Cybersecurity beyond VPN: an inside look at NordVPN’s Threat Protection

NordVPN Threat Protection
(Image credit: NordVPN)

NordVPN and its parent company Nord Security may have started out with a VPN but over the years they have expanded their cybersecurity offerings to include a password manager, an encrypted cloud storage service, a network access solution and even tools to help others build their own VPN services. However, NordVPN has once again upped the ante with the recent launch of its new Threat Protection feature which goes beyond what a VPN normally does.

Now when NordVPN users open their VPN client, they can enable Threat Protection to protect themselves against a variety of cyber threats by blocking trackers, phishing attempts, intrusive ads, malicious websites and files infected with malware. To learn more about why the company decided to further expand the scope of its VPN software, TechRadar Pro spoke with product strategist at NordVPN, Vykintas Maknickas who gave us the lowdown on Threat Protection and how it differs from a traditional antivirus.

1. You launched threat protection as part of your VPN offering earlier this month? What’s the thought behind adding this feature?

Threat Protection’s existence is based on two distinct ideas. It probably doesn’t surprise you, but we try to talk to VPN users quite a lot. We conduct interviews and surveys continuously with different underlying topics. A few years ago we identified that some groups of users expect a VPN to protect them from malicious websites, adware, and malicious files. I can’t overstate how dangerous it is that users believe that they are protected when they aren’t. Knowing this, we have a moral obligation to protect our users from these specific threats.

At the same time, we were looking into the AV market for quite some time. The market itself was born out of the openness of old desktop operating systems. A lot of things have changed since then. Today's operating systems are far from what they were, and the usefulness of AV as a product for consumers has become more questionable. That's why we were looking into a different approach – protecting users from threats they stumble upon while browsing the internet. And we are just getting started with our approach.

Protecting users from today's threats while sitting in the background is what we do well, so I would say that with this release we just expanded the definition of threats NordVPN protects from.

Antivirus Software

(Image credit: Shutterstock)

2. How is this threat protection different from a classic antivirus?

Traditional antivirus products were designed to fix shortcomings inherent in the openness of the OS as a platform, essentially meaning that applications had more control over the OS and thus had more surface area to do damage. Today, operating systems are more sophisticated and have much better permission management. However, the threats have not disappeared and have instead shifted to online applications. This is exactly where Threat Protection comes in. It protects you from malware-hosting webpages, blocks malicious ads, and scans files for malware on the cloud.

3. Why not call it an antivirus instead? Should NordVPN users uninstall their antivirus packages? Are you using your own technology or licensing it from someone else (e.g. Surfshark).

Because it’s not an antivirus by the majority of definitions – the main issue is we don’t continuously scan computers in the background. Most antivirus software was developed when CDs and USB sticks were still very common, so the attack surface was wider. It is not the case for the majority of today's computers. Therefore, by narrowing down what we protect from, we can concentrate resources on what's really important – your internet traffic.

The core technology behind threat protection was built in-house by NordVPN’s team of engineers. One place where we utilize third-party resources is the databases against which we weigh internet traffic in order to identify malware, which are compiled from different trusted private and public sources.

4. One of your biggest competitors also introduced a threat manager. How do you compare to them?

The majority of our competitors only have what we call “threat protection lite” – a DNS-based threat block solution that is very limited. We are doing some internal assessments to quantify exactly how much better our new solution is and will release the results once we have them, but our aim from the beginning was to build something orders of magnitude better. It looks like we’ve achieved it.

NordVPN Android

(Image credit: NordVPN)

5. Your threat protection service is available on desktop but not on mobile, is there a reason why this is so?

We have released a lite version of Threat Protection on mobile. However, there are certain inherent constraints in both iOS and Android that make the development of a local, real-time malware scanning a bit more challenging. Nevertheless, we will continue working on the mobile version of threat protection, and new features will be implemented gradually.

6. One of the biggest threats that has emerged lately is ransomware. Tackling it is notably absent from the current TP setup. Do you plan to tackle it in the near future?

I would disagree that it's absent from Threat Protection. There are two ways ransomware can be executed – one is to get the victim to download a malicious file. Needless to say that Threat Protection secures all your file downloads and in most cases blocks the locations before the file can be downloaded. Another is to expose your device to the internet in an unsecure way, allowing an attacker to gain access to your device – that's where NordVPN shines. The difference between NordVPN and some of the competition that's very vocal about ransomware is that we aim to underpromise and overdeliver. Security, not buzzword salad, is what our customers value and what we are striving to deliver.

VPN and other internet icons overlaid on a photo of a hand operating a tablet

(Image credit: Shutterstock)

7. Generally, how do you see the industry evolving over the next few years? More consolidation, new features added (glut)? Which ones? Identity Theft Protection? Parental Control?

I would expect some more specificity among industry players. A few years ago, the majority of VPNs looked very similar in terms of both feature set and in some cases even connection quality. Players that took the extra step to develop individual features and quality of service in general emerged as winners in consumers’ eyes. 

One example: – we internally tested how much time  it takes to connect to a VPN using different clients. You can connect to a VPN server in less than five seconds if you are an average VPN application. If you are a security-conscious one, you need to disable IPV6 before connecting, and so the time increases to 12-15 seconds in some cases. In order to be both security conscious and have state-of-the-art usability, you need to dive into the lower level of the operating system and perform some magic just to get back to these same 5 seconds.

Some players in the industry don’t care about these tiny improvements because, well, they are tiny. But over the years, the accumulation of such tiny improvements is what makes some players winners and, in my opinion, in the next few years we should be able to easily identify them.