Identify Anonymising VPN Services in risks/alerts differently
We are seeing an increase of traffic from Anonymising VPN services from our end user base for publicly accessible applications that is generating a lot of alerts.
Some of their are IP Addresses are listed, obviously given how they work, some of them won't be. but for the ones that are, this should display or alert differently than just the A-typical location alerts. Or at the least identify that it might be Anonymising VPN traffic in the alert.
This may not be the easiest of tasks, but given the Anonymising VPN market growth and usage, it should be considered.
Tim Lourey commented
The above idea could throw a spanner in the works for the impossibile traveller alerts, but it might also reduce the amount of false positive impossibile travellers. Or at least make it clear that the actual risk of a particular impossibile traveller event may be lower.