| CPC H04L 63/1416 (2013.01) [H04L 63/0272 (2013.01)] | 18 Claims |
|
1. A method comprising:
maintaining a database related to a plurality of virtual private network (VPN) protocols and respective VPN providers thereof;
performing a VPN protocol detection process for determining a VPN protocol used by a computing device of a computer network based on analyzing network traffic data related to the computing device and the database;
in response to an occurrence of one of two events, performing an endpoint detection process for determining VPN usage of the computing device, wherein the two events comprise a detection of the VPN protocol detection process failing and a detection of a need to identify a respective VPN provider in response to a successfully performed VPN protocol detection process, wherein the endpoint detection process comprises maintaining a known ingress node database of known ingress nodes for each VPN protocol of the respective VPN providers, and mapping the network traffic data related to the computing device against the known ingress node database for determining the VPN usage;
subsequent to performing the endpoint detection process for determining the VPN usage of the computing device, in response to an occurrence of one or two further events, performing a traffic pattern search process for determining the VPN usage of the computing device, wherein the two further events comprise a detection of the endpoint detection process failing and a detection of a need to identify VPN usage time information in response to a successfully performed endpoint detection process; and
taking further action to protect the computing device and/or the computer network in response to detecting the VPN usage on the basis of at least one of: the VPN protocol detection process, the endpoint detection process, and the traffic pattern search process.
|