Extend zero trust networking anywhere, as part of your product

NetFoundry is the first to enable you to embed zero trust networking into your product, as software. Your customers get zero trust, automatically, simply by using your product. Eliminate VPNs, MPLS, permitted IPs and bastions.

NetFoundry's SDKs and endpoints enable you to connect APIs, OT, IoT, mobile, desktop, containers, VMs, browsers, reverse proxies, modems, firewalls, edge servers and clouds.

See a demo

 

 

NetFoundry secures billions of sessions per year for over 1000 enterprises, including 2 of the largest 10 in the world

Zero Trust, High Performance SDN

Software defined overlay network renders assets invisible to the Internet by enabling you to close all inbound firewall ports, without VPNs, permitted IPs, or bastions. The private overlays are hosted globally by NetFoundry as SaaS, or are self-hosted.

Low Latency, High Resiliency

Algorithms continually adjust as network conditions change, minimizing latency, and providing automated load balancing, resiliency and high availability. Routing extends to the edgess, eliminating backhaul and decreasing cloud data egress charges.

Multi-tenant

Centrally manage multi-tenant, zero trust networks via web console and APIs. Each of your customers is identity microsegmented with full zero trust, while you maintain central controls, visibility, provisioning and telemetry. Your data planes are unique - not shared with other NetFoundry customers - and can be self-hosted or provided by NetFoundry as NaaS

Authenticate Before Connect

Strong identity, authentication and authorization is provided by the platform, BEFORE any device is allowed to initiate a session on the network. The 'firewall' or PEP is moved outside of your DMZ, even for APIs, 3rd party connections, B2B, mobiles and unmanaged devices. Network access control (NAC) is provided globally, without requiring agents.

End-to-End Encryption and Mutual TLS

Exceeds federal zero trust mandates with mutual TLS (mTLS) for every link, and end-to-end encryption, extended all the way to the application itself. NetFoundry provides the PKI and bootstrapping, with X.509 certificate methods and ability to add your own CAs (RFC 7030).

Endpoints, from OT to Cloud

Agents and gateways for OT, IoT, mobile, desktop, edge, site and cloud. SDKs enable the agents to be integrated into your software, for agentless zero trust networking, which goes anywhere your software is installed.

Telemetry and Controls

Granular telemetry showing exactly what is going on in your network, at the user and application levels, even when you don't control the networks or endpoints. Combined with the capabilities to instantly grant or revoke access, this enables just in time access, advanced auditing and fine-grain policy controls at the application or API level.

Posture, MFA, Identity Federation

Built-in dynamic posture checks and multi-factor authentication (MFA). X.509 certificates (enrollment and PKI provided) serve as a strong auth factor for OT, APIs and servers. Third-party TOTP and MFA supported, and prebuilt integrations with Yubikey and KeyCloak available. Integrates with OICD, OAuth and SPIFFE.

Agentless Zero Trust Networks

Embed multi-cloud native, zero trust networking directly into your software via SDKs for every major programming language. Your solution now has a private, zero trust network overlay, governed by your policies, and managed centrally as software. This includes industrial zero trust networks for machines, robots and drones, as well as zero trust management networks for software, hardware and service providers.

Zero Trust Browser, Proxy, API Gateway

Transform browsers, proxies, reverse proxies and API gateways into zero trust endpoints. Zero trust browsers enable security compliance for legacy apps which don't support SSO, MFA or encryption...without needing to modify the apps. Zero trust proxies and API gateways enable customer and partner access to websites and APIs, without exposing them to the Internet

Zero trust networking case studies

Cybersecurity, AI, critical infrastructure, cloud, industry and other providers extend zero trust networking to their customers

Oracle

See how Oracle uses Ziti ZTNA to secure Kubernetes APIs and make Oracle Autonomous Database unreachable from the networks.

Arm and Capgemini

See how Arm, Capgemini and NetFoundry team up to secure connected cars and autonomous vehicles via zero trust networking.

Microsoft

See how Microsoft uses NetFoundry's Ziti platform to connect Azure Private MEC industrial sites, and see why this Microsoft post named NetFoundry as 1 of 4 zero trust networking partners.

Zero trust for providers


Integrate zero trust networking with your product to meet your customers' strictest security and compliance requirements, and to enable seamless remote management for you.

Learn More

Zero trust third party access


Spin up a single zero trust extranet for all suppliers, or for any single provider. Eliminate all inbound access, bastions, VPNs, firewall ACLs (one inbound rule: deny-all inbound).

Learn More

Zero trust management


Performance similar to being local on the server, zero trust security and the simplicity of a multi-tenant overlay network with centrally managed identities, policies and telemetry.

Learn More

Zero trust APIs


Access private API gateways from anywhere, without VPN or WAN dependencies

Learn More

Secure DMZ


Change your firewall rule to deny all inbound with identity-based outbound microsegmentation.

Learn More

Zero trust OT


No access to OT networks or hosts.  Instead, application microsegmented, outbound-only connections, with centralized management of identities, policies and telemetry.

Learn More

The first zero trust networking built for providers

zero-trust-provider

Solution, machine, software and service providers enable remote management and data sharing across customer sites by integrating software-only zero trust networking into their products.

Providers replace VPNs with a multi-tenant, zero trust, centrally managed solution.

Here is how a leading machine vision provider described the performance, security and simplicity in a Gartner Peer Review.

