News

Q&A: NordLayer’s Head of Product on Simplifying Cybersecurity & Addressing Network Challenges in 2025

Expert Insights Interviews Andrius Buinovskis, Head of Product, NordLayer.

Last updated on Nov 27, 2024
Joel Witts Written by Joel Witts
Andrius Buinovskis

With a recent increase in AI-driven attacks, securing enterprise networks has never been more critical. “Threat evolution with the rise of AI is jumping to the next level, especially in social engineering and opportunistic attacks,” Andrius Buinovskis, Head of Product at NordLayer, tells Expert Insights.

NordLayer, developed by Nord Security, provides adaptive network access security solutions, helping organizations to secure remote access for employees and partners. Buinovskis leads the product development team at Nord Security, where he drives the development agenda by extensively researching the market, understanding client needs, and assessing technical capabilities.

In this Q&A, Buinovskis explains how NordLayer shares his predictions about evolving threats and practical advice for CISOs and offers his insights into the future of the enterprise VPN and Zero Trust Network Access (ZTNA) space.

Q. What are the biggest challenges facing organizations in the enterprise VPN and ZTNA space today and how are threats evolving?

Overall, if we are talking about the challenges—the list would be endless, but among the biggest ones are awareness, expertise, and adoption:

  1. Awareness: The majority of employees do not understand how many attack vectors are out there in the current environment. A big part of that is related to social engineering and opportunistic approaches—there’s a misconception that the victims should be of some importance to be targeted, and that’s simply not the case—it can happen to anyone.
  2. Expertise: Cybersecurity is an extremely fragmented market due to the constantly evolving threat landscape, varied requirements of different industries, regulations, and a wide range of products and services. It’s extremely difficult for companies to find the right-skilled individuals to mitigate these threats.
  3. Adoption: This one relates to awareness; however, it is more about accepting some inconvenience and at least adopting tools implemented by the company’s IT department or managed services providers. It would greatly help mitigate threats or at least reduce possible damage in case of an incident.

Threat evolution, with the rise of AI, is jumping to the next level, especially in social engineering and opportunistic attacks. Previously, tailored attacks were carried out by individuals—bad actors—but nowadays, they are all automated with the help of AI. In this environment, everyone has the potential to become a victim.

Q. How does the NordLayer platform help teams address these challenges, and how do you differentiate the platform in this competitive space?

We are building our product to provide toggle-ready solutions where possible, reducing the load of extra configuration for the administrators so that the deployment process is quick and easy. Due to the quick and easy set-up and intuitive interface, the platform doesn’t require IT administrators to be masters of cybersecurity. Being tech savvy with the right tools from NordLayer is enough to make an organization more secure.

After deployment, the most important part is ensuring that the service runs smoothly and does not create too much inconvenience for the end user. The service’s goal is to secure the network.

VPN-based solutions are most often associated with lower speeds. To target this, we are using bare-metal VPN infrastructure and our very own fast NordLynx protocol.

Q. What are your top recommendations for CISOs in the process of looking for an enterprise VPN or ZTNA solution?

It is extremely important to start with the use cases and not stick to industry-common naming; due to market fragmentation, the same use case might be covered with different tooling.

In the VPN field, CISOs must look for extras as a mere VPN service becomes obsolete. Modern solutions provide a great deal of capabilities, such as anti-malware functions, dark web monitoring, DNS filtering, scans of downloaded files, etc.

Needless to say, speed remains one of the most important factors in the ZTNA field. Again, CISOs need to start with the use cases and prepare a network segmentation map (who has access to what). Additional security layers would be controls, such as when (time) and from where (device, location) these resources can be accessed.

Then, they need to look for a solution that constantly checks if the right person using the right device in the right context can access the specific resources. Solutions described by the following buzzwords can target most of the conditions mentioned: 2FA, Biometrics, Device posture security, Location policies, Time policies, Cloud Firewall, etc.

Q. What trends do you expect to see in the enterprise VPN and ZTNA space in 2025?

Threats evolve rapidly, so extra security measures are a must. Additional regulations, like NIS2, also indicate the importance of cyber security.

As bad actors have been increasingly adopting AI for targeted attacks, cybersecurity providers have been tirelessly catching up with this trend as well, and this will continue to remain a key topic for the upcoming years. The fundamentals for AI utilization are the ability to observe what is happening, detect anomalies, and respond immediately. 

However, sometimes the response might be delayed, and the damage might be already done, so we have to take preventive measures to mitigate the threat faster to reduce the damage for the next time. So, from a solution point of view, in 2025, we’ll see more granular access control options.

Q. In your view, what should organizations’ top enterprise VPN and ZTNA planning priorities for 2025 be?

I suggest companies allocate more resources to increase awareness and help employees stay conscious during cyber activity. 

Also, companies should invest in regular audits (not only in the ZTNA context), update existing security toolsets, and add some new ones if there are any unprotected attack areas. Businesspeople should also remember that the right toolset and awareness are key in the cybersecurity field.

Trained employees will adopt cybersecurity tools more easily, stay alert, and report possible incidents to their IT administrators so that successful attacks can be averted.

Joel Witts

Content Director

LinkedIn Email
Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.