Guest Author, Author at eSecurity Planet https://www.esecurityplanet.com/author/guest/ Industry-leading guidance and analysis for how to keep your business secure. Tue, 27 Aug 2024 14:03:58 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.1 https://assets.esecurityplanet.com/uploads/2024/08/cropped-4x-PNG_-Shield-eSP_MainLogo_2024_color-32x32.png Guest Author, Author at eSecurity Planet https://www.esecurityplanet.com/author/guest/ 32 32 NordLayer Review: Pricing, Features & Specs https://www.esecurityplanet.com/products/nordlayer-review-vpn-zero-trust/ Tue, 27 Aug 2024 14:00:00 +0000 https://www.esecurityplanet.com/?p=22391 NordLayer is an industry-leading VPN, but is it right for you? Compare features, pros, cons, and use cases to learn if you should use it in 2024.

The post NordLayer Review: Pricing, Features & Specs appeared first on eSecurity Planet.

]]>
With the rise of remote work, companies have faced several logistical challenges. Chief among those is how to allow remote workers to access company resources safely and with a lowered risk of infiltration by malicious actors looking to steal valuable data or disrupt day-to-day business operations. In this NordLayer review, we look at one way companies can use to secure their data.

One solution many companies, both large and small, have turned to is the utilization of virtual private networks (VPNs). They can route remote workers’ traffic through easier-to-monitor pathways, giving businesses greater safety and control over their sensitive data when used in concert with dedicated endpoint management solutions.

However, VPNs come with a few caveats and hitches that make them potentially unideal for large-scale operations. Chief among them is that VPNs were never designed as cybersecurity products. For example, although many providers tout a VPN’s ability to protect users’ traffic while using public WiFi, attack methods like Tunnel Vision can still leave users vulnerable.

Additionally, VPNs face difficulties during set-up and scaling for more than a handful of users and devices. If not configured properly, a business’s network can still be put at risk, and even when configured the right way, you might still encounter congestion and device performance issues, particularly when remote workers use a VPN for heavy-bandwidth activities like Zoom calls or downloading large files.

Cloud-based network security products like NordLayer aim to bridge the gap between VPNs and proper cybersecurity solutions, giving businesses an added layer of security alongside the strict, controlled access required to implement a zero-trust security framework.

Featured Partners: Zero Trust Software

What You Need to Know About NordLayer 

NordLayer icon.
NordLayer is a business VPN and network access tool that will appeal to businesses looking for a solution with an easy-to-use interface that can help them implement a zero-trust framework for access control.


Overall Rating: 2.5/5

• Core Features: 4/5
• Usability: 3.5/5
• Customer Support: 3/5
• Trustworthiness: 2/5
• Pricing: 2/5
ProsCons
✔ Easy to use
✔ Large number of features
✔ Options for both small businesses and enterprises
❌ Pricing might be a bit steep for smaller teams or if you want more features
❌ Fairly limited number of server locations
❌ Company’s servers have been breached in the past
❌ 14-day money-back guarantee is pretty small

Who Should Use NordLayer?

NordLayer is a feature-rich, business-focused VPN and network access solution from the company behind two of the most popular VPNs in the consumer VPN market, NordVPN and Surfshark. 

Consider NordLayer if your business meets one or more of the following criteria:

  • Enterprises seeking to adopt a zero trust framework: Nord claims NordLayer is built with a zero trust strategy in mind, making it a good choice if you’re trying to implement zero trust in your own company.
  • Teams looking for an easy-to-use business VPN: Whatever else you can say about it, NordLayer offers, on the user side at least, an intuitive UI setup. However, I wasn’t able to test the back-end features meant to be used by an IT security manager.
  • Businesses that want many features on one platform: From its business VPN to access management to a firewall, NordLayer comes packed to the gills with enticing features. Getting all these features in one place for your business can make your IT manager’s life much easier.

Who Shouldn’t Use NordLayer?

NordLayer looks great on paper, but no product is flawless. Its steep prices and data breach history could make it a less-than-appealing option, depending on your company’s needs.

