Connect to your software hosted in customer VPCs, VNets & networks
Eliminate S2S VPN, certificate management & requiring customers to open firewall ports for your IPs
You get zero trust, bidirectional, B2B connectivity. Your customers get outbound only connections which meet their security needs. You both get simpler provisioning and operations.
This works for orchestration, remote access, APIs, data ingress and data egress.
Deploy connections in minutes and manage from a web portal or APIs, without touching networks, DNS, IPs and firewalls.
Meet FIPS, CJIS, HIPAA, PCI DSS, EU CRA, NIST 800-171, NERC CIP, IEC 62443, NIS-2, HIPAA, PCI and FedRAMP requirements, even for your SaaS or cloud delivered products.
Customer Success Stories
Eliminate S2S VPNs and firewall ACL management
NetFoundry’s Identity First Networking™ simplifies B2B connectivity with zero trust between customer sites and your sites. Eliminate S2S VPN, IP address, DNS and NAT problems. Enables every deployment model, including private SaaS, without requiring your customers to open inbound ports or suffer VPNs.
Learn more about B2B connectivity without the networking hassle and security risks
- On-premises and air-gapped models
- Hybrid, P2P and multicloud models
- Sovereign cloud connectivity
- Zero trust B2B
- FIPS-compliant for government clouds and other sites
- Clientless, JIT and one-time access
High performance, zero trust connectivity and secure remote access for your customer network hosted or distributed products
NetFoundry’s Identity First Networking™ simplifies connectivity and meets the strictest requirements of your customers.
Eliminate S2S VPN, private APN, IP address, NAT, CNAT and firewall ACL dependencies. Includes clientless, JIT and one-time access.
Learn more about meeting EU CRA, NIST 800-171, NERC CIP, Purdue Model (PERA), IEC 62443, NIS-2, HIPAA, PCI and FedRAMP compliance without rebuilding your product.
- Energy
- Healthcare
- Manufacturing
- Robotics
- Surveillance
- Transportation
- AI
- Government
- Military
- Critical infrastructure
The first zero trust native overlay networks
NetFoundry is the first to build zero trust into the network with universal identities. Spin up zero trust native overlays, in minutes, for a single AI application or an entire WAN.
Deploy for IT, OT or IoT
Includes agents for Windows, Linux, macOS, iOS, Android, containers, VMs, eBPF daemons. Pre-built into proxies, browsers, modems, edge servers, firewalls. Use SDKs to integrate into any software.
Reliability and performance
NaaS includes HA, dynamic optimization, ingress and egress load balancing, across over 100 PoPs, with 24×7 enterprise support and SLAs. On-premises includes features and tools to get 99.999% uptime.
On-premises, hybrid or NaaS
Deploy in air-gapped sites, OT, multicloud and everything in between. Every overlay is zero trust native with all zero trust functionality built in and prebuilt integrations. NaaS spans over 100 sites.
NetFoundry’s built-in identity (X.509-based) is universal – for workloads, devices, humans. Identity based controls, policy and telemetry replace dependencies on IPs and NAT. Posture and MFA is built-in, as is support for any OAuth or OIDC IDP.
No inbound access
Software-defined, zero trust native overlays makes IT, OT, IoT or AI unreachable from underlay networks. Close all inbound ports and eliminate all VPNs.
Authorize before connect
NetFoundry includes identity, continuous authentication and authorization for users, admins, devices, servers, workloads, AI agents and MCPs. Strong auth is required before overlay access – the overlay itself is auth aware.
Mutual TLS (mTLS) is built-in for every overlay segment. End to end encryption (E2EE) with keys sovereign to the endpoints means nobody has access to your data. Choose ciphers, including FIPS 140 compliant and libsodium.
JIT, one-time and persistent access
Just-in-time (JIT), one-time and persistent access models, based on authorized identities. Integrated with workflow and ticketing (JIRA, ServiceNow, Zendesk, etc.), or use NetFoundry APIs for your own custom integration.
End to end zero trust
Extend zero trust beyond the firewall to applications or hosts. NetFoundry enabled servers have no listening ports – unreachable from underlay networks – only available to strongly authorized sessions.
Open source foundation
NetFoundry open sourced its core zero trust software into the OpenZiti project, and continues to maintain the project. It is an open core model – only enterprise, government and OEM functions are separate.
FedRamp & Government Cloud
NetFoundry is deployed in FedRamp and Government Cloud environments, as well as on-premises and air-gapped sites. Includes supporting CJIS, HIPAA, PCI and FIPS 140 compliance.
EU CRA
The simplest way to meet EU CRA requirements for connected products. Directly integrate zero trust networking into your product, eliminating VPNs.
