ACSC (Anti-Cloud: Secure Connect) is a major upgrade in security over traditional VPN (Virtual Private Network) technologies. ACSC has Next-Generation VPN (NGVPN) functionality, offering advanced features and more protection than traditional VPNs.
Problem: Traditional VPNs allow access to an entire site – and every computer, device, or network service at the site. If an attacker is able to compromise one machine with access to the VPN (or one machine inside the site), the attacker is then able to access everything at the site: they can probe every server and workstation at the site for security vulnerabilities, and use credential-stuffing attacks to break into any network service with weak or reused credentials.
Solution: ACSC limits network access to just computers with authorized ACSC clients running on them. When you replace a traditional VPN with ACSC, remote users no longer have access to the full site – they just have access to authorized machines at the site that are part of the same private ACSC network.
Unlike traditional VPNs, ACSC gives you network segmentation. With ACSC, if a hacker breaches your site’s security perimeter, they won’t have access to any private ACSC networks within the site. And if a hacker compromises a remote machine, they won’t have access to anything beyond the authorized devices on that machine’s private ACSC network.
Problem: Traditional VPNs allow just one kind of network structure: “point-to-site”, where end users connect in from remote locations to access servers at an on-premises network. If you want to connect users to outside servers, or to servers or other resources with a different structure, you have to stitch together different network technologies (hopefully without opening up any major security holes).
Solution: ACSC allows for any kind of network structure. You can use it like a traditional VPN, to allow remote users to connect to on-premise servers; but you can also:
The same ACSC client works for home computers, on-premises servers, remote servers, cloud VMs, and containers – so you can use the ACSC agent to connect anything to anything, securely.
Problem: Traditional VPNs require end users to log in with passwords or other credentials that they have to manage. These kind of credentials can be phished easily – or found in password dumps. And users will forget their passwords, or get stuck trying to login, and drain helpdesk time.
Solution: ACSC is “zero touch” for end users. Behind the scenes, ACSC uses 256-bit keys (that are rotated frequently) for authentication and encryption – and users never see or touch them. With ACSC, users can’t lose passwords, or mess up the log-in process.
Problem: Traditional VPNs assign IP addresses to end users dynamically, so you can’t use standard network tools (like firewalls or log file analyzers) to filter the traffic or audit the usage of a particular user or device by IP address.
Solution: ACSC uses cryptokey routing to bind a private IP address to the ACSC device from which a connection originated. Therefore, when filtering or monitoring traffic from an ACSC network, all your standard network tools work.
Problem: Traditional VPN vendors have a terrible track record of security – every month a big vendor takes their turn grabbing the headlines with a new zero-day vulnerability:
Solution: ACSC presents a very limited attack surface. It’s built on the formally verified WireGuard protocol, using strong, modern cryptography with no configuration footguns. By default, all public traffic enters an ACSC network through a heavily guarded hub in the Anti-Cloud data center. All traffic that isn’t authenticated by WireGuard is rejected immediately.