NordVPN vs Norton 360: Which Layer Does What

// VPN protects the network layer. Antivirus protects the endpoint layer. These are not substitutes.

The comparison in the headline is the wrong question. You did not ask the wrong question by accident. The marketing for both products is built to make you think they are alternatives, because a user who buys one product and thinks they are covered generates a cheaper customer than a user who understands defense in depth and shops both.

I am going to refuse the premise of the comparison for the first half of this piece and then spend the second half telling you what each product actually does, where the bundled versions of each fail to substitute for the other, and what the correct architecture looks like for a household in 2026.

This is a CISSP-flavored read, not a ranking.

The layer model

Traffic flows through your network. Payloads execute on your devices. These are two different steps.

A Virtual Private Network operates at the network layer. It encrypts the traffic leaving your device and reroutes it through a server run by the VPN provider. Your Internet Service Provider sees encrypted traffic going to one IP address. The websites and services you connect to see the VPN server's IP, not yours. A VPN changes the journey of the packet. It does not inspect what the packet contains.

An antivirus suite operates at the endpoint layer. It inspects files that land on your device. It watches processes at runtime. It scans memory for known malware signatures and anomalous behavior. It quarantines, deletes, or rolls back malicious activity. Antivirus changes what happens when a payload reaches the endpoint. It does not change how the packet got there.

Different layers. Different tools. The National Institute of Standards and Technology's defense-in-depth model is the authoritative reference here, and it is not controversial. Perimeter and network controls are architecturally separate from endpoint controls. Neither replaces the other. Both are required.

Treating NordVPN and Norton 360 as substitutes is the same mistake as asking whether to lock your front door or install a smoke alarm; they are orthogonal layers of a single problem.

What NordVPN does

NordVPN is a network-layer tool. It is run by Nord Security, a Lithuanian company with its corporate jurisdiction in Panama. Panama is not a member of the Five Eyes, Nine Eyes, or Fourteen Eyes intelligence-sharing alliances. Panama has no mandatory data retention law. The jurisdictional choice is intentional.

The company has passed six independent no-logs assurance engagements, the most recent conducted by Deloitte Lithuania in November and December of 2025 with the report issued on December 12, 2025. The scope covered the standard VPN service, Double VPN, Onion Over VPN, and obfuscated servers. Deloitte's practitioners interviewed Nord employees and inspected server infrastructure, configurations, and deployment processes. The prior audits were conducted by PricewaterhouseCoopers and Deloitte in 2018, 2020, 2022, 2023, and 2024. Six audits, six confirmations. This is an unusually strong audit trail for the VPN category.

In October 2024, the company disclosed that it had received a binding warrant from a Panamanian prosecutor. What Nord provided: account existence and payment data. What Nord did not provide: traffic logs, connection logs, or any data on what the user did on the network. The data did not exist to provide. This is the operational test of the no-logs claim, and Nord passed it.

The infrastructure itself is substantial. Over nine thousand servers across more than one hundred twenty-five countries and two hundred eleven global locations, including servers in every US state as of late 2025. The default protocol is NordLynx, Nord's implementation of WireGuard with a custom double-NAT layer. OpenVPN and IKEv2 are supported as alternatives. Post-quantum encryption was added to NordLynx during 2025.

Pricing, as of April 2026: the two-year Basic plan starts at $3.39 per month. Plus is $4.39. Complete is $5.39. Monthly plans run $12.99 to $14.29. Ten simultaneous devices on every tier. Thirty-day money-back guarantee. The NordVPN pricing page carries current numbers.

The honest negative: in March 2018, a third-party datacenter in Finland added an insecure remote management account without Nord's knowledge. An intruder accessed one server for a brief window and acquired an expired TLS key. No user activity logs were compromised because none were stored. Nord terminated the contract with the Finnish provider, audited all of its servers, and disclosed the incident publicly in October 2019. This is the kind of disclosure that matters. The structural reason no user data was exposed is the same structural reason Nord had nothing to hand the Panamanian prosecutor in 2024. You cannot leak what you did not log.

