Secure IoT networks and management
- End-to-end visibility and control, regardless of underlay network or cloud.
- Cryptographically authenticated X.509 certificates identify and secure each flow. PKI and cert management built in.
- Firewall denies all inbound traffic. No whitelisted IPs. No open inbound ports.
- Microsegmented, high performance mesh network replaces point to point VPN tunnels.
- Mutual TLS (mTLS) for every flow.
Insecure IoT networks and management
- Limited visibility and control, varying by underlay network or cloud.
- IP addresses used as identities, causing security problems, RFC 1918 conflicts, port forwarding.
- Firewalls open to whitelisted IPs, with open inbound ports and ACL complexity.
- Point to point VPN tunnels enable lateral attacks and cause performance impairing backhaul.
- TLS only secures clients.
“We are committed to protecting our clients’ data. Partnering with NetFoundry isn’t just a way to accomplish this, but the best way.”
Steve LindseyCIO, Liveview Technologies (LVT)
“Businesses can use NetFoundry's Ziti platform to simplify network management, and enable zero trust networking for applications running at the edge on Azure public MEC and Azure regions.”
Ross OrtegaVP, Azure for Operators
“Integrating our IoT solution with NetFoundry SDKs enables IoT networking without VPNs or proprietary hardware. We can jointly be deployed as software on any IoT device to provide customers with simple solutions.”
Paul EdrichCTO, IMS Evolve
“By integrating NetFoundry’s zero trust platform into our IoT and Edge analytics solutions, TOOQ is transforming the retail industry.”
Ronaldo MouraCEO, TOOQ
The greatest vulnerability is the network.
Regardless of the specific vulnerability, it is almost always exploited from the Internet.
Why haven't firewalls worked?
Because our firewalls and WAFs are full of holes - permitted (whitelisted) IP addresses, open inbound ports, complex ACLs.
Why are firewalls and WAFs full of so many holes?
To get IoT data into our edge, public and private cloud environments, we often end up whitelisting IPs and opening up ports.
How to close all the firewall and WAF holes?
Deploy NetFoundry's Ziti software in front of your IoT servers, anywhere (private or public cloud; Kubernetes...anywhere).
Close all your inbound ports on your firewall (default deny-all).
Your Ziti software opens zero trust, app specific connections, outbound to your private network (hosted by NetFoundry in CloudZiti; self-hosted in the OpenZiti open source version). The connections are governed by your IoT identities and policies. Details below.
You converge IoT networking and security, moving the policy enforcement point. IoT apps and devices need to identify, authenticate and authorize before they can can send packets to your private Ziti overlay fabric. You move the policy enforcement point all the way back to the initiation of the IoT session, preventing unauthenticated data from ever reaching your firewalls.
Your passport gate your private Ziti IoT overlay networks. No IoT data gets on your private Ziti overlay without passports. Cryptographically validated X.509s are the passports - for IoT apps, devices and gateways. The Ziti platform takes care of automated enrollment, PKI and certificate renewals. The X.509 functions like it is a Yubikey or hardware dongle physically loaded on each device, so is much more difficult to steal or hijack than passwords, SMS codes,etc. The IoT devices don't require a human to do the X.509 authentication - it is all done automatically.
You extend your Ziti-powered IoT networks anywhere, without needing to control the underlay networks. Ziti enables you to deploy 'endpoints' as software, anywhere, even inside the process space of your IoT apps (via Ziti SDKs). No more need for static IPs, port forwarding or VPNs.
Your secure your IoT servers with mutual TLS. Mutual TLS (mTLS) is a big deal. Not just for security or compliance requirements, but because it is far more secure. TLS secures clients - mTLS secures your IoT servers. But of course there is a catch. mTLS can be difficult to implement. So Ziti provides mTLS for IoT.
Network performance and reliability. Your private IoT overlay network fabric includes HA, load balancing and dynamic routing across multiple tier one backbones. You can put parts of the Ziti data plane into your IoT environments, so you don't have to backhaul latency sensitive sessions to the cloud. Every session follows it own optimized routing - eliminate tunneling all sessions to one place, and then routing out from there.