NetFoundry Platform From the developers of OpenZiti

NetFoundry’s Identity-First Connectivity™ is a simple, faster and more secure approach for securing distributed workloads.

  • Eliminate 99.99% of exploitation risk by closing all inbound ports.
  • Accelerate application deployments.
  • Stop wasting time on site-to-site VPNs and never-ending firewall rule changes.

A simpler, more secure alternative to management-intensive firewalls and VPNs

  • Authenticate before connect
  • No open inbound firewall ports; no network changes required
  • Identity-based visibility and control
  • Least privilege access by site, host, or application
  • Supports any workload—human, machine, or AI agent
Identity-defined connections between services and APIs, MCP Servers, AI agents , networks and cloud services.

Traditional Networks Connect Before Authenticate

Connection goes from Cloud through Firewall, then through VPN, Proxy, or WAF, then authenticates to connect to an application.
  • Open inbound ports can be scanned by attackers and weaknesses exploited.
  • Management of IPs, firewalls and VPNs is time consuming and visibility is poor.

Identity-First Connectivity™ Authenticate Before Connect

  • No open inbound ports—all traffic initiated outbound (port 443 by default).
  • Simplified management—no firewall rules to change. Visibility by identity, not IP address.

The Challenges of Traditional Open Networks

  • IP addresses make lousy identifiers—they’re too dynamic (DHCP, NAT)
  • Attackers can exploit open ports before both authentication and authorization happens.
  • Default access is to the entire site, enabling attacker lateral movement.
  • New initiatives bogged down by required network and firewall changes.
  • Poor visibility and audit—need to aggregate telemetry across devices by IP addresses.

“We sometimes have 15-20 policies/rules across multiple tools, firewalls, and other infrastructure to allow communication between workloads. It takes two weeks to make any change.

Software-Only Overlay Hides Network Complexity

Simple Zero Trust Workload Connectivity

  • Each connection is first reliably authenticated
  • No open inbound ports – no network changes required
  • Policy defines allowed connectivity
  • Fast deployment and updates—no network or firewall changes required
  • Full identity-based visibility
  • Robust, high performance network fabric
NetFoundry overlays the traditional network, simplifying and securing with identity-first networking.

“Segmenting a workload from cloud to on-prem can require dozens of network/security changes and weeks of coordination – whereas an overlay can enable secure connectivity in seconds by updating identity-based policy.”

How Identity-First Connectivity Provides Workload Security

Flexibility to Support Any Distributed Environment

Connectors
  • Lightweight connectors run on desktops, servers, mobile, IoT devices (Windows, Mac, Linux, Android, iOS)
  • Connector embedded directly into app via SDK (Golang, C, JAVA, .Net, Swift or Python)
  • Clientless Endpoints using Frontdoor connectivity
Connections to your on-prem or cloud application from external clients go through NetFoundry's built-in connectors.
Network Fabric
  • Hosted by you or NetFoundry
  • Private per customer
  • 100+ PoPs on all major clouds
  • HA and dynamic least-cost routing
  • 99.95% uptime SLA, 24x7x365 support
Connections to your on-prem or cloud application from external clients go through NetFoundry's Fabric Overlay.
Segmentation
  • Least privileged access
  • No lateral movement allowed
  • Segmentation by site, host, or app
Site, host, and application are segmented and segregated.
Management & Control
  • Comprehensive identity, PKI, integrations, and reporting
  • Hosted by you or NetFoundry
  • Air-gapped environments supported
  • User interface and comprehensive APIs
The solution is hosted by you or NetFoundry, for devices, sites, and applications to communicate with on-prem or cloud applications.

Fast Deployment, Easy Changes

NetFoundry deploys quickly, and changes are easy due to the independent way each component is managed by policy.

  • No network or firewall rule changes required.
  • Policies based on identities and services, not ever-changing IP addresses.
  • Network-wide visibility by identity, not IP addresses.
  • No coordinated setup between entities that need to communicate.
  • Every connection to the fabric is independent and identity-verified.
  • All connectivity is controlled by policy. Default is to deny all.

Robust Manageability

  • Identities and policies (rather than IP addresses) help you establish which elements can see and connect to your workloads, and precisely what they have access to.
  • Posture checks and continuous authentication help you insure that connected elements meet your security standards and haven’t been compromised.
  • Just-in-time programmatic policy changes apply instantly and can have limited duration.
  • And of course there’s the full array of event management, metrics, and integrations that you need from an industrial-strength solution.
An application dashboard shows network management events, connection identities, and network utilization.

Built On The World’s Most-Used Open-Source Software for Zero Trust Connectivity

The team at NetFoundry developed and still maintains OpenZiti—the number one open-source solution for zero trust network connectivity.

OpenZiti underpins the NetFoundry solution. As an open-source project, it is exposed to the scrutiny of developers all over the world. Potential issues are uncovered and addressed immediately for the highest level of confidence.

