
NetFoundry NaaS and On-Prem Platform
10s of billions of sessions delivered per year
Up to 99.995% SLAs, 24×7 support and enterprise features. NetFoundry NaaS, hybrid and on-prem options (including air-gapped).
Simplify Zero Trust Networking
Get instant global networking without infrastructure, or deploy on-premise zero trust
In just a few clicks or API calls, you spin up a secure, zero trust overlay network, managed by NetFoundry as NaaS, over tier one backbones and 100s of data centers. Â
Or, use NetFoundry’s platform to deploy on-premises or air-gapped networks with native microsegmentation.
Use cases include:
Microsegmentation. For OT, IoT, edge, cloud, B2B. Replace or augment VPN, SD-WAN, MPLS, private APN, VDI, PAM.
All access. Including persistent, just-in-time (JIT) and one-time access
Multi-network & B2B. OT-IT convergence, multicloud, supply chain
Infrastructure. Add zero trust to current DC, FW, proxy, CPE, API GW, browser, modem, etc.
Supply chain. Includes API, server to server, 3rd party access. Replace shared certs, permitted IPs, VPN, extranet.
Private & hybrid SaaS. Embed NetFoundry to enable, including for Gov Cloud & FedRamp
Distributed. Connect & orchestrate distributed IoT, edge or software
Embedded. Add zero trust networking to your products, including white-label.
Free Trial of NetFoundry NaaS
Try NetFoundry NaaS free for up to 30 days! We’ll kick things off with an onboarding session to give you a tour of our management console, and help you create your private, dedicated overlay. The trial includes up to 5 endpoints and up to 1 TB of data.
If you prefer a full PoV or OEM, or to deploy on-premises, contact us for a meeting.
Launch Fast
Scale Seamlessly
Universal zero trustÂ
Replace VPN, SD-WAN, MPLS, Private APN, VDI, PAM for IT, OT & IoT.
Simplify compliance
FIPS, FedRAMP, NIST 800-171, NERC CIP, IEC 62443, NIS-2, HIPAA, PCI DSS
Flexible
Fully managed NaaS, on-premises & hybrid. IT, OT, IoT, edge, multicloud.
High Performance
HA, full mesh overlay, dynamic routing optimization, auto-scaling.
Extend everywhere
SDK, agentless, agent & gateway options for every major OS.
Zero trust infrastructure
Made to be built into firewalls, proxies, browsers, API gateways.
NaaS option
HA, dedicated, private overlays
AWS, Azure, GCP, OCI, self-hosted, hybrid
Over 140 Points of Presence
NaaS or self-hosted
Optimized Performance Across Tier One Backbones
NetFoundry NaaS provides dedicated, private overlays with end-to-end encryption (keys are sovereign to the endpoints, inaccessible to NetFoundry).
Or, host your own overlay, including in air-gapped sites, using NetFoundry’s on-premises zero trust platform for all batteries included zero trust.
NetFoundry NaaS & on-prem zero trust platform
Zero Trust Native Network Overlays, Extended Anywhere
Each overlay is private and dedicated. Infrastructure is managed by NetFoundry as NaaS, or use NetFoundry’s zero trust platform to self-host your overlay, including at air-gapped sites. Extend overlays via:
+ NetFoundry zero trust endpoints for every major OS, as host-based agents, containers, VMs or gateways
+ NetFoundry zero trust SDKs to embed zero trust endpoints in software
+ Connectivity via NetFoundry’s distributed proxies, firewall connections, TLS or mTLS
All-batteries included solution – the network overlay is zero trust native to make deployments simple:
Built-in PKI, as a service
X.509 based PKI, including enrollment, revocation, renewal. Other CAs optional but supported (RFC 7030). X.509s are core identities (IdP integrations optional but supported).
IdP flexibility
Use NetFoundry’s built-in PKI with pre-integrated MFA and posture to identify and authenticate each session. Or, use any OAuth or OIDC complaint IdP.
Full mesh, HA, high performance NaaS
NetFoundry NaaS overlays dynamically optimize over 100 PoPs, with HA, load balancing & auto-scaling. You get end-to-end control and visibility, including geofencing.
On-prem, air-gapped & hybrid
Run your overlay locally, including air-gapped and sovereign sites, with NetFoundry’s On-premises Platform. Or, use a hybrid overlay with NetFoundry sites and other sites.Â
End-to-end encryption (E2EE)
Encryption keys are specific to each session and sovereign to the endpoints, stored in HSMs on compatible devices. NetFoundry therefore doesn’t have access to your keys.
FIPS compliant encryption option
NetFoundry supports FIPS compliant encryption as a pluggable option and uses libsodium by default. Other cipers can be plugged-in. Gov Cloud, FedRamp and CIS support.
Network Access Control (NAC)
Next-gen NAC identifies, authenticates and authorizes every session before it is given overlay access. The NAC solution extends anywhere, including B2B, multinetwork and OT.
Identity-based visibility
Every session is identified by human, device or server identities (not IPs). Telemetry correlates identities, services, data. View in NetFoundry Console, SIEM or your UI via NetFoundry APIs.
Customer Success Stories
