With extremely high-profile data breaches and the rise of mobile malware, web users around the globe are increasingly turning to VPNs (virtual private networks) to provide enhanced levels of security and privacy. In fact, a recent report from Statista determined that the number of VPN users grew by 165% from 2017 to 2018.
And with this new demand comes a new supply (as of publication, a Google search for “vpn software” returns 222 million results). So how should someone go about choosing a VPN for security? There are a few features to look for.
VPN Security Features that Matter
Admittedly, VPNs are not bulletproof and there are still some risks associated with their use. Common vulnerabilities include: hijacking (where an unauthorized user takes over a VPN connection from a remote client), man-in-the-middle attacks (where an unauthorized user intercepts data), weak user authentication, split tunneling (where a user accesses an insecure Internet connection while also accessing the VPN connection to a private network), malware infection of the client server, and DNS leaks (where the device uses its default DNS connection instead of the VPN’s secure DNS server), to name a few.
To mitigate these risks, shoppers should consider the following security six features when choosing a VPN:
- Support for strong authentication
- Strong encryption options
- Support for anti-virus software and intrusion detection and prevention tools
- Strong default security for administration and maintenance ports
- Digital certificate support
- Logging and auditing support
The Most Secure VPN for Consumers
As the consumer VPNs market has grown in recent years, it has exploded with low-cost offerings. However, research indicates that some of the more common VPNs have fundamental security flaws that can leave users unprotected. With that said, we found that ExpressVPN offers a comprehensive suite of security features that surpasses most other currently available consumer VPNs.
ExpressVPN uses AES 256-bit encryption with OpenVPN as the default but allows users access to several additional OpenVPN configuration files to tailor the security to their needs. Additional features include stront authentication, the ability to select which protocols/encryption is used for tunneling data (including SSTP, L2TP and PPTP), IPv6 leak protection, and settings to only use the ExpressVPN DNS servers.
Side note: Less than 3% of ExpressVPN’s 2,000+ servers (across 148 locations in 94 countries) are virtual, reducing that security threat as well.
The Most Secure VPN for Businesses
We’ve already outlined the ten reasons that all businesses should use a VPN and if you noticed that security was a big part of that list, you were paying attention. Modern enterprises simply can’t afford to compromise on security and as more work takes place outside the wired local network, extending security across all networks and devices is imperative. Enter NetMotion Mobility.
Our engineers have spent the last two decades creating the world’s only purpose-built mobile VPN: NetMotion Mobility. This VPN delivers a secure tunnel that protects all of the data sent between a device and enterprise resources, protecting applications running over public networks regardless of location. This tunnel exercises strong authentication and encryption to ensure that data communications are protected on insecure public networks. On top of that, IT administrators can configure options from the per-app level to device-wide, ensuring customizable and secure access to enterprise data without making security burdensome for the end user.
Take a few minutes to review the other “enterprise VPNs” on the market and you’ll see why NetMotion Mobility’s security posture always comes out on top:
- Mobility supports split tunneling on a per-app, per-flow basis, or device-wide lockdown requiring all traffic to route through the VPN to reach the enterprise network.
- NetMotion supports two-factor authentication using RSA SecurID; x.509v3 certificates and PKI stored on the device or in a smartcard; or biometric device authentication. Encryption can be configured globally, on a user group, or per-user basis.
- NetMotion applies encryption using AES encryption modules at 128-, 192- or 256-bit cipher strengths that are FIPS 140-2 validated to meet the U.S. government’s standard for securing non-classified information. In addition, NetMotion is certified at Common Criteria Evaluation Assurance Level 4 (EAL4+) augmented with flaw remediation, an international set of guidelines used extensively throughout Europe and by the U.S. federal government.
- Mobility’s Network Access Control (NAC) detects the security status of the client and allows IT to define security-related criteria and actions that control client access to the corporate network.
- Granular control over application access by IP addresses, ports or other parameters, centrally maintained as policies at the server and distributed for enforcement by devices in the field, creates a distributed firewall spanning all enterprise devices.
- Log export allows IT to use SIEM tools to analyze NetMotion logs, for integration with the enterprise’s overall security strategy.
- Geo-fencing enforces location-based security, alone or in conjunction with other parameters such as port number, IP address or application in use.
- Verified IT and security leaders reveal highest-rated ZTNA platforms in new G2 Grids
- Best practices in finance IT: Sven Goelles from Lincoln International
- Inside NetMotion: A security engineer’s view of SASE
- Best practices in public safety: Alex Bowen of the UK’s National Enabling Programmes
- Accountancy firms look for best practices in a “work-from-anywhere” world