NetFoundry: A Security Superpower

Mike Guthrie, Head of DevOps
Speed versus security has been a classic debate in a DevOps environment. While both are at loggerheads, organizations cannot afford to pick just one.

Keeping up with the promise of high-speed delivery and their focus on features, DevOps engineers often overlook the quintessential disconnect between “velocity” and “security” while wiring systems together for facilitating automation. “I need to make this work today, but I'll come back and clean it up later?” a DevOps engineer might think. What often slips through the cracks is that these diverse access grants within systems can create a massive attack vector, allowing the ingress of hackers.

This oversight might lead to a compromise in the security posture, wherein access accountability and auditing for finding out who accessed what can take days. What’s more frustrating is to uncover—after the exhaustive search—that it was one of the employees who logged in at a coffee shop and not a hacker.

The good news is the days of similar frustration are behind us.

Meet OpenZiti.

Enterprises can now securely deliver and manage any app, anywhere, as code with NetFoundry’sOpenZiti—an open-source, software-only programmable network overlay based on zero-trust principles. Using OpenZiti, security at the app, OS, and network levels is never an afterthought; the software-only platform ensures this with attribute-based access control. Providing secure private networking and solutions as code, NetFoundry offers its turnkey SaaS, built on OpenZiti, to deliver hundreds of TBs per month with no breaches and an SLA level of 99.95 percent. Mike Guthrie, NetFoundry’s Head of DevOps, recently wrote an article on why every DevOps engineer should love OpenZiti.

NetFoundry is the only solution that empowers DevOps teams with a suite of endpoints so that private connectivity can be embedded in or around any systems and tools, such as Prometheus, Kubectl, and Helm, and helps them run and monitor the same in production. This private connectivity means that all inbound ports are made dark by applying NetFoundry to CI/ CD connections, which prevents any external network attack,” says Philip Griffiths, VP of Global Business Development at NetFoundry.

Strengthening User to App Security

To begin with, NetFoundry is more than just an open-source project for a zero-trust network—it is peace of mind. Security is often compromised when DevOps teams focus only on creating interconnectivity between systems. A CI/CD system with elevated access allows code deployment and execution across diverse endpoints. These endpoints act as a covert entrance for hackers to access an organization’s critical systems, such as data warehouses, build servers, APIs, and high volumes of valuable data. Herein, OpenZiti creates secure access to network resources while fixing the security loopholes in modern deployments – including being orchestrated in a programmatic manner, similar to how CERM orchestrate zero trust connectivity through their Infra-as-Code using Jenkins and Ansible.

To significantly improve the security posture, NetFoundry secures every asset across the CI/CD pipeline, locks them down, and makes them dark yet reachable only when, and to whom, the pipeline needs to be accessed. It solves both the speed and security problems as users can control access quickly with everything being identity-based, reducing the burden on security teams. This is based on embedded identity (x509) using authenticate and authorize before connect, which allows outbound-only connections from the edge as well as application micro-segmentation, E2E encryption, metadata obfuscated, and continual authorization through posture checks.

At the core, NetFoundry enables the next generation of secure, open-source networking for an organization’s applications, leveraging a scalable, pluggable networking mesh with built-in smart routing. The multi-cloud-native, develop-once-deploy-anywhere solution seamlessly integrates with the existing applications to provide security features like zero-trust and application segmentation, dark services and routers, along with performance and reliability. The company’s journey toward zero-trust DevOps is worth noting, which allows its clients to enforce access to a network and individual applications within that network.

Zero-Trust in the Truest Sense

Zero-trust is one of those expressions that are overused in the business world without truly understanding what it means. Unlike zero-trust solutions, most security solutions are a mere protective fence around the internal network, beyond which everything is open to access.
Enabling zero-trust in the truest sense, NetFoundry provides users with a secure, zero-trust entry point into any network. It imparts an identity with provisioned certificates, which are used to establish secure communications channels as well as authenticate and authorize the associated identity.

The zero-trust model ensures that clients only get access to those applications they have been granted access to. “Organizations continue to create layers of security, thinking that with every layer, their security gets better. However, it complicates things even further. They must identify elements out of their control and lock them down while moving everything within their control toward this model of trust,” states Mike Guthrie, Head of DevOps, NetFoundry. The company takes network visibility to the next level with NetFoundry, wherein all traffic monitoring operates around trusted identities and services. NetFoundry keeps tabs on every byte of traffic, providing insights into who accesses what service, where, and at what time.

OpenZiti is the only solution that empowers DevOps teams with a suite of SDKs so that private connectivity is embedded in systems and tools, such as Prometheus, Kubectl, and Helm, and helps them run and monitor the same in production

NetFoundry specializes in providing security against external network breaches, including DDoS, CVE or zero-day exploit, brute force, and port scans across any and all exposed connections. One example recent security threat that NetFoundry eliminates is Log4Shell exploit across the internet —one of the leading security exploits of all time. Recently, leaders like TOOQ secured their IoT analytics app with NetFoundry, whereas companies like Capgemini and Arm announced their autonomous vehicle zero-trust security solution with NetFoundry. The IoT solution leverages NVIDIA Jetson devices, and the Arm/Capgemini/NetFoundry solution operates on AWS Greengrass, which uses Log4j. NetFoundry proactively secures the clients’ environments from all network-initiated attacks, making them unreachable.

Reflection of Excellence

NetFoundry has partnered with many renowned companies to empower them with velocity, security, and innovation by designing secure networking into their solutions. One such fast-growing enterprise software company is Ramco Systems which future-proofed its cloud, network, and security strategy with NetFoundry’s Zero-Trust Network Access platform. Along its cloud journey toward digitizing existing processes, Ramco encountered challenges to simplify and accelerate application-cloud migration and data replication, mitigate cybersecurity risk, and automate and streamline secured access provisioning to workers/remote workers.

NetFoundry and its strategic partner for cloud solutions, Blazeclan Technologies, aided Ramco in its cloud migration and network security efforts. NetFoundry’s Zero-Trust Network-as-a-service (ZTNaaS) platform was implemented to enable agility, with seamless integration between appliances, users, and cloud services in a more secured environment. The private overlay network generated by deploying the platform connects all devices, edges, and clouds with zero-trust network access security and SASE framework security. This replaces Ramco’s old model of network infrastructure, supplanting VPNs, enabling them for today’s modern workplace. Ramco and NetFoundry are partnering to embed zero-trust networking into Ramco’s applications through NetFoundry’s open SDKs.

In yet another impressive feat, OpenZiti was deployed by Ozone to embed private, programmable zero-trust networking into applications. “Zitifying” Ozone and Kubernetes deployments improved service delivery and reduced security risk and cost by 50 percent. Their customer were able to close all inbound ports.

For a security superpower such as OpenZiti, the future promises exciting avenues and bigger opportunities. Currently, NetFoundry is focusing on what they call “browser.” To enable secure connectivity, the company has created a system that allows a user to access a dark unreachable application through a webpage in a zero-friction manner.


Charlotte, NC

Mike Guthrie, Head of DevOps

NetFoundry enables developers, ISVs, SaaS and solution providers to transform secure networking into an innovation enabler. Infrastructure is replaced with code. Built-in replaces bolted-on: programmable, cloud native, zero trust networking is embedded in the application