ACSC vs VPNs

ACSC (Anti-Cloud: Secure Connect) is a major upgrade in security over traditional VPN (Virtual Private Network) technologies.

Network Flexibility

Problem: Traditional VPNs allow just one kind of network structure: “point-to-site”, where end users connect in from remote locations to access servers at an on-premises network. If you want to connect users to outside servers, or to servers or other resources with a different structure, you have to stitch together different network technologies (hopefully without opening up any major security holes).

Solution: ACSC allows for any kind of network structure. You can use it like a traditional VPN, to allow remote users to connect to on-premise servers; but you can also:

• Allow on-premise users to connect to servers at a remote data center.
• Allow users in one office to connect to servers at another office.
• Allow remote users to connect to cloud-hosted databases and other services.
• Allow containers or VMs at one cloud site to connect to containers or VMs at another cloud site.

The same ACSC client works for home computers, on-premises servers, remote servers, cloud VMs, and containers – so you can use the ACSC agent to connect anything to anything, securely.

User Credentials

Problem: Traditional VPNs require end users to log in with passwords or other credentials that they have to manage. These kind of credentials can be phished easily – or found in password dumps. And users will forget their passwords, or get stuck trying to login, and drain helpdesk time.

Solution: ACSC is “zero touch” for end users. Behind the scenes, ACSC uses 256-bit keys (that are rotated frequently) for authentication and encryption – and users never see or touch them. With ACSC, users can’t lose passwords, or mess up the log-in process.

Network Tools

Problem: Traditional VPNs assign IP addresses to end users dynamically, so you can’t use standard network tools (like firewalls or log file analyzers) to filter the traffic or audit the usage of a particular user or device by IP address.

Solution: ACSC uses cryptokey routing to bind a private IP address to the ACSC device from which a connection originated. Therefore, when filtering or monitoring traffic from an ACSC network, all your standard network tools work.

Attack Surface

Problem: Traditional VPN vendors have a terrible track record of security – every month a big vendor takes their turn grabbing the headlines with a new zero-day vulnerability:

• VPN Security Vulnerabilities Increased 47% in 2023
• VPN Vulnerabilities Drive Nearly 30% of 2024 Q3 Ransomware Attacks
• VPNs Under Siege: 2024 Cyber Attacks & Data Breach in Review

Solution: ACSC presents a very limited attack surface. It’s built on the formally verified WireGuard protocol, using strong, modern cryptography with no configuration footguns. By default, all public traffic enters an ACSC network through a heavily guarded hub in the Anti-Cloud data center. All traffic that isn’t authenticated by WireGuard is rejected immediately.