Start Using the Leading Zero Trust Inter-Networking Platform
Zero trust secure connectivity for solution providers
Connect anything to anything with multipoint, multi-tenant zero trust overlay networks, rather than point to point VPNs. Solution, product, software and service providers build NetFoundry into their services to enable their customers to have zero trust connections for data access and remote management, without their customers opening any inbound firewall ports.
Based on OpenZiti open source
NetFoundry open sourced OpenZiti, and is the leading maintainer. OpenZiti is now the leading open source development and integration platform for zero trust networking and connectivity.
Embed or integrate Zero Trust in your solution
Solution providers and product manufacturers embed connectivity and security into their solutions, as software.
OEM & Whitelabel
Become a strategic partner to include NetFoundry in your secure-by-default enterprise-class solutions for use cases such as cybersecurity, industrial connectivity and B2B.
FREE for up to 30 days
NetFoundry provides both a Zero Trust development/integration platform and a Network as a Service (NaaS). Checkout out our Enterprise Edition offering at your own pace with your own private network, sandbox and admin console.
What's included
- Overlay network endpoints: Mobile, OT, IoT, laptop, desktop, server, DMZ, cloud.
- Zero trust: Identity, AuthN, AuthZ, posture, MFA, encryption, identity based microsegmentation, mTLS (mutual TLS).
- Private overlay network fabric: Software-defined, programmable, high-performance, multi-point mesh network. Limited to one region.
- Web console, Management and Orchestration platform: Admin UI create and manage networks, endpoints, services and policies.
- Consultation: One hour consultation with a NetFoundry engineer.
- Kick-off Meeting: Brief tour of our management console and creation of your private Internet-overlay network.
- Up to 10 endpoints and up to 1TB of total data
- Service Availability: 99%.
Inactive networks are spun down after 5 business days.
Starting at $5000/month
Enterprise-grade zero trust overlay networking as a service for any use case including mobile, APIs, OT, IIoT, remote management, B2B, Kubernetes, multi-cloud, 3rd party access, PAM, edge and ingress.
What’s included
- Overlay network endpoints: Mobile, OT, IoT, laptop, desktop, server, DMZ, cloud. Multi-tenant support to enable you to support all your customers.
- Zero trust: Identity, AuthN, AuthZ, posture, MFA, encryption, identity based microsegmentation, mTLS (mutual TLS).
- Global private network overlay fabric: Software-defined, programmable, high-performance, multi-point mesh network. Managed globally by NetFoundry as NaaS across over 100 data centers.
- Web console, Management and Orchestration platform and APIs: Admin UI and APIs to create and manage networks, endpoints services, policies and posture checks.
- Pre-built integrations: Includes IdPs, directories, SIEM, SOC, SOAR, etc.
- Technical Account Manager
- Customer Success oversight
- Compliance - SOC 2 type 2 certified, legal, SLAs
- 24 x 7 technical support
- Service Availability: 99.99%
Custom quote
Embed zero trust networking in your software, service or product. Our Premium Edition supports OEM and whitelabel arrangements with our strategic partners.
What’s included
Everything in Enterprise plus- OEM & white label support: Embed zero trust networking directly into your applications, solutions and services. Your network is private to you, and you can use it as a multi-tenant solution across all your customers.
- SDK-embed: We'll work with you to embed zero trust networking in your solutions, via our SDKs. The result is agentless zero trust, for both your customers' data planes, and your remote management.
- Roadmap input: Collaborate with Netfoundry on features and product direction.
- Customization: Collaborate with NetFoundry on advanced features.
- Dedicated Technical Account Manager
- Customer Success Quarterly Business Reviews
- Support for additional deployment models including 'private SaaS', 'air gapped'.
- Back-to-back SLAs for your company and your customers
- Sales and marketing support
- Service Availability: 99.99%
NetFoundry Platform
Core Zero Trust Features
Zero Trust SDN
Software defined overlay network renders assets invisible to the Internet by enabling you to close all inbound firewall ports, without VPNs, permitted IPs, or bastions.
Authenticate & Authorize
Users and devices must prove their identity (authentication) and be granted specific access rights (authorization) before establishing a connection, including for third-party systems and API access.
Mutual TLS
Uses TLS (Transport Layer Security) as the security protocol for both client and server authentication. Secures APIs, RDP, SSH, server-initiated and bidirectional. Secondary authentication methods like MFA available.
End-to-End Encryption
Ensures that all communications are securely encrypted from the source to the destination. All data is inaccessible to any intermediate hops.