I wouldn’t recommend NordLayer if:

  • You’re a small business on a strict budget: A business VPN can feel like something your small business needs to protect sensitive company data. However, business VPNs do not come cheap, and NordLayer is no exception, especially if you want more features than what the lowest tier offers.
  • You care about how a company responds to data breaches: In 2018, NordLayer’s consumer-grade cousin NordVPN, along with TorGuard VPN and Viking VPN, was hacked by an 8chan user. The user did not come away with any sensitive information, and the breach only affected Nord’s single server. However, the company did not inform users of the breach until six months after they initially learned of it.
  • You’re looking for a service with a generous free trial period: Business VPNs can be expensive and difficult to fit into your company’s pre-existing IT infrastructure. As such, you might prefer a service with a free trial or a generous money-back guarantee period. NordLayer’s 14-day money-back guarantee probably won’t give you the time you need to know if the product is right for your business or not, unfortunately.

NordLayer Pricing

NordLayer has three subscription tiers, with a fourth tier for enterprises that lets you choose which features you want a la carte. The three main tiers each have a 5-user minimum, while the Enterprise Offer requires you to have at least 50 users. The lowest-tiered plan, Lite, starts at $8 per user per month, while the Enterprise Offer starts at $7 per user per month. All subscriptions come backed by a 14-day money-back guarantee.

LiteCorePremiumEnterprise Offer
Annual Billing Price$8/user/month (5-user minimum)$11/user/month (5-user minimum)$14/user/month (5-user minimum)Starts at $7/user/month (50-user minimum)
Number of Devices per License6666
Key FeaturesSession duration controls, multi-factor authentication, SSO, and 24/7 live and email supportEverything in Lite plus dedicated servers with fixed IP (for an extra $40/month), IP-based split-tunneling, DNS filtering, biometric login options, and server usage analyticsEverything in Core plus a browser extension, URL-based split tunneling (through a browser extension), and endpoint-to-endpoint file sharingEverything in Lite plus customizable features from Core and Premium

These prices are fairly standard for business VPNs, meaning it can get pricey for smaller businesses. The money-back guarantee does not give customers enough time to determine if the product fits their business. I’d prefer if NordLayer took a page out of its cousin NordVPN’s playbook and adopted a 30-day money-back guarantee to give companies more time to test the service before committing.

3 Key Features of NordLayer

Business VPN

NordLayer is, first and foremost, a VPN. While I couldn’t dig into the administrative side of the app, the user side of NordLayer is very similar to its sister product, NordVPN. As a VPN, Nord is fine. It’s easy enough to install and use, though its zero-trust framework gives users a couple of hurdles to jump over before finally connecting. The administrator has to confirm your final connection. I’d recommend sticking to the NordLynx protocol when using the service, as it easily outpaces the other supported VPN protocols within NordLayer for device performance.

Fixed IP on Dedicated Servers

While I personally wouldn’t recommend using fixed IPs with a VPN in most cases, some companies have found it useful to restrict user access to sensitive information to specific IP addresses in lieu of or in addition to traditional login credentials. As part of its Core, Premium, and Custom plans, NordLayer offers fixed IP on dedicated servers in the following locations, according to their webpage on the subject:

  • Australia (Sydney)
  • Austria (Vienna)
  • Belgium (Brussels)
  • Brazil (São Paulo)
  • Canada (Vancouver, Montreal, Toronto)
  • Colombia (Bogota)
  • Cyprus
  • Czech Republic (Prague)
  • Denmark (Copenhagen)
  • Estonia (Tallinn)
  • Finland (Helsinki)
  • France (Paris)
  • Germany (Frankfurt)
  • Greece (Athens)
  • Hungary (Budapest)
  • Ireland (Dublin)
  • Italy (Milan)
  • Japan (Tokyo)
  • Latvia (Riga)
  • Lithuania (Vilnius)
  • Malaysia (Kuala Lumpur)
  • Netherlands (Amsterdam)
  • Norway (Oslo)
  • Poland (Warsaw)
  • Portugal (Lisbon)
  • Romania (Bucharest)
  • RSA (Johannesburg)
  • Singapore (Singapore)
  • South Korea (Seoul)
  • Spain (Madrid)
  • Sweden (Stockholm)
  • Switzerland (Zurich)
  • UK (London, Manchester)
  • US (Boston, Seattle, Chicago, Los Angeles, New York, Dallas, Atlanta, Houston)

Built With Zero Trust in Mind

Zero trust network access (ZTNA) is a strategy that protects networks from threats. It emphasizes continuous verification of all users when accessing company resources, lowering the risk of harm a malicious actor can cause by granting all users only the bare minimum permissions needed to do their jobs. It also involves collecting evidence such as logs or behavioral data to track and monitor access to any sensitive resources.