See a demo

Zero trust networking use cases

Zero trust remote management

Manage and orchestrate OT, IoT and edge deployments with security, simplicity, and performance.

Embed direct remote management capabilities directly into your hardware, software or solution via NetFoundry's Ziti SDKs, or use lightweight, zero trust agents, available for every OS.

Enjoy unparallelled performance, control and telemetry. See this Gartner Review from a leading machine vision provider as an example.

Schedule a demo or get more info

  • Private, zero trust network overlay fabric provides security and performance
  • Mutual TLS (mTLS), encryption and microsegmentation
  • Eliminate the complexity of hardware alternatives and replace truck rolls
  • Eliminate performance hurting VPNs and backhaul
  • Private, zero trust IoT fabric (Software Defined Network) for security and performance
  • Mutual TLS (mTLS), encryption and microsegmentation
  • Eliminate the complexity of hardware alternatives and replace truck rolls
  • Eliminate performance hurting VPNs and backhaul

Extend private APIs to customers and partners

The greatest API vulnerability is the public-facing edge - API and gateways. These edges are at the core of the Top 10 OWASP API threats so it is far more secure to keep the APIs private. However, historically the problem has been offering private APIs to customers and partners who are not on your network. 

No longer.  NetFoundry's zero trust API networking enables you to keep your APIs private, while enabling your authorized customers and partners to consume them, without VPNs or whitelisted IP addresses.

Schedule a demo or learn more
  • Private, zero trust API overlay networks for security and low latency
  • Access private API gateways in AWS, Azure and OCI without being forced through the MPLS or VPN
  • Encryption and mutual TLS (mTLS) built-in
  • Software-only solution, deployed in minutes
  • Private, zero trust API overlay networks for security and low latency
  • Access private API gateways in AWS, Azure and OCI without being forced through the MPLS or VPN
  • Encryption and mutual TLS (mTLS) built-in
  • Software-only solution, deployed in minutes

Agentless zero trust networking

Networking was once a barrier to app innovation and automation with dependencies on day two security and performance engineering.

NetFoundry provides a new art of the possible by enabling developers, network engineers, DevOps, and cloud teams to programmatically controlling private, zero trust, high performance networking.

SDK enable applications to embed zero trust security and optimized performance into the app itself, going wherever the app goes, without requiring agents or gateways.

Learn About Agentless SecuritySCHEDULE A DEMO

  • Use CloudZiti SDKs to embed multi-cloud native private networking into apps with a few lines of code
  • Container and virtual gateways, pre-integrated with all major clouds, and available for branches and private DCs
  • App-embedded goes anywhere your app or API goes, without agents or gateways. This provides end-to-end control, security and visibility, even for B2B and multi-cloud connections
  • Ziti host and edge endpoints are available for all major operating systems, IoT, edge compute, and cloud platforms
  • Use CloudZiti SDKs to embed multi-cloud native private networking into apps with a few lines of code
  • Container and virtual gateways, pre-integrated with all major clouds, and available for branches and private DCs
  • App-embedded goes anywhere your app or API goes, without agents or gateways. This provides end-to-end control, security and visibility, even for B2B and multi-cloud connections
  • Ziti host and edge endpoints are available for all major operating systems, IoT, edge compute, and cloud platforms

Zero trust for browsers & web applications

NetFoundry recognized the security risks of exposing web apps to the open internet, making them vulnerable to cyberattacks. Traditional solutions like firewalls and VPNs are inadequate and complex, creating maintenance burdens.
 
Enter browZerNET, NetFoundry's innovative zero trust overlay network. It's agentless, embeds zero trust directly into web apps without modification, and offers flexibility as both open-source and managed Network-as-a-Service options for streamlined web security.
 

Learn about browZerNETSignup for a browZerNet FREE TRIAL

  • Automatically integrate zero trust networking into any Chromium-based solution without any changes to your web application.
  • Use existing browser with no modifications not even extensions.
  • Instant compliance for all web apps including build-in IdP, MFA and encryption.
  • Web server made unreachable from internet. No open inbound ports to your webserver, not even 443.
  • Secures Web UIs of any system including switches, routers and operational systems.
  • Automatically integrate zero trust networking into any Chromium-based solution without any changes to your web application.
  • Use existing browser with no modifications not even extensions.
  • Instant compliance for all web apps including build-in IdP, MFA and encryption.
  • Web server made unreachable from internet. No open inbound ports to your webserver, not even 443.
  • Secures Web UIs of any system including switches, routers and operational systems.

Zero trust networking for industry

Providers need access to many customer networks. Businesses need to provide access to many providers. The resultant firewall challenge is a nightmare.

NetFoundry reversed the model. Provider's don't get access to any sites. And this works within OT sites, between IT and OT sites, and between provider sites. All firewalls change to one simple rule: deny-all inbound. Say what?

 

industry-zero-trust

Instead, NetFoundry's software microsegmented networking only grants access to specific applications. For example, a machine provider can access a specific app on a certain machine, but can't access the network.  In fact, the machine provider can build the access into the app - no separate agent or gateway needed!

Rather than open up the front door, and then use firewall rules to deny access to different rooms, all the rooms are default closed.  Centrally managed layer 7 policy dictates least privileged access to each room (app). Both IT and OT firewalls deny all inbound traffic.