-
What Is a VPN? A Complete Guide to Virtual Private Networks
- What is the difference between personal and business VPNs?
- How does a VPN work?
- What does a VPN hide?
- What are VPNs used for?
- How secure are VPNs?
- Why do you need a VPN?
- What are the primary features of a VPN?
- What are the benefits of a VPN?
- What are the different types of VPNs?
- What are the different types of VPN protocols?
- What are the alternatives to a VPN for secure remote access?
- How to set up a VPN step-by-step
- How to choose the right VPN for your needs
- Comparing VPNs with other security technologies
- What is the history of VPNs?
- VPN FAQs
-
Secure Remote Access | Protect Remote Employees from Cyberthreats
- Ivanti VPN Vulnerability: What You Need to Know
- SSL VPN vs. IPSec: What Are the Differences?
- IPsec vs. OpenVPN: What Are the Differences?
- How to Set Up a Virtual Private Network (VPN)?
- How Does a VPN Work?
-
What Is the History of VPN?
- 1960s–1970s: The Dawn of ARPANET and the Need for Connectivity Across Different Networks
- 1980s: TCP/IP and the Public's Introduction to the Internet
- 1990s: The Rise of the Web and Emergence of Early VPN Technologies
- 2000s: VPNs Evolve Alongside Cybersecurity Challenges
- 2010s: A Decade of Digital Transformation
- 2019–Present: The Response to Remote Work and Limitations of VPNs
- VPN History FAQs
- What Is a Cloud VPN?
- SoftEther vs. OpenVPN: What Are the Differences?
- What Are the Different Types of VPN?
- What Are the Different Types of VPN Protocols?
- VPN Alternatives for Remote Access
- What Are the Benefits of a VPN (Virtual Private Network)?
- VPN Security: Are VPNs Safe and Secure?
- VPC vs. VPN vs. VPS: What Are the Differences?
- What Is a Business VPN? Understand Its Uses and Limitations
- What is a Data Center?
- What Is a Double VPN?
- What Is a Remote Access VPN?
- What Is a Site-to-Site VPN?
-
What Is a VPN Concentrator?
- How Does a VPN Concentrator Work?
- Why Use a VPN Concentrator?
- VPN Concentrator Benefits
- VPN Concentrator Disadvantages
- VPN Concentrator Encryption Protocol Types
- VPN Concentrator vs. VPN Router
- VPN Concentrator vs. Site-to-Site VPN
- VPN Concentrator vs. IPsec Encryption
- VPN Concentrator vs. VPN Client
- VPN Concentrator FAQs
- What Is a VPN Gateway?
- What Is a VPN Tunnel?
- What Is an SSL VPN?
- What Is IKE (Internet Key Exchange)? | IKE Meaning
- What Is IKEv2 (Internet Key Exchange version 2)?
- What Is IPsec?
- What Is L2TP (Layer 2 Tunnel Protocol)?
- What Is Network Segmentation?
- What Is OpenVPN?
- What Is PPTP (Point-to-Point Tunneling Protocol)?
- What is Quality of Service?
- What is Remote Access?
-
What Is SoftEther (Software Ethernet)?
- How Does the SoftEther VPN Protocol Work?
- What Is a SoftEther VPN?
- SoftEther VPN Architecture
- How Secure Is the SoftEther VPN Protocol?
- Pros and Cons of SoftEther
- How to Use SoftEther VPN
- Comparing SoftEther with Other Protocols
- The History of SoftEther
- Does SoftEther Work In Enterprise Environments?
- SoftEther FAQs
- What Is SSTP (Secure Socket Tunneling Protocol)?
- What Is WireGuard?
- WireGuard vs. OpenVPN | What Are the Differences?
Replacing Legacy VPN and NAC Solutions with a Next-Generation Network Security Client for Endpoints
With thousands of knowledge workers entering the mobile workforce every day, enterprises worldwide are reaping the benefits of operational agility, enhanced productivity and transformative collaboration. The ubiquity of mobile devices means any workers who happen to be mobile can connect their devices to access the corporate network from just about any location, be it from home, out in the field or anywhere on the go.
While there is no doubt that the business benefits of a mobile workforce are many to count, remote workers also introduce significant security risks. Each time employees leave the physical boundaries of the corporate campus with their laptops or smartphones, they are leaving the protection of the network security perimeter. Making sure a roaming employee is secure is paramount to protecting both the employee and the corporate network from the risk of a breach.
