VPN Gateway Change
This alert occurs when Lacework detects a VPN gateway change.
Why this Alert is Important
VPN gateways are used to provide secure communication between two VPN gateways. A VPN gateway change indicates that communication is not being transmitted over the same VPN gateway. Unauthorized VPN gateway use can cause leakage of sensitive information, leading to man in the middle attacks.
Investigation
Investigate what the approved gateways are in the company. Audit the use of VPN gateways and look for any unauthorized gateways.
Resolution
Ensure that users can only connect to the approved VPN gateways.