Secure third party access

Eliminate the headaches and vulnerabilities of open ports and complex ACLs. Close all access to your data centers.  Even for third party access!

OpenZiti - open source cloudziti- free trial

Secure 3rd party access

  • End-to-end visibility and control, regardless of underlay network or cloud.
  • Cryptographically authenticated X.509 certificates identify and secure each flow. PKI and cert management built in.
  • Firewall denies all inbound traffic. No whitelisted IPs. No open inbound ports.
  • Microsegmented, high performance mesh network replaces point to point VPN tunnels.
  • Mutual TLS (mTLS) for every flow.
secure remote access

Insecure 3rd party access

  • Limited visibility and control, varying by underlay network or cloud.
  • IP addresses used as identities, causing security problems, RFC 1918 conflicts, port forwarding.
  • Firewalls open to whitelisted IPs, with open inbound ports and ACL complexity.
  • Point to point VPN tunnels enable lateral attacks and cause performance impairing backhaul.
  • TLS only secures clients.
insecure remote access

The greatest vulnerability is the network.

What do cyberattack breaches caused by compromised passwords or MFA credentials, phishing or zero-days have in common? Regardless of the specific vulnerability, it is almost always exploited from the Internet

Why haven't firewalls worked?

Because our firewalls and WAFs are full of holes - permitted (whitelisted) IP addresses, open inbound ports, complex ACLs.

Why are firewalls and WAFs full of so many holes?

3rd party access is very difficult to secure. This includes the access your MSPs and MSSPs need, as well as B2B apps, contractors and third-party systems and APIs.  As a result, we often have no choice but to permit IP addresses and open up holes in our firewalls and WAFs.

How to close all the firewall and WAF holes?

Deploy NetFoundry's Ziti software in front of the servers or data which third parties need to access, anywhere (private or public cloud, Kubernetes...anywhere).

Close all your inbound ports on your firewall (default deny-all).

Your Ziti software opens zero trust, app specific connections, outbound to your private network (hosted by NetFoundry in CloudZiti; self-hosted in the OpenZiti open source version). 3rd parties use agentless solutions to access the data, via the zero trust network, without ever having inbound access into your environments!  Details below.

You converge networking and security, moving the policy enforcement point. 3rd parties need to identify, authenticate and authorize before they can can send packets to your private Ziti overlay fabric. You move the policy enforcement point all the way back to the initiation of the session, preventing unauthenticated data from ever reaching your firewalls.

Your passport gate your private Ziti overlay networks. Nothing gets on your private Ziti overlay without passports. Cryptographically validated X.509s are the passports. The Ziti platform takes care of automated enrollment, PKI and certificate renewals.  The X.509 functions like it is a Yubikey or hardware dongle physically loaded on each device, so is much more difficult to steal or hijack than passwords, SMS codes,etc.  Agentless solutions enable 3rd parties to leverage the solution without needing to deploy software.

You extend your Ziti networks anywhere, without needing to control the underlay networks or 3rd party devices. Ziti enables you to extend zero trust networks to third parties, without requiring them to deploy agents or gateways. 

Your secure your servers with mutual TLS. Mutual TLS (mTLS) is a big deal. Not just for security or compliance requirements, but because it is far more secure. TLS secures clients - mTLS secures your servers. But of course there is a catch.  mTLS can be difficult to implement.  So Ziti provides mTLS in all directions, controlled by you from one platform, across all edges and clouds, for all use cases, including 3rd party access.

Network performance and reliability. Your private Ziti overlay network fabric includes HA, load balancing and dynamic routing across multiple tier one backbones. You can put parts of the Ziti data plane into your environments, so you don't have to backhaul latency sensitive sessions to the cloud. Every session follows it own optimized routing - eliminate tunneling all sessions to one place, and then routing out from there.

Secure, high performance networking for third party access.

OpenZiti - open source cloudziti- free trialDemo or briefing