SBN

VPN Status Monitoring & Workflow Automation with SOAR

With so many users currently working outside the office, it is more important now than ever to monitor your organization’s remote-access and other VPNs. Dedicating one or more staff members to the task of VPN monitoring—using multiple tools in multiple windows and browser tabs—is inefficient and a difficult way to accomplish what should be a relatively easy task. While you could keep a watchful eye on those circuits manually, why not do it automatically? Automated workflows can take on monitoring tasks and even handle issues that arise without human interaction. Taking advantage of automation allows you to provide a more effective and usable VPN connection for your remote workers and while leveraging your support personnel more efficiently.

Swimlane can perform VPN Status Monitoring using an integration task to query a VPN device (Cisco ASA for example) and identify changes in status. With an automatic and constant eye on VPN status, Swimlane can quickly determine when additional actions are necessary. The workflow to execute the actions is customizable, based on your environment’s unique equipment, software, number of circuits, number of users and other factors.

VPN Status Monitoring

For this use case, we set up a Swimlane workflow to automatically perform a VPN status check every 60 seconds. We selected a saturation threshold of 85 percent to indicate that the VPN circuit was overloaded and needed some type of action. Additionally, a 20 percent or greater increase in the usage level between status checks was noted as a condition to indicate action was necessary.

VPN status check with Swimlane

Using this automated workflow, Swimlane could take different actions to ensure the VPN returned to normal operational status. For example, if the above conditions are met, one action pushes a notification to the operations team to ensure they were immediately aware of the change in VPN status. Another action automatically attempts a restart of the VPN. If the VPN restart automatically cleared the issue, normal operations resumed without the need for any human interaction.

If the VPN reset did not clear the issue, Swimlane immediately alerts your staff to the problem. Using Swimlane’s customizable dashboards—in this case, one that provides a quick view into how many VPNs were currently up, down or impacted—you can quickly identify and escalate any remaining issues. For example, simply select the VPN circuit in question to get more specifics on the individual circuit. The circuit record also contains quick action buttons that enable additional remediation actions right from the Swimlane record.

VPN Status Monitor Dashboard

Operational efficiency is more important now than ever. Taking advantage of Swimlane’s VPN monitoring automation capabilities gives you the ability to handle more tasks while saving the human-based tasks for where they are needed most. By implementing this VPN Status Monitoring use case, you can quickly determine VPN status, identify outages and automatically restore service to your remote users.


Ready to dive in deeper? Check out our VPN Status Monitoring video!


*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Jay Spann. Read the original post at: https://swimlane.com/blog/automated-vpn-status-monitoring-with-soar/