Latest news with #NetFoundry
Techday NZ
09-07-2025
- Automotive
- Techday NZ
When emergency strikes, it's time for a native zero-trust network
When we imagine a world of autonomous vehicles, we picture them functioning in a calm and orderly fashion up and down the highway, like robots in a well organised factory. But if your organisation is operating a fleet of them, and a major emergency strikes – let's say an earthquake - then you need to be sure you have a rock solid way to centrally control and orchestrate these vehicles or chaos will result. Galeal Zino, Founder and CEO with zero trust connectivity specialist NetFoundry, confronted this challenge in a recent interview conducted by Roy Chua, Founder and industry analyst at AvidThink. The ramifications were starkly clear: "In any kind of serious emergency you need to get emergency vehicles on the scene as fast as possible, and that means making sure that other cars are not clogging the roads," points out Zino. "If you imagine that most are autonomous then that's a pretty big test for how well they are centrally controlled." The orchestration of these vehicles might rely on a V2X (vehicle to everything) communication system that enables the sharing of information, or if not that then some other form of centralised control. "Well, if you can control cars in this way, so can a hacker," warns Zino. "Somebody with malice in mind can turn your autonomous car or truck into what is essentially a missile." NetFoundry recently demonstrated a solution to this problem in tandem with Lockheed Martin and the University of Auburn: "We showed how you can handle all that V2X communication safely, over a native zero-trust NetFoundry network. You can control vehicles in a number of possible emergency situations, but an attacker has no access to them at all." A solution of this sort is really the only way you can establish a reliable private global network between multiple end points, whether that's between an autonomous car and a server, or between a drone and somebody on the ground with a 5G handset, or even between an API and the agentic AI that's talking to it. Beyond the confines of the WAN, where its either a VPN or the Internet carrying your traffic, then whether we're talking agentic flows, autonomous flows or IoT flows, none are really secure. This means people have historically had to rely either on open communications, or have had to build their own secure encryption stack. Some, says Zino, are using an Access Point Name (APN), a unique identifier that tells a mobile device how to connect to a specific network: "It's a private mobile connection, but it fosters a dangerous illusion because what a private APN really does is take traffic to the nearest cell location, like a Packet Data Network Gateway (PGW). Then it's a VPN connection from that PGW back to wherever the server is, on AWS, Azure, GCP or whatever. Opening up a huge network-level tunnel like that is a really bad idea. We don't do that inside our WAN with SASE, and yet we do it for more critical workloads outside the WAN." A range of use cases A zero-trust secure connection has many applications beyond automotive. It's really for any industry that cares about security, and managing that security at scale. Zino says that financial services is a prime instance, with NetFoundry active in the majority of the top US banks. He also cites healthcare and critical infrastructure. "The problem all these sectors have had is being forced to trade off between security and complexity," he says. "But if you move to a 'secure by design' basis, similar to what happened with DevOps as we shifted left, all of a sudden everything becomes a lot simpler to implement. That's where we have found the most amount of traction so far. If you secure the underlying layer and provide an abstraction that's also secure, with the communication on top, you don't have to worry about all the complicated things like identity authentication and mutual authentication." Clearly this model is preferable to starting with an inherently insecure network, one whose job it is to deliver packets whether authenticated or unauthenticated. Before long you're bolting a bunch of day two security on top to compensate for the fact that there are some bad packets in there. A software-based overlay like NetFoundry's adopts the opposite model where no packets are allowed on the overlay unless they have been strongly identified, authenticated and authorised. By defining what is permitted on the network, then any device or vehicle trying to talk to a server that it shouldn't be talking to can't even get on the network. The same applies with any kind of critical infrastructure - oil, gas local government applications, law enforcement, public safety, manufacturing and of course the financial sector. Drilling down into the example of manufacturing, Zino points out that while it accounts for around 15% of the world's GDP, it is largely 'air-gapped', or at least not very connected. "This will need to change in a future of robotics, edge AI, preventative maintenance, digital twins, energy optimisation. Manufacturing organisations do have to connect outside these days. We work with one of the world's biggest industrial automation leaders, headquartered in Germany. They've built their products to make them zero trust native. So for a manufacturer or a grid operator or anybody deploying their vast array of products, they are doing it via a zero trust connection without having to go and figure out port forwarding, IP addresses, VLANs and VPNs. That always means a mess." The trick, Zino says, is to let an expert stack take care of all the complicated things below, so you can just focus on getting the applications right and not worry about other elements. By trying to handle the whole infrastructure around the trust issue yourself, then suddenly you're deep in identity management, certificates, mutual authentication, and that's the messy part that people too often get wrong. That's usually where the weakness is, rather than in the actual transport encryption protocol. When it comes to trying to identify the cause of a cyberattack then people are soon blaming the fact that they didn't upgrade, or somebody misconfigured the system. Naturally bad things are going to happen when it's all a highly complex day two operation. But it doesn't have to be like that. You don't need to handle it yourself. Now, according to Zino, NetFoundry is taking everything a step further: "Normally the encryption key stays sovereign to the endpoints, but not in our model," he explains. "Data sovereignty is important, especially when you have clients all over the world. In the EU there's a particular sensitivity around who holds the encryption keys, especially where an organisation is not native to Europe. The future of networking On the subject of NetFoundry's future ambitions. "We just want to make the world a more secure place," he says. "We're already working with some very impressive names. That's probably because the motivation to use us is strongest in Fortune 500 banks, in critical infrastructure, in manufacturing. Retail and hospitality are likely future targets. We've always managed to punch above our weight as a startup." The company's future focus, he believes, is likely to be as much horizontal as vertical, reflecting the reality of modern networking: "We want to be looking at secure networking as part of a wider business transformation initiative. The old days was about building cloud native apps and the lifting and shifting of apps to the cloud, app modernisation, digital transformation. Now it's more about agentic AI, where people want AI and LLMs to be local, sovereign, in their data centre. The data it's talking to is likely to be really sensitive data. You might need it to talk to the rest of the world. People are starting to want an application-specific network, a network that agentic AI uses to talk to its databases where nothing else is allowed on the network. It's quarantined, isolated by design. That's not something you want to be trying to figure out after the fact, let alone building for yourself. This will be a big growth area for us."
