The global cybersecurity landscape is increasingly defined by the convergence of consumer privacy tools and state-aligned intelligence infrastructure. As digital warfare and surveillance capabilities become commercialized, the technologies underlying Virtual Private Networks (VPNs) and Secure Access Service Edge (SASE) platforms require rigorous technographic auditing. This report provides an exhaustive investigation into Nord Security (the parent company of NordVPN, NordLayer, and NordPass), documenting its leadership, financial backers, infrastructure dependencies, and technical integrations with the Israeli “military-to-civilian” technology ecosystem. The objective is to provide the factual baseline required to determine a Digital Complicity Score based on the provided framework, focusing on areas of strategic dependency, data residency, and the validation of dual-use technologies.
Nord Security was established in 2012 in Vilnius, Lithuania, by co-founders Tom Okman and Eimantas Sabaliauskas.1 While the company’s public narrative emphasizes its Lithuanian roots and its status as the country’s second tech “unicorn” after Vinted, its operational and legal architecture has evolved into a complex global network.3 Originally operating under the Tesonet accelerator, which focuses on business models involving proxying and data collection, Nord Security has expanded to employ approximately 2,000 individuals across more than 20 markets.3
The leadership of Nord Security is composed of individuals with deep expertise in both technical infrastructure and international regulatory policy. This dual focus is critical for a company that must navigate the conflicting requirements of consumer privacy and state-level security compliance.
| Executive Name | Role | Professional Trajectory and Intelligence Context |
|---|---|---|
| Tom Okman | Co-Founder / Co-CEO | Serial entrepreneur and co-founder of the Tesonet ecosystem. Active in global networking circles, including the World Economic Forum.1 |
| Eimantas Sabaliauskas | Co-Founder / Co-CEO | Leading force behind Nord’s transition from a bootstrapped startup to a $3B enterprise.1 |
| Dina Lurje | General Counsel / Head of Public Policy | Former Deputy Chair of the Lithuanian National Competition Authority. Extensive experience with the US Federal Trade Commission (FTC) and the EU Commission’s DG Competition.10 |
| Marijus Briedis | CTO (Infrastructure) | Responsible for the global server architecture and the implementation of Nord’s proprietary protocols.12 |
| Jonas Karklys | Co-Founder | Strategic lead for the initial development of the Nord Security product suite.12 |
| Chandler Reedy | Board Member | Managing Director at Warburg Pincus, specializing in strategic investments and business services.9 |
The presence of Dina Lurje is particularly significant. Her background in supervising mergers and participating in legislative negotiations at the EU Council positions Nord Security at the intersection of global tech regulation and competition law.10 This level of legal sophistication is necessary for a firm managing “dual-use” technologies that may be subject to international export controls or security oversight.13
Nord Security remains closely tied to Tesonet, a Lithuanian venture capital firm and business incubator.6 Tesonet’s flagship investments—including Hostinger, Oxylabs, Surfshark, and Nord Security—are all centered on “proxying” technologies.6 These technologies are foundational to both privacy services and data harvesting operations. The consolidation of Surfshark and Nord Security in 2022 created a dominant player in the consumer security market, centralizing the management of millions of users’ traffic.1
A primary requirement of this audit is to identify the “Unit 8200” stack—cybersecurity, cloud, and analytics vendors founded or led by veterans of Israel’s elite signals intelligence unit. Unit 8200 is the largest unit in the Israel Defense Forces (IDF), functioning as a military intelligence agency comparable to the US National Security Agency (NSA).15 The unit is renowned for its “military-to-civilian” pipeline, where personnel transition from developing state surveillance tools to founding globally successful cybersecurity firms.17
Nord Security’s business-facing division, NordLayer (formerly NordVPN Teams), utilizes and integrates with several prominent Israeli-founded firms. These integrations are not merely incidental but represent a strategic validation of the Israeli security R&D pipeline.
