NetFoundry | Developers

NetFoundry AppNets

Connect Securely Using AppNets. Everything NetFoundry Does Starts with Zero Trust.

NetFoundry Zero Trust

In a NetFoundry zero trust system, every client needs an identity with provisioned certificates for secure communication and authentication. Visibility and access is granted only after verifying credentials; denied requests result in terminated connections. This ensures clients access only authorized applications, enhancing security through certificate-based authentication and authorization.

Highlights

  • Identity Verification
  • Mutual TLS
  • End- to-End Encryption
  • Least Privilege Access
  • Microsegmentation & AppNets
  • Role-Based Policies
  • Continuous Authentication
  • Security Posture Checks

How NetFoundry Works

Zero Trust Connectivity with End-to-End Encryption & AppNets

NetFoundry | How NetFoundry Works

Highlights

  • No Listening Ports
  • Outbound Connections Only
  • Strong Identity Verification
  • Invisible to Attacks

Invisible Mode

You Can’t Attack What You Can’t See

NetFoundry keeps online resources dark and invisible by eliminating listening ports, relying on outbound connections, and requiring strong authenticated identities. This ensures that online applications are invisible and impervious to direct attacks and port scanning.

Authenticate Before Connect

Prevent Lateral Network Movement

NetFoundry’s “Authenticate-before-connect” policy requires every user or device to be authenticated and authorized before any network connection is established. This ensures that only verified and trusted identities can initiate or participate in a session, enhancing security by preventing unauthorized access right from the outset.

Highlights

  • Verify Before Access
  • Pre-Connection Authentication
  • Trusted Identities Only

Highlights

  • Provisioned Certificates (X.509)
  • Multi-Factor Authentication (MFA)
  • Dynamic Posture Checks
  • Certificate-Based Authentication

Identity Verification

Never Trust, Always Verify

NetFoundry handles identity verification with provisioned X.509 certificates, zero trust principles, and multi-factor authentication (MFA). Access requests are authenticated and authorized, supported by real-time posture checks and certificate-based authentication. Policy-based access control ensures that only verified entities access applications and services, maintaining network integrity and security.

End-to-End Encryption

Secure Your Data from End to End with mTLS

NetFoundry’s end-to-end encryption ensures data is encrypted at the source, securely transmitted, and decrypted only at the destination. Both parties are authenticated using mutual TLS (mTLS), maintaining confidentiality and security throughout the transmission process.

Highlights

An AppNet consists of unique endpoints, identities, services, and policies required for a single application.

Highlights

  • Provisioned Certificates (X.509)
  • Multi-Factor Authentication (MFA)
  • Dynamic Posture Checks
  • Certificate-Based Authentication

AppNets and Microsegmentation

Simplify And Automate Overlay Network Management

AppNets are software-defined segments of a NetFoundry overlay network for specific applications, using unique identities, services, and policies. They ensure applications are invisible by shutting down underlay access. NetFoundry endpoints create outbound sessions with mTLS overlays for zero trust security.

Zero Trust Overlay SDNs

Zero Trust Connectivity with End-to-End Encryption & AppNets

NetFoundry | How AppNets Works

Least Privilege Access and Policies

Protect Your Resources with Identity-Based Permissions

NetFoundry’s least privileged access ensures users and devices receive only the necessary permissions through identity-based access control, granular policies, dynamic access management, and microsegmentation. Verified identities are granted minimal access, policies define resource permissions, access rights adjust in real-time, and network resources are isolated.

Highlights

  • Minimal Access Permissions
  • Identity-Based Control
  • Granular Policies
  • Dynamic Access Management

Highlights

  • Ongoing Identity Verification
  • Session-Long Security
  • Behavioral Monitoring

Continuous Authentication

Maintain Trust Throughout Sessions

Continuous authentication in NetFoundry constantly verifies user and device identities throughout their session, not just at login. This ongoing validation enhances security by detecting and responding to any behavioral or device changes, and maintaining a secure environment by promptly identifying and mitigating potential risks,

Zero Trust Features

Zero Trust SDN

Software-defined overlay networks render assets invisible to the Internet by enabling you to close all inbound firewall ports without VPNs, permitted IPs, or bastions.

Authenticate & Authorize

Users and devices must prove their identity (authentication) and be granted specific access rights (authorization) before establishing a connection, including for third-party systems and API access.

Mutual TLS

Uses TLS (Transport Layer Security) as the client and server authentication security protocol. Secures APIs, RDP, SSH, server-initiated and bidirectional. Secondary authentication methods like MFA are available.

End-to-End Encryption

Ensures that all communications are securely encrypted from the source to the destination. All data is inaccessible to any intermediate hops.

Identity-Based Access Control

Access is granted based on the identity of users and devices, not merely IP addresses, allowing for more precise control.

Network Microsegmentation

Allows for the division of network resources into secure zones to minimize the attack surface and restrict lateral movement.

Application Segmentation

Ensures only authorized users can access specific applications, enhancing security at the application level.

Embeddable

Developers can leverage a software overlay network by embedding it directly inside all parts of their application as code using our SDKs.

Seamless Integration

Can be integrated with existing infrastructure and applications without significant modifications since the overlay is defined by software.

Open Source

The development is open to contributions from a community, offering transparency and collaborative improvements.

Multi-Platform Support

Supports a wide range of platforms, including Windows, Linux, macOS, and mobile OSes, ensuring broad applicability.

Continuous Authentication

Network constantly verifies the identity of a user or entity throughout their session or interaction with a system, rather than just at the initial login point.

Eliminate VPN Hassles

Simplify with Zero Trust Networking

Remove the complexities of VPNs with our streamlined Zero Trust solutions. Avoid that one VPN misconfiguration that opens up your networks. Try our products for free, schedule a demo, or contact sales.

NetFoundry | Executives