What is NetFoundry?
NetFoundry offers a comprehensive zero trust networking platform that enables organizations to implement Identity-First Connectivity™ across their digital infrastructure. The platform eliminates traditional VPNs and inbound firewall ports by establishing outbound-only connections that authenticate and authorize all endpoints before any IP connectivity occurs. This approach significantly reduces attack surfaces while simplifying network operations.
The solution provides software-based network overlays with distributed routing infrastructure available through NetFoundry's managed NaaS across 100+ PoPs or self-hosted on-premises deployments. It includes built-in PKI, identity provider flexibility, end-to-end encryption, and FIPS-compliant options. Developers can embed zero trust capabilities into applications using SDKs for multiple programming languages, enabling secure connectivity for APIs, IoT devices, and agentic AI components without exposing them to the internet.
Features
- Identity-Based Mutual TLS: Each connection is secured from the start with specific identity associations
- Outbound-Only Connections: No VPNs to set up and no inbound ports required on firewalls
- Software-Based Network Overlay: Distributed routing infrastructure with enterprise SLAs across 100+ PoPs
- Built-in PKI as a Service: X.509 based PKI with enrollment, revocation, and renewal capabilities
- End-to-End Encryption: Session-specific encryption keys sovereign to endpoints with FIPS-compliant options
- Network Access Control: Next-gen NAC that identifies, authenticates and authorizes every session before overlay access
- Identity-Based Visibility: Telemetry correlates identities and services rather than IP addresses
- Developer SDKs: Embed zero trust into applications using C, Go, C#, Java, JavaScript, Swift, and Python
Use Cases
- Replace site-to-site VPNs with zero trust connectivity
- Secure API and API gateway access without internet exposure
- Implement IT/OT segmentation and microsegmentation
- Provide secure customer connectivity for solution providers
- Enable secure agentic AI component networking
- Establish B2B connectivity without firewall rule changes
- Secure IoT and industrial device connectivity
- Implement zero trust remote access and management
FAQs
-
What is Identity-First Connectivity?
Identity-First Connectivity is NetFoundry's approach where all endpoints are authenticated and authorized before any IP connectivity occurs, replacing traditional IP-based networking with identity-based access control. -
How does NetFoundry differ from traditional VPNs?
NetFoundry eliminates VPN setup requirements and inbound firewall ports by using outbound-only connections with identity-based mutual TLS, providing finer-grained access control and reducing attack surfaces. -
What deployment options are available?
NetFoundry offers both NaaS (Network as a Service) across 100+ global points of presence and self-hosted on-premises options, including air-gapped and hybrid deployments. -
Can NetFoundry secure APIs and agentic AI components?
Yes, NetFoundry makes APIs, API gateways, and agentic AI components unreachable from the internet by providing connectivity based on identities, authorization, and mutual TLS. -
What programming languages are supported for embedding zero trust?
NetFoundry provides SDKs for C, Go, C#, Java, JavaScript/Node.js, Swift, and Python to embed zero trust capabilities directly into applications.
