Business transformation requires network transformation
NetFoundry's zero trust networking connects applications and APIs inside networks, and between different networks.
Providers and suppliers can even embed zero trust networking into products, as software.
See a demoZero trust for providers
Integrate zero trust networking with your product to meet your customers' strictest security and compliance requirements, and to enable seamless remote management for you.
Learn MoreZero trust third party access
Spin up a single zero trust extranet for all suppliers, or for any single provider. Eliminate all inbound access, bastions, VPNs, firewall ACLs (one inbound rule: deny-all inbound).
Learn MoreZero trust management
Performance similar to being local on the server, zero trust security and the simplicity of a multi-tenant overlay network with centrally managed identities, policies and telemetry.
Learn MoreZero trust APIs
Access private API gateways from anywhere, without VPN or WAN dependencies
Learn MoreSecure DMZ
Change your firewall rule to deny all inbound with identity-based outbound microsegmentation.
Learn MoreZero trust OT
No access to OT networks or hosts. Instead, application microsegmented, outbound-only connections, with centralized management of identities, policies and telemetry.
Learn MoreIntroducing the first zero trust networking built for providers
Solution, machine, software and service providers enable remote management and data sharing across customer sites by integrating software-only zero trust networking into their products. Here is how a leading machine vision provider described the performance, security and simplicity in a Gartner Peer Review.
Zero trust networking which enables you to close all inbound firewall ports for all use cases, including remote management, 3rd party access, APIs and webhooks.
Zero trust networking anywhere, even 3rd parties & unmanaged devices
Zero Trust, High Performance SDN
Software defined overlay network renders assets invisible to the Internet by enabling you to close all inbound firewall ports, without VPNs, permitted IPs, or bastions. The private overlays are hosted globally by NetFoundry as SaaS, or are self-hosted.
Low Latency, High Resiliency
Algorithms continually adjust as network conditions change, minimizing latency, and providing automated load balancing, resiliency and high availability. Routing extends to the edgess, eliminating backhaul and decreasing cloud data egress charges.
Multi-tenant
Centrally manage multi-tenant, zero trust networks via web console and APIs. Each of your customers is identity microsegmented with full zero trust, while you maintain central controls, visibility, provisioning and telemetry. Your data planes are unique - not shared with other NetFoundry customers - and can be self-hosted or provided by NetFoundry as NaaS
Authenticate Before Connect
Strong identity, authentication and authorization is provided by the platform, BEFORE any device is allowed to initiate a session on the network. The 'firewall' or PEP is moved outside of your DMZ, even for APIs, 3rd party connections, B2B, mobiles and unmanaged devices. Network access control (NAC) is provided globally, without requiring agents.
End-to-End Encryption and Mutual TLS
Exceeds federal zero trust mandates with mutual TLS (mTLS) for every link, and end-to-end encryption, extended all the way to the application itself. NetFoundry provides the PKI and bootstrapping, with X.509 certificate methods and ability to add your own CAs (RFC 7030).
Endpoints, from OT to Cloud
Agents and gateways for OT, IoT, mobile, desktop, edge, site and cloud. SDKs enable the agents to be integrated into your software, for agentless zero trust networking, which goes anywhere your software is installed.
Telemetry and Controls
Granular telemetry showing exactly what is going on in your network, at the user and application levels, even when you don't control the networks or endpoints. Combined with the capabilities to instantly grant or revoke access, this enables just in time access, advanced auditing and fine-grain policy controls at the application or API level.
Posture, MFA, Identity Federation
Built-in dynamic posture checks and multi-factor authentication (MFA). X.509 certificates (enrollment and PKI provided) serve as a strong auth factor for OT, APIs and servers. Third-party TOTP and MFA supported, and prebuilt integrations with Yubikey and KeyCloak available. Integrates with OICD, OAuth and SPIFFE.
Agentless Zero Trust Networks
Embed multi-cloud native, zero trust networking directly into your software via SDKs for every major programming language. Your solution now has a private, zero trust network overlay, governed by your policies, and managed centrally as software. This includes industrial zero trust networks for machines, robots and drones, as well as zero trust management networks for software, hardware and service providers.
Zero Trust Browser, Proxy, API Gateway
Transform browsers, proxies, reverse proxies and API gateways into zero trust endpoints. Zero trust browsers enable security compliance for legacy apps which don't support SSO, MFA or encryption...without needing to modify the apps. Zero trust proxies and API gateways enable customer and partner access to websites and APIs, without exposing them to the Internet
Zero trust networking case studies
Cybersecurity, AI, critical infrastructure, cloud, industry and other providers extend zero trust networking to their customers
Oracle
See how Oracle uses Ziti ZTNA to secure Kubernetes APIs and make Oracle Autonomous Database unreachable from the networks.
