Secure, simple access to your customer network hosted software
Replace VPNs, certificate management and firewall holes with zero trust B2B networking
Even though your software is hosted in your customer’s network or cloud, and you need connectivity from that software to your network or cloud, your customers don’t want to give you VPN, firewall holes or pre-shared certificates. Now they don’t need to!
Securely Connect to Your Software in Your Customers' networks
Session level connectivity, outbound from your customer's network replaces VPNs and the need to permit IP addresses
The new model makes it far simpler for your operations team and your customers’ operations teams, while meeting all of their security requirements for zero trust B2B connectivity.
Turn up new connections in minutes!
Identity secured B2B networking
NetFoundry includes its own PKI, and gives you the option of using other IdPs or CAs. Identities replace IP addresses, even for B2B networking.
Remove customer friction
Get bidirectional, zero trust connectivity, without your customers needing to open a single inbound firewall port or permit any IPs.
Simplify
NetFoundry’s all batteries included approach to B2B connectivity includes identity, authentication, authorization, MFA, posture, mTLS and E2EE, all built in.
Quality & reliability
Built-in performance optimization, load balancing, HA, backed by enterprise SLAs and 24×7 support.
The first zero trust native overlay networks
NetFoundry is the first to build zero trust into the network with universal identities. Spin up zero trust native overlays, in minutes, for a single AI application or an entire WAN.
Deploy for IT, OT or IoT
Includes agents for Windows, Linux, macOS, iOS, Android, containers, VMs, eBPF daemons. Pre-built into proxies, browsers, modems, edge servers, firewalls. Use SDKs to integrate into any software.
Reliability and performance
NaaS includes HA, dynamic optimization, ingress and egress load balancing, across over 100 PoPs, with 24×7 enterprise support and SLAs. On-premises includes features and tools to get 99.999% uptime.
On-premises, hybrid or NaaS
Deploy in air-gapped sites, OT, multicloud and everything in between. Every overlay is zero trust native with all zero trust functionality built in and prebuilt integrations. NaaS spans over 100 sites.
NetFoundry’s built-in identity (X.509-based) is universal – for workloads, devices, humans. Identity based controls, policy and telemetry replace dependencies on IPs and NAT. Posture and MFA is built-in, as is support for any OAuth or OIDC IDP.
No inbound access
Software-defined, zero trust native overlays makes IT, OT, IoT or AI unreachable from underlay networks. Close all inbound ports and eliminate all VPNs.
Authorize before connect
NetFoundry includes identity, continuous authentication and authorization for users, admins, devices, servers, workloads, AI agents and MCPs. Strong auth is required before overlay access – the overlay itself is auth aware.
Mutual TLS (mTLS) is built-in for every overlay segment. End to end encryption (E2EE) with keys sovereign to the endpoints means nobody has access to your data. Choose ciphers, including FIPS 140 compliant and libsodium.
JIT, one-time and persistent access
Just-in-time (JIT), one-time and persistent access models, based on authorized identities. Integrated with workflow and ticketing (JIRA, ServiceNow, Zendesk, etc.), or use NetFoundry APIs for your own custom integration.
End to end zero trust
Extend zero trust beyond the firewall to applications or hosts. NetFoundry enabled servers have no listening ports – unreachable from underlay networks – only available to strongly authorized sessions.
Open source foundation
NetFoundry open sourced its core zero trust software into the OpenZiti project, and continues to maintain the project. It is an open core model – only enterprise, government and OEM functions are separate.
FedRamp & Government Cloud
NetFoundry is deployed in FedRamp and Government Cloud environments, as well as on-premises and air-gapped sites. Includes supporting CJIS, HIPAA, PCI and FIPS 140 compliance.
EU CRA
The simplest way to meet EU CRA requirements for connected products. Directly integrate zero trust networking into your product, eliminating VPNs.
Drive Sales
Meet the strictest security and compliance requirements
The most complete B2B zero trust networking, meeting your customer’s requirements for access, control, compliance, security, audit and visibility. Session level microsegmentation replaces network-level connectivity.
Simplify Deployments and Operations
Eliminate customer adoption friction
Your customers no longer need to open inbound firewall ports, nail up VPNs, manage certificates or manage complex networking. Gain zero trust connectivity to your software deployed in your customers’ networks without causing headaches for OT and IT teams.
This includes one-time access, just in time (JIT) access and continually authenticated access – for admins, servers, APIs and data transfer.
Simple, secure B2B connectivity
Eliminate the Need for VPNs and open inbound firewall ports
Connect to your applications running in customers’ environments with ease, while protecting their networks and data.
