The Network: A well known college system with 35+ locations and 30,000 students.
The Expectation: Remote access to data center resources are essential but are an attack vector, so monitoring is essential.
The Catch: EventTracker detected the same user had simultaneous successful logins but from geographically different locations.
The Find: The user was working from home but her ISP connection failed. She then proceeded to her favorite coffee shop and established a new VPN connection.
The Fix: There was nothing to be done. The old VPN connection timed out.
The Lesson: Remote access via VPN is often a vulnerability that is exploited by attackers. Careful review of the use of such back doors into the network bear close monitoring.