| BYOS |
VPN |
- BYOS is about protection, control, and access
|
- VPNs are just about access.
|
- BYOS Secure Edge protects the endpoint and the traffic.
|
- VPN doesn't protect the endpoint, just the traffic
|
- BYOS protects both inbound and outbound traffic, and won't respond to unsolicited requests, dropping them at the edge.
|
- VPN doesn't protect inbound traffic, only outbound
|
- BYOS makes the endpoint invisible on the network, isolating it from networking attacks like fingerprinting, enumeration, scanning, DDoS, exploiting, etc.
|
- The VPN can encrypt the outbound traffic successfully, but it will still be fooled by network attacks.
|
- BYOS does not depend on the OD and therefore cannot be bypassed/evaded.
|
- VPN depends on (and is controlled by) the OS
|
- BYOS provides route enforcement so that all endpoint traffic passes through it.
|
- The OS can still communicate from outside the VPN.
|
- BYOS prevents traffic leakage until the Secure Lobby connection is established
|
- The endpoint leaks traffic until the VPN is established.
|
- Access Control is enforced at later 2 and granular by nature- Secure Lobby On/Off+ port/service control.
|
- Access control within VPNs is enforced at layer 7 and is too broad (on or off).
|
- BYOS automates key management.
|
- VPNs require key & configure management/ exchange with the end-user.
|
- BYOS protection is decentralized, and enforced at each Secure Edge.
|
- VPNs are heavily dependent on the remote VPN Terminator.
|
