Skip to main content

NordVPN ups security following cyberattack

(Image credit: NordVPN)

Following last week's security incident involving NordVPN and a third-party data center, the company has announced that it will be taking action to better enhance its security.

One of NordVPN's first moves to improve its security posture is entering into a long-term strategic partnership with the cybersecurity consulting firm VerSprite.

VerSprite will work together with the company's in-house team of penetration testers to challenge NordVPN's infrastructure and ensure the security of its customers. Under the new agreement, VerSprite will also provide intrusion handling as well as source code analysis. The cybersecurity consulting firm will even help to form an independent cybersecurity advisory committee which will consist of selected experts that will oversee NordVPN's security practices.

Head of public relations at NordVPN, Laura Tyrell explained what the company plans to do to prevent future security incidents, saying:

“We are planning to use not only our own knowledge, but to also take advice from the best cybersecurity experts and implement the best cybersecurity practices there are. And this is the first of many steps we are going to take in order to bring the security of our service to a whole new level.”

Improved security

NordVPN is planning to introduce its own bug bounty program over the next few weeks to help discover flaws and vulnerabilities in its software. Security researchers who discover vulnerabilities will get a well-earned payout while NordVPN users can rest easy knowing the service is scoured for bugs by thousands of people every day in an effort to make it as secure as possible.

The company also plans to complete a full-scale third-party independent security audit in 2020. The audit will cover NordVPN's infrastructure hardware, VPN software, backend architecture, backend source code and internal procedures. NordVPN will announce the chosen vendor for its security audit in the near future.

To better protect its servers, NordVPN is planning to build a network of collocated servers. Although these servers are still located in a data center, collocated servers are wholly owned exclusively by NordVPN. The company is also in the process of wrapping up its infrastructure review in order to eliminate any exploitable vulnerabilities left by third-party server providers.

Finally NordVPN is planning to upgrade its entire infrastructure of over 5,100 servers to RAM servers. This will allow the company to create a centrally controlled network where not even an operating system is stored locally.

Suffering a major security incident can often derail a business which is why NordVPN's proactive approach to its security is both impressive and forward-thinking.