Identity-Based Access Control
Access is granted based on the identity of users and devices, not merely IP addresses, allowing for more precise control.
Network Microsegmentation
Allows for the division of network resources into secure zones to minimize the attack surface and restrict lateral movement.
Application Segmentation
Ensures only authorized users can access specific applications, enhancing security at the application level.
Embeddable
Developers can leverage a software overlay network by embedded it directly inside all parts of their application as code using our SDKs.
Seamless Integration
Can be integrated with existing infrastructure and applications without significant modifications since the overlay is defined by software.
Open Source
The development is open to contributions from a community, offering transparency and collaborative improvements.
Multi-Platform Support
Supports a wide range of platforms, including Windows, Linux, macOS, and mobile OSes, ensuring broad applicability.
Continuous Authentication
Network constantly verifies the identity of a user or entity throughout their session or interaction with a system, rather than just at the initial login point.
NetFoundry Fabric
Global Overlay Mesh Network Features
Mesh Architecture
Robust overlay programmable network with self-healing and dynamic routing.
Easy To Setup & Configure
Overlay routers are deployed in minutes in any public or private cloud. Only authorized OpenZiti SDK endpoints, OpenZiti agents and OpenZiti routers can access the overlay.
Decentralization
Eliminates a single point of failure by routing data across the shortest and fastest paths available.
Redundancy
Offers multiple pathways for data, enhancing robustness and resilience to failures.
Self-Healing
Automatically reconfigures when nodes are added or fail, maintaining network integrity.
Dynamic Routing
Utilizes advanced algorithms to determine optimal data paths, improving efficiency.
Scalability
Supports easy expansion with additional nodes to increase coverage and network strength.
Performance
Designed to handle deployments on an unpredictable internet without compromising performance. Algorithms continually adjust as network conditions change, minimizing latency, and providing automated load balancing.
Isolated Networks
Your data planes are unique - not shared with other NetFoundry customers.
Any Endpoint
Agents and gateways for OT, IoT, mobile, desktop, edge, site and cloud. SDKs enable the agents to be integrated into your software, for agentless zero trust networking, which goes anywhere your software is installed.
NetFoundry NaaS
Network Management Services
PKI Enrollment & Management
NetFoundry manages PKI, handling X.509 digital certificates for secure authentication and data exchange, and supports integration with custom Certificate Authorities as per RFC 7030.
Private DNS Management
Management of the NetFoundry private Domain Name System that translates domain names to IP addresses in a controlled and secure manner, inaccessible to the public internet.
Zero Trust Network Endpoints
Management of endpoints within a network that operate on a zero trust principle, meaning they do not automatically trust any request or connection without verification, applicable for various devices and environments like IoT, mobile, and cloud.
Policy Engine & Management
Creation, management and enforcement of network policies, dictating how resources are accessed and used within a network.Telemetry, Visibility & Monitoring
Management of telemetry data tracks network performance and usage, aiding in monitoring, troubleshooting, and optimization. Robust metrics available for visibility.Posture Checks, MFA
Built-in dynamic posture checks and multi-factor authentication, including X.509 certificates for OT, APIs, and servers. Supports third-party TOTP, MFA, Yubikey, KeyCloak integrations, along with OICD, OAuth, and SPIFFE compatibility.Identity, CA, and Directory Integrations
The integration of identity management systems, Certificate Authorities (CAs), and directory services (like LDAP or Active Directory) for streamlined user authentication and resource access control.Network Access Control
Implementing Network Access Control (NAC) that is not dependent on the network infrastructure, for granular security.Identities and Policies
Management of identities and security policies independently of the physical network, enabling consistent access rules across different network environments and platforms, facilitating secure application integration.NetFoundry Cloud & Hosting
Infrastructure Management Services
Infrastructure Provisioning
Quick provisioning and scaling of resources like VMs, storage, and networking using the leading Cloud Providers including AWS.
Software Management
Management of all underlying required software, tools, and databases handling installation, configuration, and maintenance.
Multi-tenant For Your Customers
Centrally manage multi-tenant, zero trust networks via web console and APIs. Each of your customers is microsegmented with full zero trust, while you maintain central controls, visibility, provisioning and telemetry.
Scalability and Elasticity
Automatic scaling based on demand with policies for resource adjustment, optimizing performance and costs.
High Availability
Built-in redundancy and mechanisms like load balancing and multi-region replication ensure application availability.
Security Services
A range of services including IAM, encryption, and DDoS protection to secure applications and data.