Skip to content
BLOG

Innovative ways to use your business VPN to bolster security

Rachel Bishop
Rachel Bishop|October 16, 2023
Illustration of computer with shield and lock that represents security
Illustration of computer with shield and lock that represents security
Sections

A virtual private network, or VPN, is often used to safely transmit sensitive data. But there are other ways you can use your business VPN to bolster your environment’s security posture.

Our in-house sysadmins recommended three innovative ways to use a business VPN: require MFA for users, monitor network traffic, and track connected devices.

The evolution of business VPNs

Back in the day, sysadmins used their business VPNs strictly to give users remote access to on-prem resources. For example, when Janet the CEO needed to attend offsite meetings with prospective clients, she could fire up her VPN connection and have secure remote access to on-site company resources and files. 

Nowadays, you can use your business VPN in other — and arguably, far more innovative — ways. 

Business VPNs can be used to harden your security posture. For example, you can use your business VPN to ensure end users meet several criteria before accessing your environment. Those criteria might be that the user is ...  

  • on a work machine. 

  • connected to the VPN. 

  • logged in as an authenticated user.

  • up to date on antivirus software.

Should the user fail to meet one of these criteria, out they go — thus adding an additional layer of security to your corporate environment.

Require MFA for all users 

Microsoft recommends using this Conditional Access policy to bulk up your security. And it’s particularly useful for business VPNs. 

You can set up Named locations in your Conditional Access policy to allow only trusted IPv4 networks to connect to your environment. For example, you might set up your policy so that only IP addresses originating from your office building can access your network. A business VPN lets your end users do just that — no matter where they connect from. 

Adding that additional policy tightens the lock on your environment, letting only authorized users who connect from a specific IP address access your company’s resources. 

Conditional Access 

Some of the business VPN tips our sysadmins suggest rely on Conditional Access. This is a Microsoft security feature based on if-then statements: 

“If a user wants to access a resource, then they must complete an action.” 

For example, if a user wants to access an application, then they must have a secure connection to the business VPN. Microsoft offers 16 Conditional Access policy templates organized into five categories: 

  • Secure foundation 

  • Zero Trust 

  • Remote work 

  • Protect administrator 

  • Emerging threats 

Monitor network traffic 

Here’s a fun business VPN use case for those of us who gravitate toward networking. You can use your corporate VPN to monitor network traffic as a security measure. 

While many organizations focus on monitoring inbound traffic — traffic that originates outside your organization and travels inward — there’s an interesting use case for monitoring outbound traffic from a security standpoint.   

Take botnets, for example. You can spot these a mile away as they force infected machines to call out to other infected, or zombie, machines via outbound traffic. From there, threat actors who control the main computer can use a command and control, or C2, server to send malicious code to the infected machines.  

If you monitor your outbound traffic originating from your business VPN, you’ll likely cock a brow when your U.S.-based machine communicates with an unfamiliar IP address based in Cyprus — and you can stop threat actors in their tracks. 

Track connected devices 

You can use your corporate VPN to monitor which devices connect to your internal network — and what those devices share outside your network perimeter. This use case may be particularly important if you work at an organization that handles sensitive data, like a hospital or a school.   

To do this, set up a Conditional Access policy that forbids access to sensitive data unless users are connected through the VPN — and have the right software, such as antivirus, installed. Your business VPN lets you see if users copy and paste sensitive information to an external source — and it helps you spot more nefarious activity, like data exfiltration

Now that you’ve gotten innovative with your business VPN, isn’t it time for an innovative approach to patch management? Streamline your Windows patch management and software deployment processes across your on-prem or remote fleet with PDQ’s suite of products. Download a free trial of PDQ Connect or PDQ Deploy & Inventory. 

Rachel Bishop
Rachel Bishop

A professional writer turned cybersecurity nerd, Rachel enjoys making technical concepts accessible through writing. When she’s not solving her Rubik’s cube, she’s likely playing a video game or getting wrapped up in a true crime series. She enjoys spending time with her husband (a former sysadmin now in cybersecurity) as well as her two cats and two birds.

Related articles

Illustration of computer with shield and lock that represents security

How to read a vulnerability scan report

SECURITY

Security green

What is attack surface management?

SECURITY

Illustration that shows logo of PDQ Connect

PDQ Connect announces custom fields

PRODUCT