| Vendor | Relationship to Nord | Technical Function and Intelligence Background |
|---|---|---|
| SentinelOne | Integration / MSP Partner | Founded by Israeli technologists; provides AI-powered endpoint detection and response (EDR). Listed as a primary partner for NordLayer MSPs.17 |
| CrowdStrike | Strategic Partner | While US-headquartered, it shares investor pools (Warburg Pincus) and technical philosophies with the Israeli stack. Integrated into NordLayer for endpoint protection.9 |
| Check Point | Recommended Vendor | Founded by Gil Shwed, a veteran of Unit 8200. Nord’s engineering team recommends Check Point Infinity for AI-powered threat prevention.17 |
| Wiz | Recommended Vendor | Founded by four former Unit 8200 officers (Assaf Rappaport et al.). Nord highlights Wiz as a leading cloud security platform.17 |
| CyberArk | Recommended Vendor | An Israeli pioneer in Privileged Access Management (PAM), recommended by Nord for managing sensitive credentials.21 |
The integration with SentinelOne via the Pax8 platform allows Managed Service Providers (MSPs) to deploy NordLayer alongside Israeli-origin security tools, effectively bundling consumer-grade privacy with state-derived defensive technologies.20 This relationship subsidizes the Israeli military-tech ecosystem through significant licensing fees and operational validation.18
Nord Security’s technical marketing serves as a conduit for the normalization of the “Unit 8200” stack. In comprehensive guides for businesses, Nord explicitly recommends the use of Israeli tools such as Check Point Quantum Security Gateways and Checkmarx (founded by Israeli intelligence alumni).21 By endorsing these platforms, Nord Security reinforces the legitimacy of technologies that were pioneered in a military context and are now being repurposed for civilian and commercial surveillance.17
The unit’s philosophy of “rosh gadol” (big head)—encouraging soldiers to challenge authority and innovate—is often cited by Israeli startups to attract Western investment.16 Nord Security participates in this narrative by promoting these “innovative” tools as the gold standard for modern cybersecurity, despite their origins in a state-level intelligence agency that monitors Palestinian territories and international signal traffic.15
The audit of Nord Security’s surveillance capabilities focuses on its adoption of biometric technology and behavioral analytics, particularly within its Identity and Access Management (IAM) framework. NordLayer and NordPass Business have increasingly moved toward “zero-trust” models that require continuous verification of user identity through biometric data harvesting.
NordLayer provides biometric authentication solutions as a core feature of its network access security.7 This includes:
While Nord Security does not claim to develop its own facial recognition algorithms, it integrates with identity providers that are deeply embedded in the Israeli tech ecosystem. For example, NordLayer is compatible with Okta, OneLogin, and JumpCloud.7 These providers frequently partner with or acquire Israeli startups that specialize in biometric liveness detection and behavioral signals.23
The verification of “liveness” and the prevention of identity fraud are often powered by technologies originating in Israel. Companies like Sumsub and Veriff, which are mentioned in the same competitive landscape as Nord Security, provide the automated decisioning and biometric checks that define modern IAM.28 Nord’s reliance on these external identity platforms ensures that its security posture is synchronized with the surveillance standards established by the global biometric industry, in which Israel is a dominant player.24
| Feature | Nord Product | Mechanism and Potential State Link |
|---|---|---|
| Biometric Login | NordPass Business | Utilizes device-level biometric sensors (FaceID, TouchID) managed via encrypted vaults.25 |
| Device Posture Security | NordLayer | Monitors device health and detects “jailbroken” or “rooted” devices, a key component of behavioral monitoring.7 |
| Continuous Verification | NordLayer (ZTNA) | Implements a “trust none, verify all” model that tracks user behavior and location in real-time.25 |
The adoption of these features transforms a privacy tool (NordVPN) into a proactive monitoring tool (NordLayer), capable of harvesting and analyzing user data at a granular level. The “Activity Monitoring” and “Network Visibility” features allow administrators to track exactly who connected, when, and from which device, creating a metadata trail that is accessible to the system’s owners.7
Investigating major IT overhaul projects (such as ASDA’s “Project Future”) reveals the role of strategic integrators like Publicis Sapient in enforcing specific technology stacks. The technographic audit of Nord Security identifies multiple points of contact with these global integrators.
Leadership lists from high-level international forums, such as the World Economic Forum (WEF) in Davos, show that Nord Security’s founders operate in the same circles as the leadership of Publicis Sapient and other major professional service firms.8 Specifically, Tom Okman and Publicis Sapient CEO Nigel Vaz have been documented as participants in the same global networking events.8
Publicis Sapient is a key integrator for digital transformation projects that often prioritize “top-tier” security solutions, including those from the Israeli stack.33 The proximity of Nord Security to these integrators suggests that Nord’s products are being positioned for inclusion in large-scale corporate and governmental IT overhauls.8
Nord Security is listed alongside Israeli firms in major procurement and distribution catalogs. For example, the Insight Public Sector manufacturer list includes Nord Security Inc. in the same category as Check Point Software and Checkmarx.37 This placement indicates that Nord is part of a vetted ecosystem of vendors available to government agencies and large-scale enterprises for their digital transformation initiatives.37
Furthermore, Nord’s business solutions are distributed through partners like 127 Media, which provides expert guidance on deploying NordLayer and NordPass to SMEs and modern organizations in the UK.25 This distribution network ensures that Nord’s technology is deeply embedded in the digital infrastructure of Western economies, facilitating the same “zero-trust” and “identity-centric” security models pioneered by Israeli intelligence veterans.24
A critical element of this technographic audit is the physical residency of Nord Security’s infrastructure within the state of Israel and its relationship to cloud initiatives like Project Nimbus.
