The Modern Zero Trust Network

IIoT

NetFoundry unveils OT security platform with embedded zero trust for critical infrastructure

Philip Griffiths
NetFoundry | Philip Griffiths

Philip Griffiths

VP of Strategic Accounts

NetFoundry, the leader in embedded zero trust networking, unveiled a new version of its OT security platform, enabling customers to secure critical infrastructure, including on-premises and air-gapped environments such as substations.

The announcement at Distributech 2025 meets three customer demands:

  1. Simple, software-only, interoperable, vendor-neutral, OT micro-segmentation
  2. Secure connectivity for any use case from IT/OT convergence (incl. AI/ML, automation, digital twins, and cloud innovation), Secure Remote Access, Machine to Machine connectivity (without software agents) and more
  3. No need to expose the OT network, incur costly network changes or cause unplanned complications/downtime 
  4. Reduced costs of firewalls, SIEM, SOAR, analytics, data lakes and storage

“Since NetFoundry secures critical infrastructure on three continents, we listen to many diverse requirements. A commonality is a need for simple, vendor-neutral security, with reduced cost and complexity”, said Galeal Zino, CEO of NetFoundry. “Solutions which stop at the firewall or are vendor-specific create complexity. Exposing the IT firewall to the Internet and the OT firewall to IT creates continually rising expenses in the downstream systems because they are often priced based on data and sessions. Our customers were pleasantly surprised to see that we addressed all four of these problems in this release.”

Implementations with partners such as FreeWave Technologies protect critical infrastructure from evolving cyberthreats, including ruggedized solutions for harsh environments, including providing 5G and satellite connectivity – https://www.freewave.com/freewave_security_triumvirate/

Steve Wulchin, CEO of FreeWave, said: “VPN and the other security technologies we relied on the past can no longer cut it in today’s hyperconnected world. NetFoundry’s technology enables us to apply the strictest deny-by-default security principles to every user, device and application in our customers’ networks. We welcome the addition of the on-prem option for customers who need to operate without depending on external connectivity while still being able to securely use external edges and clouds when appropriate. Partnering with NetFoundry enables us to meet emerging requirements for secure-by-design products in connected environments, such as the EU Cyber Resilience Act (CRA).” 

Rik Turner, senior principal analyst, Omdia said: “While zero trust technology has gained popularity to enable secure remote access (SRA) in enterprise IT, it is even more crucial in OT environments, where even access from somewhere on the organization’s premises must be secured. In other words, in such a scenario, SRA is actually a subset of a broader secure access requirement.

“It is logical for NetFoundry to unveil an on-prem option for its platform, given that many OT customers, particularly those in the field of critical national infrastructure, cannot and/or will not countenance any cloud-based security capability for their environment.”

The software-only, vendor-neutral NetFoundry OT Security Platform enables OT and IT to eliminate bespoke solutions and centralize identities, policies, controls and telemetry. OT and IT choose what use cases to start with, without disrupting their existing infrastructure. SecOps gains telemetry and analytics to support threat response and regulatory compliance tracking.

The NetFoundry platform enables OT and IT to solve problems like vendor-neutral, software-only micro-segmentation in critical infrastructure, energy and manufacturing while also enabling their vendors to use the NetFoundry platform to build secure by design products. This new model has three advantages:

  1. Makes it far simpler for OT and IT – their OEMs embed secure networking into their products – which enables adoption and scale.
  2. The OEMs don’t need to build their own identity, authentication, authorization, mTLS, encryption, microsegmentation and telemetry.
  3. The OEMs meet emerging requirements like the EU CRA, which requires connected product providers to provide secure by-design products.

For example, NetFoundry software is built into industrial control system software, manufacturing machines, modems, routers, firewalls, PLCs, edge cells and reverse proxies. Edge servers using NetFoundry include Microsoft, Arrow, Cap Gemini, FreeWave, EdgeX Foundry and Supermicro. When NetFoundry is not already built-in, it can be added as a VM or container and is available for every major OS and is in every major cloud marketplace.

Additions to the NetFoundry OT Security Platform

The latest NetFoundry OT Security Platform updates include:

  • Beyond the firewall zero trust. Via lightweight agents on existing hardware such as PLCs, edge cells, and SDKs which enable agentless integration into specific applications and workflows, NetFoundry provides OT microsegmentation beyond the firewall.
  • Reduced costs. Firewalls are simplified, made more effective and enabled for higher throughput – the firewalls are no longer filtering the Internet – they are only listening for identified, authenticated, authorized sessions. Likewise, SIEM and SOAR data is reduced, with a much sharper focus, due to the inability of unauthenticated sessions to make it to the firewall. Data costs for data lakes, analytics and storage are massively reduced.
  • Extend legacy software and hardware. NetFoundry overlays add functionality such as identity, authentication, MFA, posture, PKI, mutual TLS (mTLS) and encryption without requiring changes to underlying applications or infrastructure. Data exfiltration and lateral movement protection. By extending zero trust beyond the firewall, rejecting all inbound sessions, and only allowing identified, authenticated, authorized, micro-segmented outbound traffic to a private network, it makes it very difficult for even a compromised device or zero day to ‘phone home’ or send data to destinations which are not explicitly listed in the policy and strongly authorized.
  • On-demand connectivity. Workflows and trouble ticket systems use NetFoundry APIs to spin up instant, ephemeral connections for specified workloads. For example, while a ticket is open for temporary remote access, the targeted OT or IT system will open an outbound connection to an authorized destination for the specific ports and protocols required. When the ticket is closed, or a timer expires, the connectivity is automatically removed. The connection is specific to the session, e.g. anything out of policy is rejected.
Get the latest NetFoundry 
News & Insights
NetFoundry | Industry 4.0 and IIoT: Bidirectional Zero Trust Networking Replaces VPNs
OT
Industry 4.0 and IIoT: Bidirectional Zero Trust Networking Replaces VPNs
Read More
NetFoundry | Simplifying OT Network Security with the NetFoundry IIoT Connectivity Platform
IIoT
Simplifying OT Network Security with the NetFoundry IIoT Connectivity Platform
Read More
Meet Our Authors
NetFoundry | Galeal Zino
Galeal Zino
NetFoundry | David Hart
David Hart
NetFoundry | Michael Pearl
Michael Pearl
NetFoundry | Siobhán Deery
Siobhán Deery
NetFoundry | Michael Kochanik
Michael Kochanik
NetFoundry | Robert Caamano
Robert Caamano
NetFoundry | Mike Gorman
Mike Gorman
NetFoundry | Priyanka Bajaj
Priyanka Bajaj
NetFoundry | Philip Griffiths
Philip Griffiths
NetFoundry | Clint Dovholuk
Clint Dovholuk
NetFoundry | Surendran Naidu
Surendran Naidu
NetFoundry | Tod Burtchell
Tod Burtchell
NetFoundry | Mike Guthrie
Mike Guthrie
NetFoundry | Ganesh Palaniappan
Ganesh Palaniappan
NetFoundry | Secure by Design
Products
Solutions
Industries
Secure by Role
Why NetFoundry