Arm and Capgemini
See how Arm, Capgemini and NetFoundry team up to secure connected cars and autonomous vehicles via zero trust networking.
Microsoft
See how Microsoft uses NetFoundry's Ziti platform to connect Azure Private MEC industrial sites, and see why this Microsoft post named NetFoundry as 1 of 4 zero trust networking partners.
Zero trust networking use cases
Zero trust remote management
Manage and orchestrate OT, IoT and edge deployments with security, simplicity, and performance.
Embed direct remote management capabilities directly into your hardware, software or solution via NetFoundry's Ziti SDKs, or use lightweight, zero trust agents, available for every OS.
Enjoy unparallelled performance, control and telemetry. See this Gartner Review from a leading machine vision provider as an example.
Schedule a demo or get more info
- Private, zero trust network overlay fabric provides security and performance
- Mutual TLS (mTLS), encryption and microsegmentation
- Eliminate the complexity of hardware alternatives and replace truck rolls
- Eliminate performance hurting VPNs and backhaul
- Private, zero trust IoT fabric (Software Defined Network) for security and performance
- Mutual TLS (mTLS), encryption and microsegmentation
- Eliminate the complexity of hardware alternatives and replace truck rolls
- Eliminate performance hurting VPNs and backhaul
Extend private APIs to customers and partners
The greatest API vulnerability is the public-facing edge - API and gateways. These edges are at the core of the Top 10 OWASP API threats so it is far more secure to keep the APIs private. However, historically the problem has been offering private APIs to customers and partners who are not on your network.
No longer. NetFoundry's zero trust API networking enables you to keep your APIs private, while enabling your authorized customers and partners to consume them, without VPNs or whitelisted IP addresses.
Schedule a demo or learn more- Private, zero trust API overlay networks for security and low latency
- Access private API gateways in AWS, Azure and OCI without being forced through the MPLS or VPN
- Encryption and mutual TLS (mTLS) built-in
- Software-only solution, deployed in minutes
- Private, zero trust API overlay networks for security and low latency
- Access private API gateways in AWS, Azure and OCI without being forced through the MPLS or VPN
- Encryption and mutual TLS (mTLS) built-in
- Software-only solution, deployed in minutes
Agentless zero trust networking
Networking was once a barrier to app innovation and automation with dependencies on day two security and performance engineering.
NetFoundry provides a new art of the possible by enabling developers, network engineers, DevOps, and cloud teams to programmatically controlling private, zero trust, high performance networking.
SDK enable applications to embed zero trust security and optimized performance into the app itself, going wherever the app goes, without requiring agents or gateways.
- Use CloudZiti SDKs to embed multi-cloud native private networking into apps with a few lines of code
- Container and virtual gateways, pre-integrated with all major clouds, and available for branches and private DCs
- App-embedded goes anywhere your app or API goes, without agents or gateways. This provides end-to-end control, security and visibility, even for B2B and multi-cloud connections
- Ziti host and edge endpoints are available for all major operating systems, IoT, edge compute, and cloud platforms
- Use CloudZiti SDKs to embed multi-cloud native private networking into apps with a few lines of code
- Container and virtual gateways, pre-integrated with all major clouds, and available for branches and private DCs
- App-embedded goes anywhere your app or API goes, without agents or gateways. This provides end-to-end control, security and visibility, even for B2B and multi-cloud connections
- Ziti host and edge endpoints are available for all major operating systems, IoT, edge compute, and cloud platforms
Zero trust networking for connected industry
Providers need access to many customer networks. Businesses need to provide access to many providers. The resultant firewall challenge is a nightmare.
NetFoundry reversed the model. Provider's don't get access to any sites. And this works within OT sites, between IT and OT sites, and between provider sites. All firewalls change to one simple rule: deny-all inbound. Say what?
Instead, NetFoundry's software microsegmented networking only grants access to specific applications. For example, a machine provider can access a specific app on a certain machine, but can't access the network. In fact, the machine provider can build the access into the app - no separate agent or gateway needed!
Rather than open up the front door, and then use firewall rules to deny access to different rooms, all the rooms are default closed. Centrally managed layer 7 policy dictates least privileged access to each room (app). Both IT and OT firewalls deny all inbound traffic.