This approach, while effective, can sometimes be difficult to manage, as it can require getting multiple different network security solutions with very different design philosophies to work together as a cohesive unit.

NordLayer’s wide range of access control and monitoring features make it a decent option for companies looking to implement or streamline their zero-trust strategy.

Should You Trust NordLayer?

Whether you’re an enterprise with 2,000 employees or a self-employed freelancer, trust should be a key decision factor when discussing any company you’re considering buying from. This is especially true for companies that sell cybersecurity products, as you often trust them with your data and digital safety.

In the case of a VPN provider like Nord, you’re trusting them with your Internet traffic and the access tunnels to your business’s sensitive data and resources instead of trusting your internet service provider.

In terms of trustworthiness, Nord scores low for me. The 2018 data breach, while seemingly minor in terms of impact on users, casts a shadow on the company for me. Waiting six months to inform users of the breach, and only after it was talked about on Twitter, is simply unacceptable from any company claiming to be good stewards of their users’ data.

I don’t think it’s unfair if you look at the situation and say, “Well, that was 6 years ago. They’ve had time to fix that issue, improve their security infrastructure, and take steps to improve how they communicate with users.”

However, I don’t believe companies, especially cybersecurity companies, deserve second chances when making mistakes like how Nord Security handled its data breach. Why should we potentially put our data at risk by giving a company a second chance when there are plenty of providers out there who haven’t been breached or who responded to their own breaches better than Nord did?

NordLayer Alternatives

NordLayer is just one of many VPN solutions out there for businesses to choose from. Here are  a few more providers worth taking a look at.

ProtonVPN

I would probably recommend ProtonVPN’s business-focused options over NordLayer’s. On top of being cheaper, Proton, while not the most trustworthy VPN provider on the market, is more trustworthy than Nord while packing most of the same features. Outside of Proton’s custom-priced Enterprise subscription, NordLayer does have more dedicated server locations.

Mullvad VPN

While not the best choice for enterprise-level clients, small businesses and self-employed freelancers might find Mullvad an affordable and easy-to-use VPN. It’s one of the most trusted VPNs on the market as well, thanks in part to its unique account system, which means the company never has to store sensitive information like an email address or phone number. In terms of features, NordLayer has Mullvad beat, but if you just need a VPN to function like a VPN, I would go with Mullvad every time.

Perimeter 81

Perimeter 81 is more of a SASE solution than a business VPN, but its VPN component is solid. Its number of countries with server locations is lower than NordLayer’s, but I think the actual security features on display are more impressive, like the threat emulation add-on. The sheer quantity of add-ons Perimeter 81 has means it’ll probably be more expensive than NordLayer, however.

How I Evaluated NordLayer

Ultimately, VPNs as a product are about trust, which is why I assigned the highest weight to the Trustworthiness score instead of Core Features. You don’t need too many bells and whistles to make a viable VPN, and many VPNs share a lot of the same features. This homogenization of the market means it often matters more what a company does with your data or how it’s responded to past data breaches than what shiny features it has out of the box.

Evaluation Criteria

  • Core Features (20%): Here, I search for the basic features every VPN needs to be a VPN. This includes split-tunneling, multi-factor authentication, and mobile app support.
    • Score: 4/5
  • Usability (15%): This section looks at how easy a product is to use and how accessible its technical documentation is, as well as how easy it is to report bugs and the like.
    • Score: 3.5/5
  • Customer Support (10%): For customer support, I highlight the various customer support options available to users, particularly the presence of real human customer support agents in lieu of chatbots.
    • Score: 3/5
  • Trustworthiness (40%): When you use a VPN, you effectively trust that provider with your Internet traffic in lieu of trusting your internet service provider. So, I always try to look for how a company has treated its user data in the past. This can include data breach history or if the company has been caught selling user data in the past, among other transgressions.
    • Score: 2/5
  • Pricing (15%): Finally, I look at a VPN’s various pricing plans and compare these plans to competitors. I also consider the availability of a free trial or a generous money-back guarantee policy.
    • Score: 2/5

Bottom Line: NordLayer Is an Easy-to-Use Business VPN With Some Nice Security Features

While I have concerns with how Nord Security has handled past breaches and how they’ve informed users, I understand that many potential customers will be more forgiving of something that happened six years ago. Ignoring the 2018 breach, NordLayer is a fine choice for a business VPN. While expensive, the sheer number of features and easy-to-use interface make it a solid enough choice for businesses looking to enhance their cybersecurity strategy.

