Enterprise VPNs are crucial for connecting distant staff to firm assets by way of dependable and safe hyperlinks to foster communication and productiveness. Examine six viable selections for companies.
We’re nearly a yr into the coronavirus pandemic and the worth of VPN options to assist workers conduct enterprise operations from distant areas continues to be confirmed every day. Hundreds of companies have stayed afloat, and lots of of hundreds of jobs have been preserved because of VPN choices, which can be found for cell units and computer systems.
The importance of safe connectivity can’t be emphasised sufficient. A VPN provides entry to firm assets that had been, in lots of instances, as soon as restricted to on-premises methods. The bodily safety advantages of utilizing company-owned workstations that use restricted in-house networks to entry in-house methods and knowledge is now being traded the for the pliability and comfort of getting a distant workforce that may connect with methods from throughout the globe. These connections have to be safeguarded, particularly when originating from employee-owned units (a observe I don’t encourage).
SEE: VPN: Picking a provider and troubleshooting tips (TechRepublic free obtain)
Multi-factor authentication, disabling cut up tunneling, implementing a most connection-time window after which workers should re-authenticate and mandating complex, rotating passwords are a number of examples of the best way to bolster enterprise VPN safety.
As well as, I like to recommend organising a devoted subnet for VPN customers solely after which implementing role-based guidelines to find out which methods and networks they will entry. As an example, system directors would possible have a broader stage of entry than finish customers, who might be segregated into teams primarily based on division and solely supplied the power to get to the naked minimal of methods or companies wanted to carry out their jobs.
The idea of “high VPNs” is perhaps subjective, however here’s a roundup of six of a few of the highest-reviewed VPN options as recommended to Gartner. I’ve personally used some and had good experiences with them.
SEE: How to manage passwords: Best practices and security tips (TechRepublic free obtain)
Cisco AnyConnect is my present VPN shopper for my job. It makes use of multi-factor authentication and establishes a 24-hour utilization window after which my connection drops and I’m required to log in once more. Luckily, the shopper notifies me when the time window is sort of up in addition to when it has expired so I am not confused, questioning why I all of a sudden cannot entry firm methods.
AnyConnect has many safety choices. It performs a system examine on authentication to find out whether or not the workstation meets sure necessities like anti-malware software program or company area membership earlier than it permits entry to the corporate community. This ensures solely company-managed methods are allowed on the VPN. AnyConnect can block entry to untrusted servers, show safety merchandise put in, and run diagnostics to assemble data for evaluation and troubleshooting. It disables cut up tunneling, that means while you’re linked to the VPN you may solely entry company assets and nothing in your native dwelling community or the web.
Pricing: Per CDW there are an array of choices akin to a base-user license price from 72 cents to $3.99 per consumer for one yr, $2.99 per consumer for 3 years, and plenty of bulk-volume license price choices, relying on consumer depend and want. Verify the seller instantly for the most recent particulars.
SEE: Tips for choosing the best VPN for your needs (TechRepublic free obtain)
Checkpoint Safe Distant Entry
The Checkpoint Secure Remote Access VPN was my earlier VPN possibility (using IPsec) and we didn’t terminate utilization of it on account of any dissatisfaction or issues with it; a merger required shifting to a complete new set of software program.
Checkpoint was for a number of years a dependable and strong resolution that was straightforward to put in and keep. We might create customized set up packages pre-configured with the goal IP handle(es) for shoppers to authenticate to. Like AnyConnect, it was secured by multi-factor authentication (on this case both laborious tokens or comfortable tokens, which operated as an app on cell units).
Like AnyConnect, cut up tunneling was disabled, and for hackers to get to the web shoppers they must configure the corporate proxy server settings, which solely permitted entry to pubic-facing web websites for enterprise utilization (social media websites had been blocked, as an illustration). Group memberships decided who might join the place, and as we additionally used Checkpoint firewalls because the administration interface for each the VPN and the firewall settings was a “single pane of glass” providing.
We additionally used Checkpoint Website-to-Website VPNs to hyperlink two distant areas collectively so site visitors might attain networks on both facet.
SEE: Cybersecurity: Let’s get tactical (TechRepublic free obtain)
Sonicwall International VPN Shopper
I’ve fond reminiscences of the Sonicwall Global VPN Client since again within the mid 2000s. It was the primary “actual” VPN resolution that enabled me to entry my workplace from my dwelling, a 40-minute drive away. I had beforehand used a unique product, higher left undiscussed.
Sonicwall provides a quick and environment friendly product that gives RADIUS/certificates/Good Card/USB authentication, VPN session reliability to redirect shoppers to different VPN gateways if issues happen, 168-bit key 3DES (Information Encryption Normal) and AES (Superior Encryption Normal) safety, particular subnet entry and command-line choices for set up, making it straightforward to deploy by way of automated software program mechanisms.
Pricing: Per CDW, base particular person consumer license prices are about $215 earlier than equipment prices and bulk-volume licenses are additionally concerned. Verify the seller instantly for the most recent particulars.
Fortinet Forticlient depends on certificates for integration and deployment and provides net filtering and firewall rule entry. Endpoint safety safety, which makes use of automated habits evaluation, is included, an answer so subtle it was discovered to have blocked 100% of malware in a 2019 report whereas additionally yielding zero false positives.
A “single pane of glass” strategy much like Checkpoint supplies one-stop-shopping to handle configuration, deployment and administration in addition to examine shopper standing and interact in vulnerability scanning and patching.
Pricing: Per CDW the bottom obtainable single-user license for one yr is $163.99, and prices and choices get extra advanced. Verify the seller instantly for the most recent particulars.
Palo Alto GlobalProtect
Palo Alto GlobalProtect provides related options to prior merchandise listed, akin to multi-factor authentication, excessive safety (cookie or certificate-based authentication are two robust options), net filtering and risk safety. It depends on Zero Trust ideas.
GlobalProtect shows important functionality in figuring out what units are connecting to the VPN and whether or not they’re managed (company-owned or operated) or unmanaged (employee-owned), and offering entry accordingly (units deemed suspicious or unauthorized might be blocked fully). It will probably decide certificates current on units, working system and patch ranges, anti-malware variations and standing, operating software program and whether or not disks are encrypted and knowledge is being backed up by a product.
Pricing: Palo Alto was probably the most coy vendor listed right here when it comes to pricing (CDW doesn’t show the figures). Verify the seller instantly for the most recent particulars.
ZScaler Personal Entry
ZScaler Private Access is a unique product from the earlier choices on this article. Reasonably than being a conventional end-user VPN shopper, it is a cloud service that gives entry to purposes in cloud environments or on-premises methods by way of a distributed structure. The twist right here is that the purposes connect with licensed customers by way of safe encryption reasonably than vice versa, so customers by no means truly entry the distant networks concerned.
It makes use of commonplace policy-based entry relying on customers and purposes. ZScaler touts the benefit with which mergers and acquisitions might be facilitated as a result of diminished infrastructure setup occasions and lack of want for extra networking gear.
As with Palo Alto, ZScaler does not present a complete lot of pricing data with out being contacted instantly, however a pricing spreadsheet of its merchandise lists a 50-user skilled suite license for $79.17 per consumer ($3,958.50 complete), a 50-user enterprise suite license for $162.50 per consumer ($8,125.00 complete) and a 50-user enterprise suite license for $329.17 per consumer ($16,458.50 complete).