NordVPN maintains a significant physical presence in Israel to provide low-latency connections to local users. Technographic data identifies active NordVPN exit nodes operating out of Tel Aviv.38 These servers are hosted by DataCamp (Datapacket), a global infrastructure provider that operates as a “backbone” for high-bandwidth dedicated servers.38
| Infrastructure Component | Detail | Jurisdiction and Compliance Implications |
|---|---|---|
| Server Location | Tel Aviv, Israel | Subjects all transit data to Israeli lawful intercept laws and emergency security regulations.38 |
| Hosting Partner | DataCamp (AS212238) | Provides the physical hardware and network connectivity for NordVPN exit nodes.38 |
| Internal ASNs | AS141039 / AS207137 | Registered to PacketHub and Tefincom, the legal entities operating NordVPN.39 |
| Dedicated IP Service | Israel (Tel Aviv) | Allows business clients to maintain a static digital footprint within the Israeli sovereign network.40 |
The existence of these PoPs (Points of Presence) in Tel Aviv is essential for the “Digital Sovereignty” of Israeli-based users and businesses.7 By maintaining local servers, Nord Security ensures that Israeli data does not necessarily have to leave the country’s borders, which is a key requirement for many government and defense-related activities.16
“Project Nimbus” is the Israeli government’s multi-billion dollar project to move its entire defense and administrative workload into the cloud, utilizing local data centers operated by AWS and Google.16 While Nord Security is not a primary contractor for Nimbus, its products are designed to secure and integrate with the Nimbus cloud environment.
NordLayer explicitly supports cloud network integrations with AWS, Google Cloud, and IBM Cloud.20 It allows organizations to create “Virtual Private Gateways” that bridge local on-premise networks with these cloud regions.19 In the event of international digital sanctions or a severing of undersea cables, the localized infrastructure provided by partners like DataCamp and the integration with Nimbus-aligned cloud providers ensure “Continuity of Government” for the Israeli state.16 Nord’s technology facilitates the resilience and scalability of this state war-making capacity by providing the secure “digital layer” required for modern administrative and military functions.31
The financial backing of Nord Security reveals a network of investors with significant portfolios in the Israeli cybersecurity sector. This creates a causal relationship where the growth of Nord Security is tied to the interests of capital funds that are actively subsidizing Israeli defense R&D.
In September 2023, Nord Security raised $100 million in a funding round led by Warburg Pincus, a New York-based private equity firm with over $83 billion in assets under management.1 Warburg Pincus is an experienced investor in the cybersecurity sector, with an active portfolio that includes:
Chandler Reedy, a Managing Director at Warburg Pincus and Head of Strategic Investments, joined the Nord Security board following this round.9 This direct board-level link ensures that Nord’s growth strategy is aligned with one of the most powerful institutional investors in the defensive tech space.
General Catalyst, another investor in Nord Security, maintains an even more direct set of ties to the Israeli tech ecosystem.2 General Catalyst has provided funding to numerous Israeli-founded “cyber unicorns” and defense-adjacent firms:
The participation of General Catalyst in Nord’s investment rounds 2 creates a financial feedback loop. The capital used to scale Nord Security comes from the same source that is funding the “next generation” of Israeli-derived surveillance and defense technologies.42 This relationship validates the commercialization of military-grade tools and ensures that Nord Security remains a stakeholder in the continued prosperity of the Israeli tech sector.
A deeper technographic concern involves the potential for signals intelligence (SIGINT) and traffic analysis by Israeli state actors. While VPNs are marketed as privacy tools that encrypt the content of data, they are inherently vulnerable to traffic analysis and metadata extraction.24
Israeli intelligence units, specifically Unit 8200, pioneered many of the traffic analysis techniques now used by global intelligence agencies.24 These techniques include:
Nord Security’s centralized architecture—where all user traffic flows through a single point of failure (their server network)—creates an ideal environment for this kind of mass monitoring.24 If the Israeli state can access the underlying data center infrastructure (such as the DataCamp nodes in Tel Aviv), it can potentially perform this analysis on any traffic transiting through those nodes.38
The research indicates that over 1,400 veterans of Israeli intelligence units are now employed in major tech companies, including Google, Microsoft, and Amazon.24 These veterans often contribute to the development of “surveillance enablement” tools, such as the Pegasus spyware or other advanced monitoring platforms.24
The fact that Nord Security integrates its products with the very platforms (AWS, Google Cloud) that employ these veterans creates a systemic risk.20 The “Technical audits” performed on Nord’s software cannot easily detect intelligence agency backdoors or “voluntary cooperation” between infrastructure providers and state agencies.24 This makes the technographic dependency on Israeli-linked vendors and infrastructure a critical factor in determining the overall complicity of the target.