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post NordLayer Review: Pricing, Features & Specs appeared first on eSecurity Planet.

]]>
Biden Approves Cybersecurity Reporting, Issues Rare Warning https://www.esecurityplanet.com/trends/cybersecurity-reporting-warning/ Wed, 23 Mar 2022 02:36:37 +0000 https://www.esecurityplanet.com/?p=21399 President Joe Biden has faced a number of crises since taking office in January 2021, but his Administration has nonetheless managed to be at the forefront of the U.S. response to cyber attacks by crime groups and hackers aligned with nation-states. Even before Biden took office, the U.S. faced threats like the SolarWinds attack and […]

The post Biden Approves Cybersecurity Reporting, Issues Rare Warning appeared first on eSecurity Planet.

]]>
President Joe Biden has faced a number of crises since taking office in January 2021, but his Administration has nonetheless managed to be at the forefront of the U.S. response to cyber attacks by crime groups and hackers aligned with nation-states.

Even before Biden took office, the U.S. faced threats like the SolarWinds attack and malicious actors with ties to Russia and China. After the Colonial Pipeline hack nearly shut down the Eastern U.S., Biden and federal security agencies swung into action with guidance, warnings, and in the case of federal agencies, orders to improve cybersecurity defenses.

The latest action came yesterday, when Biden warned of “evolving intelligence that the Russian Government is exploring options for potential cyberattacks.”

Justin Fier, VP of Tactical Risk and Response at Darktrace, called the warning “unprecedented.”

Fier said Biden’s statement “represents a move to combat disinformation by purposefully releasing intelligence that the Administration would previously have deemed classified. These warnings are unprecedented – past Administrations have not publicly substantiated to this extent that cyber attacks are incoming.

“Cyber war is not military versus military; all organizations, across public and private sectors, will have to defend themselves from attack,” he said. “Organizations must take advantage of this unprecedented access to government threat intelligence and heed these warnings. Businesses should diligently read the Cybersecurity and Infrastructure Security Agency (CISA) alerts, paying close attention to alerts from the last 12 weeks. Companies should also regularly test their defenses and hold tabletop exercises with their various IT business units.”

Also read: SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats

Mandatory Incident Reporting Will Take a While

Last week, Biden signed a $1.5 trillion government funding bill that also contained a provision for mandatory cyber incident reporting.

The Consolidated Appropriations Act (CAA) includes mandatory cyber incident reporting as part of the Strengthening American Cybersecurity Act, requiring owners of critical national infrastructure (CNI) to swiftly report cyber incidents and ransomware payments to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

The law requires critical infrastructure operators to share breach information with federal agencies within 72 hours, ransomware payment information within 24 hours, modernize to better cybersecurity standards, and establish security standards for software.

If a covered entity fails to comply with requirements, a subpoena, order, or inspection alert, DHS may take civil action in a district court to enforce compliance. If the department fails to receive a response within 72 hours, the secretary may issue a subpoena to compel disclosure of information.

However, it could take a few years for the law to be fully implemented. CISA is to publish a Notice of Proposed Rulemaking (NPRM) within 24 months and issue a final rule within 18 months after that.

As part of the new law, CISA will create a ransomware vulnerability warning program to identify systems that contain security vulnerabilities. Regular reporting will also be part of the new law.

“CISA will use these reports from our private sector partners to build a common understanding of how our adversaries are targeting U.S. networks and critical infrastructure,” CISA Director Jen Easterly said in a statement. “This information will fill critical information gaps and allow us to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims. CISA is committed to working collaboratively and transparently with our industry and federal government partners in order to enhance the security and resilience of our nation’s networks and critical infrastructure.

“Put plainly, this legislation is a game-changer. Today marks a critical step forward in the collective cybersecurity of our nation.”

Also read:

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday




The post Biden Approves Cybersecurity Reporting, Issues Rare Warning appeared first on eSecurity Planet.

]]>