Techday NZ
29-04-2025
- Business
- Techday NZ
NetFoundry gains USD $12 million funding for secure networking
NetFoundry has secured an investment of USD $12 million led by cybersecurity-focused venture capital firm SYN Ventures. This funding marks the first venture capital injection for NetFoundry, which already services eight of the top ten banks in the United States as well as critical infrastructure across three continents. NetFoundry says its approach to networking brings military-grade security while streamlining operations by moving away from reliance on traditional infrastructure and additional security layers, instead delivering security as software. Galeal Zino, Founder and Chief Executive Officer of NetFoundry, said: "This is the iPhone moment for secure networking. NetFoundry's approach is revolutionary in that it enables military-grade security, but with the speed and extensibility of software. Organizations can no longer tolerate the trade-offs of WAN/SASE/firewall architecture – that old model is shredded by an AI-accelerated world." The company is currently serving two of the top five companies on the Fortune 500 list. NetFoundry's software has been adopted by solutions providers such as Arrow, Capgemini, CERM, Digibee, EdgeX Foundry, FreeWave, IBM, Intrusion, LVT, Marposs, Microsoft, Oracle, Ozone, Redfaire, TZ and the United States military. NetFoundry's software-centric approach to secure networking allows it to be both used by enterprise IT departments and embedded in products from other providers. Some of the largest industrial and cloud service specialists now offer secure-by-design products using NetFoundry's zero trust networking embedded on an original equipment manufacturer (OEM) basis, similar to the widely recognised Intel-inside model. Businesses that require robust security and quick deployment, notably in financial services, have become early adopters of what NetFoundry describes as a network-as-code model. The company states that the importance of secure, software-defined networking is increasing with the wider adoption of artificial intelligence across business sectors. Josh Schertzer, most recently Chief Technology Officer of Enterprise Technology at Blackstone, said: "Finance firms benefited from being the infrastructure-as-code leaders, and are now taking the final step by completing the platform with network-as-code deployments. NetFoundry's reinvention of secure networking was the missing link – the way to complete the journey to an infrastructure independent, secure-by-design enterprise platform." NetFoundry's technology supports a "develop once, deploy anywhere, deliver everywhere" model that allows teams to use distributed computing environments without needing to manage the details of network-level integration. Dan Burns, Partner at SYN Ventures and former Chief Executive Officer of cybersecurity business Optiv, said: "Only software can keep up with software. Dependencies on infrastructure, IP addresses, underlay networks, specific clouds and firewall ACLs are barriers to business velocity, security and agility. By eliminating these barriers, NetFoundry enables enterprises to simplify, secure and accelerate digital transformation." Public case studies referenced by NetFoundry include just-in-time zero trust networking applied to situations ranging from financial services and military drones, to industrial automation. Unlike Secure Access Service Edge (SASE) models that redirect and decrypt sensitive data, the company asserts its solution provides true end-to-end encryption with encryption keys kept solely on the endpoints, supporting both on-premises and cloud native installations. NetFoundry's offerings are available as Network-as-a-Service (NaaS) and on-premises licensed software, allowing businesses to connect workflows across diverse networks in a secure manner. The company also provides its zero trust solution to partners to include in products as embedded software. NetFoundry is the creator and maintainer of OpenZiti, an open source zero trust software package widely used in the cybersecurity sector. SYN Ventures is a venture capital firm dedicated to security investments, with a team comprising former Chief Information Security Officers, Chief Executive Officers, Chief Technology Officers and founders who together have more than 400 years' experience in security investment and operations, in addition to an established network of security advisors and CISOs.