NetFoundry Deployment Options

OpenZiti

Open Ziti

Self-Hosted Open Source

  • Community support
  • Self-deployed and managed (connectors, routers, controller), self-orchestrated
Self-Hosted

Self-Hosted

Self-Hosted Licensed

  • Enterprise-grade support (24×7)
  • Self-deployed and managed (connectors, routers, controller), self-orchestrated
  • Operational tooling: Production support tools, backup/restore, platform LCM, SCIM, installers
  • Contracted relationship (indemnification)
  • FIPS compliant
  • Use case and/or implementation documentation

Cloud

SaaS

  • Enterprise grade support (24×7)
  • Fully managed by NetFoundry (100+ POPs) with 99.95% uptime SLA
  • Operational tooling: Production support tools, backup/restore, platform LCM, SCIM, installers
  • Contracted relationship (indemnification)
  • FIPS compliant
  • Use case and/or implementation documentation
  • SOC 2 compliant

Simple to deploy, simple to operate, and eliminates 99.99% of exploitation risk

Who Doesn't Love Simple & Secure?

VPN and the other security technologies we relied on the past can no longer cut it in today’s hyperconnected world. NetFoundry’s technology enables us to apply the strictest deny-by-default security principles to every user, device and application in our customers’ networks.

Steve Wulchin

CEO

Freewave
NetFoundy presented us with the opportunity to reset the old clichés and to disrupt long-standing operating models, creating a far more agile workforce and work itself. By collaborating with NetFoundry we are changing the game and building a highly agile digital organization to deliver unmatched innovation to our clients

Damir Jaksic

Chief Information Officer

KEO International Consultants

NetFoundry | KEO
The USA secure connectivity strategy updates (M-22-09) make it clear that the technology industry must begin to take more responsibility for protecting the public from cybercriminals. Intrusion is proud to partner with NetFoundry to help accelerate this transformation to secure by design solutions.

Tony Scott

CEO

Intrusion

NetFoundry | Intrusion
NetFoundry’s Zero Trust B2B solution has significantly enhanced the security and performance of our integration platform, allowing us to deliver reliable and secure services to our customers without S2S VPN and firewall headaches.

Rodrigo Bernardinelli

Co-Founder

Digibee

NetFoundry | Digibee
Zero trust technology that works as advertised.

Kevin Klasey

Director of IT

FreightCar

NetFoundry | FreightCar
NetFoundry enabled us to move to Infrastructure-as-Code automation, including customer connectivity. As we roll this out to our customers, we are changing the game for MIS printing and labeling to deliver unmatched innovation to our clients, without asking them to open firewall ports or manage S2S VPNs.

Nico Delaere

IT and Security Manager

CERM

NetFoundry | CERM
NetFoundry’s Zero Trust B2B met our customer’s most stringent security requirements – no permitted IP addresses in their firewalls and no S2S VPNs.

John Wilson

CEO

TZ Limited

NetFoundry | TZ
We are committed to making the world a safer place, and we are just as committed to protecting our clients’ data and information. Partnering with NetFoundry is the best way.

Steve Lindsey

CTO and CIO

LVT

NetFoundry | LVT

Learn More

NetFoundry | Zero Trust API Security: Securing B2B APIs with NetFoundry

Zero Trust API Security: Securing B2B APIs with NetFoundry

NetFoundry White Papers Executive Summary In today’s interconnected digital world, Application Programming Interfaces (APIs) play a crucial role in enabling data exchange and service integration across organizations. As their usage...

NetFoundry | KEO Replaces VPNs with NetFoundry’s Zero Trust Network

KEO Replaces VPNs with NetFoundry’s Zero Trust Network

NetFoundry Case Studies KEO KEO International Consultants, a global leader in architecture, engineering, and project management, has been at the forefront of delivering iconic projects for over 57 years. Ranked...

Demo: Business-to-Business Connectivity

Ready to end the costly, risky VPN mess? Watch our demo to see just how powerful yet easy it is to upgrade to Identity-First Networking from NetFoundry....
NetFoundry | Transitioning from B2B VPNs to AppNets – The Modern MSP Approach to Secure Access

Transitioning from B2B VPNs to AppNets – The Modern MSP Approach to Secure Access

NetFoundry White Papers Introduction: The State of the Managed Services Industry As digital transformation reshapes industries, managed service providers (MSPs) are increasingly tasked with securing access across diverse customer environments....

NetFoundry | Zero Trust for IoT: The Essential Strategy for Securing Industrial, Consumer, and Smart Technologies

Zero Trust for IoT: The Essential Strategy for Securing Industrial, Consumer, and Smart Technologies

NetFoundry White Papers Zero Trust IoT The Internet of Things (IoT) has transformed both industrial and consumer landscapes by enabling interconnected devices to communicate and share data seamlessly. However, as...

Talk With Us

Learn more about securing workloads with Identity-First Connectivity™

Schedule a Meeting
NetFoundry | Secure by Design
Products
Solutions
Industries
Secure by Role
Why NetFoundry