The following tables synthesize the findings of the audit, categorizing the data points according to the core intelligence requirements.
| Requirement | Indicator | Findings / Evidence |
|---|---|---|
| Unit 8200 Stack | High-Tier Procurement | Integrations with SentinelOne and recommendations for Check Point, Wiz, and CyberArk.20 |
| Biometric Tech | Surveillance Harvesting | NordLayer implements facial recognition and fingerprint scanning via IAM partners like Okta and JumpCloud.7 |
| Retail / Loss Prevention | Behavioral Monitoring | NordLayer’s device posture security and “jailbroken” detection monitor user hardware continuously.7 |
| Digital Transformation | Strategic Alignment | Proximity to Publicis Sapient leadership and presence in government procurement catalogs (Insight Public Sector).8 |
| Category | Indicator | Data Point |
|---|---|---|
| PoP Locations | Sovereign Residency | Active VPN and SASE server presence in Tel Aviv, Israel.38 |
| Hosting Partners | Infrastructure Support | Reliance on DataCamp / Datapacket for Tel Aviv network capacity.38 |
| Cloud Sovereignty | Government Continuity | Integrations with AWS/Google cloud regions that power Project Nimbus.19 |
| IP Management | Dedicated Assets | Provision of static Israeli IP addresses for business clients through PacketHub ASNs.39 |
| Entity | Role | Israeli Context / Portfolio |
|---|---|---|
| Warburg Pincus | Lead Investor | Invested in CrowdStrike and Zimperium; Chandler Reedy on Nord board.9 |
| General Catalyst | Investor | Major funder of Israeli cyber unicorns like Armis and Lacework.43 |
| Novator Ventures | Institutional Investor | International growth equity fund with a focus on digitisation and “disruptor” tech.43 |
| Dina Lurje | Executive Influence | Expert in EU/US competition law and regulatory compliance for tech markets.10 |
The audit identifies several third-order implications that extend beyond the immediate data points. These represent the broader causal relationships and future outlooks for Nord Security within the Israeli-aligned digital ecosystem.
The integration of “Unit 8200 Alumni” technology into Nord Security’s critical infrastructure is not just a commercial choice; it is an act of institutionalizing “Soft Dual-Use” procurement.17 By paying licensing fees to companies like SentinelOne and Check Point, Nord Security provides a steady stream of capital to firms whose R&D is a direct byproduct of the Israeli state’s war-making and intelligence cycle.15 This actively subsidizes the military-tech pipeline, ensuring that the technology used for occupation and surveillance remains commercially viable and globally dominant.16
The operation of local data centers in Israel by Nord’s partners ensures that the state is protected from international digital sanctions.24 If a “digital embargo” were to be placed on the state, the localized infrastructure used by Nord Security and its clients would allow for the “Continuity of Government”.16 Nord’s products facilitate this by providing the encryption and private network layers that keep these local cloud operations secure and accessible to state and military actors.25
Nord Security’s engineering blogs highlight the growth of “AI-powered cybersecurity tools” like SentinelOne Purple AI and Google Gemini SecOps.21 These tools are designed to automate threat detection and response, often by training models on massive datasets of user behavior.21 The research suggests that Israeli intelligence agencies are at the forefront of using civilian data to “train” military AI models.16 By promoting and integrating these AI-driven tools, Nord Security becomes a participant in the normalization of algorithmic monitoring, where the code itself informs kinetic or administrative action.21
The development of Nord Security in Lithuania is itself a result of a national emphasis on cybersecurity. The Lithuanian government has a dedicated strategy for cyber resilience, funding research and encouraging innovation through startup involvement.4 This environment provided the initial “national defense” context for Nord Security’s growth. However, as the company scaled, its need for “top-tier” security tools led it to the Israeli market, which is often marketed as the only viable source for “military-grade” consumer protection.17
The result is a hybrid corporate entity: Lithuanian in its origins and leadership, but Israeli-aligned in its technical and financial foundations. This “dual-identity” allows Nord Security to market itself as a neutral, privacy-first company while simultaneously serving as a key node in the global intelligence and defense-tech supply chain.3
The technographic audit has documented the following:
