In the aftermath of a security incident involving NordVPN and a third-party data center, NordVPN has contracted VerSprite for various cybersecurity services -- including threat and vulnerability management, penetration testing, compliance management and assessment services.
VerSprite will also help to form an independent cybersecurity advisory committee, which will consist of selected experts and oversee NordVPN’s security practices, the companies say.
Additional NordVPN moves include:
- launching a bug bounty program;
- pursuing an infrastructure security audit;
- shifting to a network of collocated services (which will be wholly owned exclusively by NordVPN); and
- moving more than 5100 servers to RAM servers.
The moves will pave the way for a centrally controlled network where nothing is stored locally — not even an operating system. Everything the servers need to run will be provided by NordVPN’s secure central infrastructure, the company says.