// [AFFILIATE: NordVPN]

What Norton 360 does

Norton 360 is an endpoint-layer suite. It is made by Gen Digital, the US-based parent company that also owns LifeLock and Avast. The suite bundles antivirus with firewall, a Virtual Private Network (Norton Secure VPN), a password manager, dark web monitoring, SafeCam webcam protection, and cloud backup. Tier determines how many devices the license covers and how much cloud backup is included.

The antivirus detection numbers are the foundation of the product. AV-Comparatives' Real-World Protection Test for July through October 2025 recorded Norton blocking 100 percent of the 428 test cases in the malware protection category, with 8 false positives, and the independent lab awarded Norton its Advanced+ rating. Across the 2025 test series, Norton received seven Advanced+ awards and Gold in Real-World Protection, the highest count of any tested consumer security product.

AV-TEST's bimonthly Windows 11 certifications for 2025 were perfect scores, six out of six in Protection, Performance, and Usability, in every cycle. January-February 2026 extended the streak. AV-TEST awarded Norton Best Usability 2025 for Consumer Users and Best MacOS Security 2025. If you are shopping antivirus on detection performance alone, Norton is at the top of the category.

Pricing runs on a first-year-promotional model with a roughly 2x renewal bump. Norton's pricing page currently lists Norton 360 Standard around $29.99 for the first year on a single device. Norton 360 Deluxe covers five devices at around $49.99 first-year with renewals around $119.99. The LifeLock tiers (Select, Advantage, Ultimate Plus) add identity theft monitoring, stolen-funds reimbursement, and escalating cloud backup up to 500GB. The renewal pricing is the honest negative; budget for the second year if you are planning long-term.

The honest negative on the company side: in December 2022, Gen Digital disclosed that roughly 6,450 Norton accounts had been accessed via credential stuffing. Attackers used credentials stolen from unrelated breaches to log into Norton accounts where users had reused passwords. Norton's own systems were not breached. The incident is worth naming because it illustrates why password reuse remains the single largest consumer security vulnerability, and why a password manager (Norton's own, or a dedicated one) is part of the same defense stack as the antivirus suite.

// [AFFILIATE: Norton 360]

The bundle-is-not-a-replacement section

Here is where the marketing of both products gets honest examination.

Norton 360 includes a VPN. Is that VPN a substitute for NordVPN? No. Norton Secure VPN operates with roughly two thousand servers across approximately thirty countries. NordVPN operates with over nine thousand servers across more than one hundred twenty-five countries. Device limits on Norton Secure VPN are tier-gated (one device on the low tier, five on the middle, ten on the top), versus NordVPN's flat ten devices on every plan. Norton Secure VPN runs under Gen Digital's US corporate jurisdiction, which is a Five Eyes country. NordVPN runs out of Panama. These are architectural differences, not marketing differences. If your threat model includes jurisdictional reach, the bundled Norton VPN is structurally not equivalent.

NordVPN includes a malware scanner (Threat Protection Pro). Is that scanner a substitute for Norton? Also no. Threat Protection Pro is included in the Plus, Complete, and Prime tiers of NordVPN, and it performs respectably in independent testing. AV-Comparatives tested it in January 2026 and recorded 92 percent of 250 phishing URLs blocked with zero false alarms, ranking it fourth overall including dedicated antivirus products. That is a real result. It is also not a full antivirus product. Threat Protection Pro is Windows and macOS only, does not provide ransomware protection, and does not offer on-demand scanning of existing files on the device. Nord markets it as a supplementary layer, not a replacement, and Nord is correct to do so.

The NSA and CISA jointly issued guidance on VPN selection and hardening in September 2021. The guidance treats VPNs as a distinct perimeter and network control, with its own threat model and hardening requirements, separate from endpoint protection. The federal architectural posture is: each layer gets its own tool, each tool audited against its own criteria.

