Unwanted Access Rules - Block All VPNs
R
Ryan Sipes
The list of VPN services we're able to block is a pretty extensive list. Rather than a blocklist style approach, an allowlist or exceptions to a global blocklist would be helpful. Perhaps a client wants to block all VPN tools except for their Sophos VPN; that would take some time to build out and clutter the dashboard with how things are configured currently.
Toby Giddens
Thanks for getting this functionality out there! It'll help keep things cleaner in the long run.
However, it is only doable at the account level which affects all of our customers at once. It really needs to be configurable per customer (Organization). The situation we have is that I have one customer that needs all VPNs blocked as they are under an active attack (3500 users), but I need to onboard more customers that would benefit from have it toggled off so that we can calibrate the VPN settings during their initial onboard period without unnecessarily isolating their accounts. This would ensure that newly onboarded customers VPN detections could be handled as escalations that need further investigation by the MSP, instead of a critical incident that locks down the account.
C
Craig Lathrop
Adding to this. The escalations are great, but I really need a way to immediately block an accounts access if any VPN is used. Shoot first, ask questions later. VPN use is sometimes legit, but most of the time, it's really an attack. Either a full "block all VPNs except for the allow list" rule, or a way to lock a user account on certain escalations.
J
Jonathan Pilkington
Craig Lathrop Appears they have this now.