Why is Ardexa better than a VPN?

Dec 15,2020

1. A VPN joins your network to another one.

A VPN connects your network to another network. The other network may be a single computer connected to the Internet, or it may be a large corporate network. The security of your network is then, to (almost) a complete extent, dependant on the security policies and practices of the other network. You are at the mercy of the other party, unless some sophisticated tools and practices are implemented on your own network.

Ardexa mitigates this risk by making every message to/from you network travel through a message broker. Each message is an action to be taken or data to be read. This means you have many options to control what happens with each message. You can, for example, place the message queue under your control. Or you can control who exactly connects to the message queue to consume or publish messages. Or you can doubly encrypt every message so only the authorized staff or software (with the right encryption key) can consume or publish messages. In any case, Ardexa records actions undertaken via the message broker.  This audit log is kept for the life of the system and cannot be deleted.


2. A VPN does not limit outside access to commands or actions.

A VPN connection grants all users on the other network, access to all resources on your internal network. Unless some sophisticated tools and practices are implemented on your network, there is no way to stop this.

Ardexa mitigates this risk by making sure each user or device granted access to the message queue is explicitly authorized to undertake basic functions (for example; such as NOT being able to publish messages to devices).


3. A VPN penetrates your firewall.

A VPN connection needs to ‘punch’ a hole through a firewall into your network. Whilst the correct keys are needed to establish an authorized VPN connection, the act of ‘punching’ a hole through the firewall immediately exposes your network, to some degree.

Ardexa mitigates this risk by ensuring that the agent initiates the connection to the message broker. A bi-directional tunnel is then established to the message queue, under tight security control of digital certificates, for authentication, authorization and encryption. There is no need to punch any holes through your firewalls, and hence your network is not unnecessarily exposed.


4. A VPN does not report on commands or actions.

Commands and actions undertaken through a VPN are not recorded. Configuring a VPN to do so, is impossible. Some commands cannot and will not be able to be recorded (e.g. secure web access from the external network to a resource on your internal network is encrypted and so unable to be ‘read’ by the VPN). The actions undertaken through the VPN are hence opaque and difficult to monitor and control.

Ardexa mitigates this risk by allowing you to monitor ALL activity through the message broker. This means you can have an audit trail of who executed, what commands, at what time and from where.