Either bundle is better than neither layer. Both layers handled by the tool built for the job is the correct answer.

What each layer does NOT do

Writing this out crisply because it is the mental model you need.

A VPN does not stop malware from executing on your device. A VPN does not scan downloaded files (unless you are paying for the Threat Protection Pro add-on, and even then, with limits). A VPN does not protect against ransomware. A VPN does not remediate an already-infected system. A VPN does not save you from phishing if you enter your credentials into a fake site; it just encrypts the connection while you do it.

Antivirus does not hide your IP address from the websites you visit. Antivirus does not encrypt traffic in transit. Antivirus does not bypass geographic restrictions. Antivirus does not prevent your Internet Service Provider from logging your browsing activity. Antivirus does not shield you from network-level surveillance on a hostile Wi-Fi network.

// Different jobs. Different tools. Do not let the bundle page confuse you.

The practical recommendation

A household security stack in 2026 looks approximately like this.

One dedicated VPN. NordVPN is a defensible choice on the audit history, the jurisdictional selection, and the server infrastructure. ExpressVPN, Mullvad, and Proton VPN are also reasonable alternatives with their own audit trails and tradeoffs. Pick one audited no-logs VPN and run it on every device on the network.

One dedicated antivirus suite. Norton 360 Deluxe is a defensible choice on the AV-Test and AV-Comparatives results, the bundled feature set, and the price at first-year promotion (budget for the renewal bump). Bitdefender, ESET, and TotalAV are reasonable alternatives. Pick one suite with strong independent test results and run it on every device.

One password manager. If you are already in the Nord ecosystem, NordPass covers this and integrates with the VPN account. 1Password and Bitwarden are equally strong alternatives. Pick one. Generate unique random passwords for every account. Enable two-factor authentication everywhere. Cross-reference the password leak response playbook for the incident response layer.

// [AFFILIATE: NordPass]

Total household cost for the full stack in 2026, at promotional pricing: roughly $80 to $140 per year. Renewal pricing runs higher. This is not a small expense. It is also not a large one relative to the loss severity of a household incident, which can run into the thousands of dollars in resolved credit fraud, identity theft cleanup, ransomware payments, or just the time cost of untangling a compromise. The stack pays for itself the first time any of those events is prevented.

The final read

NordVPN protects the journey. Norton 360 protects the destination. The household that asks which one to pick is asking a question built by marketing that wants the cheaper customer. The correct answer is both, with clear understanding of what each layer does and does not do.

If you are on a budget and can only afford one of the two this year, pick based on your threat model. Heavy use of public Wi-Fi, privacy from ISPs, access to geo-restricted services, streaming or remote work from hostile networks: VPN first, antivirus next year. Heavy downloading, kids on the devices, concerned about ransomware or identity theft, work-from-home with sensitive documents on the endpoint: antivirus first, VPN next year. Neither answer is wrong. Neither answer is complete.

Both tools, running in parallel on every device on the network, with a password manager handling the authentication layer, is the complete answer. It is also the architecturally correct one.

// Stack the layers. Do not let the marketing decide for you.

Further reading

The NIST Cybersecurity Framework's defense-in-depth glossary entry is the authoritative source for the layered security model. The NSA/CISA joint guidance on VPN selection and hardening walks through the enterprise-grade criteria that consumer decisions still borrow from.

Related threat playbooks

• NordVPN 2026 Review: Is the Biggest Still the Best?. The deep single-product review if you want more detail on NordVPN specifically.
• The Best Antivirus for 2026: A Real Comparison. The broader antivirus category shoutout including Norton alternatives.
• Your Password Just Leaked. Your 4-Hour Response Plan.. What to do when any password leak hits your inbox; the incident response layer of the stack above.
• Do I Actually Need a VPN? An Honest Framework.. The threshold question if you are not yet sure whether a VPN belongs in your stack at all.