your questions now via email. (All questions are anonymous.)
Learn more about improving VPN visibility and comparing VPN security risks
Dig Deeper on VPN security
Related Q&A from Kevin Beaver
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading