Zero trust networking for providers

zero-trust-provider

Solution, machine, software and service providers enable remote management and data sharing across customer sites by integrating software-only zero trust networking into their products. Here is how a leading machine vision provider described the performance, security and simplicity in a Gartner Peer Review.

See a demo

Introducing the first zero trust networking for connected industry

Providers need access to many customer networks. Businesses need to provide access to many providers. The resultant firewall challenge is a nightmare.

NetFoundry reversed the model. Provider's don't get access to any sites. And this works within OT sites, between IT and OT sites, and between provider sites.  All firewalls change to one simple rule: deny-all inbound.  Say what?

 

industry-zero-trust

Instead, NetFoundry's software microsegmented networking only grants access to specific applications. For example, a machine provider can access a specific app on a certain machine, but can't access the network.  In fact, the machine provider can build the access into the app - no separate agent or gateway needed!

Rather than open up the front door, and then use firewall rules to deny access to different rooms, all the rooms are default closed.  Centrally managed layer 7 policy dictates least privileged access to each room (app). Both IT and OT firewalls deny all inbound traffic.

Zero trust networking which enables you to close all inbound firewall ports for all use cases, including remote management and 3rd party access. Yes, OT, IT and cloud firewalls. Rather than permit 443 for lists of IP addresses, deny everything. Includes solutions to directly ingest third party data into provider cloud sites, without permitting any inbound access.

Zero trust networking anywhere, even 3rd parties & unmanaged devices

Zero Trust, High Performance SDN

Software defined overlay network renders assets invisible to the Internet by enabling you to close all inbound firewall ports, without VPNs, permitted IPs, or bastions. The private overlays are hosted globally by NetFoundry as SaaS, or are self-hosted.

Low Latency, High Resiliency

Algorithms continually adjust as network conditions change, minimizing latency, and providing automated load balancing, resiliency and high availability. Routing extends to the edgess, eliminating backhaul and decreasing cloud data egress charges.

Multi-tenant

Centrally manage multi-tenant, zero trust networks via web console and APIs. Each of your customers is microsegmented with full zero trust, while you maintain central controls, visibility, provisioning and telemetry. Your data planes are unique - not shared with other NetFoundry SaaS customers - and can be self-hosted or provided by NetFoundry as SaaS

Authenticate Before Connect

Strong identity, authentication and authorization is provided by the platform, BEFORE any device is allowed to initiate a session on the network. The 'firewall' or PEP is moved outside of your DMZ, even for APIs, 3rd party connections, B2B, mobiles and unmanaged devices. Network access control (NAC) is provided globally, without requiring agents.

End-to-End Encryption and Mutual TLS

Exceeds federal zero trust mandates with mutual TLS (mTLS) for every link, and end-to-end encryption, extended all the way to the application itself. NetFoundry provides the PKI and bootstrapping, with X.509 certificate methods and ability to add your own CAs (RFC 7030).

Endpoints, from OT to Cloud

Agents and gateways for OT, IoT, mobile, desktop, edge, site and cloud. SDKs enable the agents to be integrated into your software, for agentless zero trust networking, which goes anywhere your software is installed.

Telemetry and Controls

Granular telemetry showing exactly what is going on in your network, at the user and application levels, even when you don't control the networks or endpoints. Combined with the capabilities to instantly grant or revoke access, this enables just in time access, advanced auditing and fine-grain policy controls at the application or API level.

Posture, MFA, Identity Federation

Built-in dynamic posture checks and multi-factor authentication (MFA). X.509 certificates (enrollment and PKI provided) serve as a strong auth factor for OT, APIs and servers. Third-party TOTP and MFA supported, and prebuilt integrations with Yubikey and KeyCloak available. Integrates with OICD, OAuth and SPIFFE.

Agentless Zero Trust Networks

Embed multi-cloud native, zero trust networking directly into your software via SDKs for every major programming language. Your solution now has a private, zero trust network overlay, governed by your policies, and managed centrally as software. This includes industrial zero trust networks for machines, robots and drones, as well as zero trust management networks for software, hardware and service providers.

Zero Trust Browser, Proxy, API Gateway

Transform browsers, proxies, reverse proxies and API gateways into zero trust endpoints. Zero trust browsers enable security compliance for legacy apps which don't support SSO, MFA or encryption...without needing to modify the apps. Zero trust proxies and API gateways enable customer and partner access to websites and APIs, without exposing them to the Internet

  • “We are committed to protecting our clients’ data. Partnering with NetFoundry isn’t just a way to accomplish this, but the best way.”
    Steve Lindsey
    CIO, Liveview Technologies (LVT)
  • “Businesses can use NetFoundry's Ziti platform to simplify network management, and enable zero trust networking for applications running at the edge on Azure public MEC and Azure regions.”
    Ross Ortega
    VP, Azure for Operators
  • “Integrating our IoT solution with NetFoundry SDKs enables IoT networking without VPNs or proprietary hardware. We can jointly be deployed as software on any IoT device to provide customers with simple solutions.”
    Paul Edrich
    CTO, IMS Evolve
  • “By integrating NetFoundry’s zero trust platform into our IoT and Edge analytics solutions, TOOQ is transforming the retail industry.”
    Ronaldo Moura
    CEO, TOOQ
  • PliantCloud Alliance Technology Group netfoundry appwan zero trust fintech
    NetFoundry extends the WAN all the way to the application endpoint without CPE, over the Internet. We integrated NetFoundry’s AppWANs into the networking solutions we sell to financial institutions to enable them to meet their strict regulatory and security requirements.
    Chris Williams
    VP at PliantCloud, Alliance Technology Group

Develop once.
Deploy anywhere.

Use the Ziti SDKs to embed zero trust networking into your product.

Agentless zero trust networking, built into your solution, enabling zero trust remote management, edge orchestration and application security.

Get started in the language of your choice

Zero trust networking case studies

Cybersecurity, AI, critical infrastructure, cloud, industry and other providers extend zero trust networking to their customers

Oracle

See how Oracle uses Ziti ZTNA to secure Kubernetes APIs and make Oracle Autonomous Database unreachable from the networks.

Arm and Capgemini

See how Arm, Capgemini and NetFoundry team up to secure connected cars and autonomous vehicles via zero trust networking.

Microsoft

See how Microsoft uses NetFoundry's Ziti platform to connect Azure Private MEC industrial sites, and see why this Microsoft post named NetFoundry as 1 of 4 zero trust networking partners.

More case studies:

Zero trust networking use cases

Zero trust remote management

Manage and orchestrate OT, IoT and edge deployments with security, simplicity, and performance.

Embed direct remote management capabilities directly into your hardware, software or solution via NetFoundry's Ziti SDKs, or use lightweight, zero trust agents, available for every OS.

Enjoy unparallelled performance, control and telemetry. See this Gartner Review from a leading machine vision provider as an example.

Schedule a demo or get more info

  • Private, zero trust network overlay fabric provides security and performance
  • Mutual TLS (mTLS), encryption and microsegmentation
  • Eliminate the complexity of hardware alternatives and replace truck rolls
  • Eliminate performance hurting VPNs and backhaul
  • Private, zero trust IoT fabric (Software Defined Network) for security and performance
  • Mutual TLS (mTLS), encryption and microsegmentation
  • Eliminate the complexity of hardware alternatives and replace truck rolls
  • Eliminate performance hurting VPNs and backhaul

Extend private APIs to customers and partners

The greatest API vulnerability is the public-facing edge - API and gateways. These edges are at the core of the Top 10 OWASP API threats so it is far more secure to keep the APIs private. However, historically the problem has been offering private APIs to customers and partners who are not on your network. 

No longer.  NetFoundry's zero trust API networking enables you to keep your APIs private, while enabling your authorized customers and partners to consume them, without VPNs or whitelisted IP addresses.

Schedule a demo or learn more
  • Private, zero trust API overlay networks for security and low latency
  • Access private API gateways in AWS, Azure and OCI without being forced through the MPLS or VPN
  • Encryption and mutual TLS (mTLS) built-in
  • Software-only solution, deployed in minutes
  • Private, zero trust API overlay networks for security and low latency
  • Access private API gateways in AWS, Azure and OCI without being forced through the MPLS or VPN
  • Encryption and mutual TLS (mTLS) built-in
  • Software-only solution, deployed in minutes

Agentless zero trust networking

Networking was once a barrier to app innovation and automation with dependencies on day two security and performance engineering.

NetFoundry provides a new art of the possible by enabling developers, network engineers, DevOps, and cloud teams to programmatically controlling private, zero trust, high performance networking.

SDK enable applications to embed zero trust security and optimized performance into the app itself, going wherever the app goes, without requiring agents or gateways.

Learn About Agentless SecuritySCHEDULE A DEMO

  • Use CloudZiti SDKs to embed multi-cloud native private networking into apps with a few lines of code
  • Container and virtual gateways, pre-integrated with all major clouds, and available for branches and private DCs
  • App-embedded goes anywhere your app or API goes, without agents or gateways. This provides end-to-end control, security and visibility, even for B2B and multi-cloud connections
  • Ziti host and edge endpoints are available for all major operating systems, IoT, edge compute, and cloud platforms
  • Use CloudZiti SDKs to embed multi-cloud native private networking into apps with a few lines of code
  • Container and virtual gateways, pre-integrated with all major clouds, and available for branches and private DCs
  • App-embedded goes anywhere your app or API goes, without agents or gateways. This provides end-to-end control, security and visibility, even for B2B and multi-cloud connections
  • Ziti host and edge endpoints are available for all major operating systems, IoT, edge compute, and cloud platforms