Organizations clearly recognize the risks and alleviate them by allowing only authorized users and devices to connect to the network. By applying appropriate access controls and security policies, they ensure access to roaming workers from outside the typical perimeter of the corporate network. IT personnel typically rely on a virtual private network, or VPN, as their linchpin to provision mobile workers with a secure encrypted connection for remote access to the corporate network.
A traditional VPN enables mobile workers to access proprietary corporate data over an untrusted personal or public network from their laptops, tablets and mobile phones as if these devices were connected directly to the organization’s central network. A network access control, or NAC, solution – optionally implemented inside the corporate perimeter – allows only authenticated mobile devices that comply with predefined security policies to retrieve proprietary resources available from the corporate network when the user is in the office.
So, to put it simply, these legacy VPN and NAC solutions serve only two main purposes: the former provisions mobile workers with remote access connectivity to the corporate network while the latter provides access control to workers from their approved, authenticated devices only when they are in the office. Nevertheless, both are deficient in terms of what organizations need today: the ability to provide advanced protection for their mobile workforce and corporate network against modern exploits prevalent today.
Legacy Solutions Fall Short in Protecting Mobile Users from Modern Exploits
Today, legacy VPN and NAC solutions fall short when it comes to providing foolproof security. These solutions were not designed for a new world where data and users are located everywhere. A massive widening of the threat surface due to enterprise data and applications being increasingly delivered from the cloud has made legacy solutions typically limited in their ability to provide adequate protection against growing security risks.
While VPNs offer only remote connectivity and NAC provides some level of inside-the-office compliance checking and access control protection, they unfortunately cannot protect the mobile workforce from advanced attack tactics employed by today’s sophisticated threat actors – tactics such as advanced persistent threats, SaaS threats, spear phishing and identity theft. For IT personnel, legacy solutions fall short in removing remote access blind spots that arise by failing to provide deep visibility into application traffic carried over the secure VPN. In addition to failing in security aspects, just having to deploy a NAC solution with a VPN adds to the cost, complexity and management effort.
The Benefits of a Next-Generation Network Security Client for Endpoints
A next-generation network security client for endpoints goes much further to protect against modern exploits:
Delivers full traffic visibility: It safeguards mobile users by inspecting all traffic using the organization’s next-generation firewalls (NGFWs) deployed as internet gateways—whether at the perimeter, in the demilitarized zone (DMZ) or in the cloud.
Stops advanced threats: It prevents highly evasive, advanced threats from infiltrating the corporate network from a compromised endpoint by identifying new, previously known and highly targeted malware from the mobile user’s traffic. The remote access client extends the security protections of the next-generation firewall to remote users by inspecting all traffic for malware by running it through an automated threat detection and prevention service.
Controls access to SaaS applications: It provides secure access to SaaS applications by enforcing policies for sanctioned and tolerated SaaS applications while blocking unsanctioned applications.
Implements Zero Trust: It implements Zero Trust principles, such as reliable user identification and multi-factor authentication, to allow access to sensitive information only on a need-to-know basis.
Enables secure, app-level access to third parties: It provides secure access to applications to partners, business associates and contractors by enabling a clientless SSL VPN simply through a web interface without requiring them to set up a full SSL VPN from their unmanaged BYOD devices.
The following table provides a basic comparison of key benefits among a next-generation network security client for endpoints, legacy VPN and legacy NAC solutions.
| Key Benefits | Next-Generation Network Security Client for Endpoints | Legacy VPN | Legacy NAC |
Provides remote access |
✔ |
✔ |
X |
Provides secure connectivity |
✔ |
✔ |
X |
Prevents internet and SaaS threats |
✔ |
X |
X |
Prevents identity theft |
✔ |
X |
X |
Protects internal networks |
✔ |
X |
✔ |
Implements Zero Trust |
✔ |
X |
X |
Enforces access policies based on user, device, content and application for complete visibility and granular control |
✔ |
X |
X |
To learn more about how Palo Alto Networks secures mobile and roaming users with its next-generation network security client for endpoints outside traditional boundaries of the network perimeter, get a copy of our GlobalProtect datasheet.
