Simplify and Secure OT
Microsegmentation, OT-IT convergence and secure remote access (SRA)
Identity-based zero trust networking without adding infrastructure, and without opening any inbound ports into OT
OT Transformation Requires Network Transformation
Security and management via IP addresses and infrastructure is too complex
NetFoundry’s identity-driven overlays simplify OT networking, and enable microsegmentation, OT-IT convergence and SRA.
A simplified, risk-off approach to OT networking
NetFoundry starts by providing discovery and OT network mapping to produce visibility and analytics.
Then, implement NetFoundry software in passive mode on existing firewalls, edge servers and many OT devices (SDKs and lightweight agents), or deploy standalone as VMs or containers.
Once comfortable with the results, turn the knob to restrictive, zero trust, microsegmentation.
Identity-based insights and controls replace IP-address based operational nightmares. All access can be made just-in-time (JIT) or one-time, and persistent access requires strong identity, continuous authentication and fine-grained authorization – for devices, humans and servers.
Designed for OT
On-prem, air-gapped & hybrid
Identity-driven ZTNA with headless identities, built-in PKI & support for existing certs
OT gateway support with binary / container preload on PLC / HMI hardware
Deterministic L2/L3 & protocol filtering (Modbus, PROFINET, TSN).
Just-in-time (JIT), one-time and persistent access
OT-IT convergence without any open firewall ports into OT
Flexible OT networking
Agentless, device-based, site-based and embedded options with existing infrastructure or new
You choose where to extend zero trust to. In every case, get identity-based, microsegmentation without the hassle. All visibility and controls are centralized and simplified – use NetFoundry GUIs or APIs.
Use cases
- VPN replacement
- Firewall replacement
- Microsegmentation
- OT-IT convergence
- Secure remote access (SRA) and PAM
- JIT and one-time access
Simplify operations
Meet reliability, compliance and visibility goals without dependencies on IP addresses and firewall ACLs
Infrastructure dependencies are a barrier to reliability, performance and uptime. NetFoundry enables existing infrastructure to stay in place, while enabling operations to move to identities and policies, instead of IPs and VLANs. OT will never need to open another inbound firewall port!
Clear compliance
Built-in compliance and security eliminates the difficulty of trying to bolt it on
NetFoundry is the simplest way to meet and exceed:
- USA compliance frameworks such as NIST CSF, NERC CIP and CISA guidelines
- EU directives such as NIS 2, CRA and IEC 62443
- Industry-specific compliance and regulatory such as DORA, HIPAA and CMMC
Simple, reliable, default secure OT networking
Secure-by-Design OT networking simplifies new and existing use cases
By building in the zero trust functions into high performance, software-only OT network overlays, NetFoundry removes the zero trust integration burden
Unmatched Flexibility
Endpoints which go anywhere and deployed as air-gapped, hybrid or NaaS overlays
High-Performance Network
HA, self-healing overlays with identity-based telemetry and centralized management
Simpler Operations
Never open an inbound OT port and microsegment all outbound by identity. Easy to implement JIT, one-time and persistent access
Risk Reduction
Close all inbound firewall ports, significantly reducing the attack surface for OT and IT
Data Protection
Only authorized sessions connect to authorized services – stop data exfiltration
New Use Cases
Initiatives like robots, AI and edge, do not disrupt existing OT or require VPNs and firewalls
Distributed Control
Simple for each endpoint or service administrator to control access to their assets, while giving visibility to all
Support and SLAs
Up to 99.995 SLAs and 24×7 support, proven on critical infrastructure on 3 continents
