Dynamic variance mechanism for securing enterprise resources using a virtual private network

Therefore, the following is claimed: 1 . A system, comprising: at least one computing device; and program instructions stored in memory and executable by the at least one computing device that, when executed, direct the at least one computing device to at least: authenticate a client device for a virtual private network (VPN) connection based on a first device identifier received from the client device and a second device identifier received from a remote management service; determine that a network event associated with the client device has been observed based on network data associated with the VPN connection; execute a machine learning routine to identify a pattern of access for the client device; determine a network access anomaly in response to a network interaction of the client device deviating from the pattern of access for the client device; and perform a remedial action based on an anomaly type associated with the network access anomaly. 2 . The system of claim 1 , wherein the first device identifier is generated by the client device as a function of at least one of: an application signing key, a device model, a user enrollment mode, or a unique hash generated from a network service unique identifier for the client device. 3 . The system of claim 1 , wherein the pattern of access for the client device is determined based on historical data comprising user interactions with the client device or client device access to network resources. 4 . The system of claim 1 , wherein authenticating the client device for the VPN connection further comprises the program instructions, when executed, directing the at least one computing device to at least: receive the first device identifier and the second device identifier from the client device in association with an execution of a VPN application on the client device; transmit the first device identifier to the remote management service; and receive the second device identifier from the remote management service. 5 . The system of claim 1 , wherein the remedial action further comprising: transmit a control message to a VPN application on the client device, the control message directing the client device to pause a flow of network traffic through the VPN connection and re-authenticate a user of the client device. 6 . The system of claim 5 , wherein the program instructions, when executed, direct the at least one computing device to at least: receive a message from the VPN application on the client device, the message indicating that the user of the client device has been authenticated; and resume the flow of network traffic through the VPN connection. 7 . The system of claim 6 , wherein the program instructions, when executed, direct the at least one computing device to at least: generate outlier data associated with the remedial action in an instance of reauthenticating the user of the client device, the outlier data indicating that the remedial action is a false positive; and add the outlier data to training data for the machine learning routine. 8 . A computer-implemented method, comprising: authenticating a client device for a virtual private network (VPN) connection based on a first device identifier received from the client device and a second device identifier received from a remote management service; determining that a network event associated with the client device has been observed based on network data associated with the VPN connection; executing a machine learning routine to identify a pattern of access for the client device; determining a network access anomaly in response to a network interaction of the client device deviating from the pattern of access for the client device; and performing a remedial action based on an anomaly type associated with the network access anomaly. 9 . The computer-implemented method of claim 8 , wherein the first device identifier is generated by the client device as a function of at least one of: an application signing key, a device model, a user enrollment mode, or a unique hash generated from a network service unique identifier for the client device. 10 . The computer-implemented method of claim 8 , wherein the pattern of access for the client device is determined based on historical data comprising user interactions with the client device or client device access to network resources. 11 . The computer-implemented method of claim 8 , wherein authenticating the client device for the VPN connection further comprising: receiving the first device identifier and the second device identifier from the client device in association with an execution of a VPN application on the client device; transmitting the first device identifier to the remote management service; and receiving the second device identifier from the remote management service. 12 . The computer-implemented method of claim 8 , wherein the remedial action further comprising: transmitting a control message to a VPN application on the client device, the control message directing the client device to pause a flow of network traffic through the VPN connection and re-authenticate a user of the client device. 13 . The computer-implemented method of claim 12 , further comprising: receiving a message from the VPN application on the client device, the message indicating that the user of the client device has been authenticated; and resuming the flow of network traffic through the VPN connection. 14 . The computer-implemented method of claim 13 , further comprising: generating outlier data associated with the remedial action in an instance of reauthenticating the user of the client device, the outlier data indicating that the remedial action is a false positive; and adding the outlier data to training data for the machine learning routine. 15 . A non-transitory computer-readable medium comprising program instructions stored thereon executable in a computing device that, when executed, direct the computing device to: authenticate a client device for a virtual private network (VPN) connection based on a first device identifier received from the client device and a second device identifier received from a remote management service; determine that a network event associated with the client device has been observed based on network data associated with the VPN connection; execute a machine learning routine to identify a pattern of access for the client device; determine a network access anomaly in response to a network interaction of the client device deviating from the pattern of access for the client device; and perform a remedial action based on an anomaly type associated with the network access anomaly. 16 . The non-transitory computer-readable medium of claim 15 , wherein the first device identifier is generated by the client device as a function of at least one of: an application signing key, a device model, a user enrollment mode, or a unique hash generated from a network service unique identifier for the client device. 17 . The non-transitory computer-readable medium of claim 15 , wherein the pattern of access for the client device is determined based on historical data comprising user interactions with the client device or client device access to network resources. 18 . The non-transitory computer-readable medium of claim 15 , wherein authenticating the client device for the VPN connection further comprises the program instructions, when executed, directing the computing device to at least: receive the first device identifier and t