Visit website
Visit github

The no-bullshit ZTNA vendor directory

A curated, impartial and open-source directory of ZTNA vendors and architectures.

119

Vendors

11

Architectures

7

NIST tenets

1

Executive Orders

Show me the full list of ZTNA vendors
Zero Trust Network Access (ZTNA)

Approach meets architecture

Zero Trust Network Access (ZTNA)

ZTNA is a product or service that creates an identity and context-based, logical access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities.

  • Applications are hidden from discovery, no public visibility.
  • Access is restricted via a trust broker.
  • Broker verifies the identity, context and policy.
  • Lateral movement in the network is prohibited.
  • Reduced surface area available for attack.

The Seven Tenets of Zero Trust

NIST Special Publication 800-207

The United States National Institute of Standards and Technology (NIST) defines Zero Trust and a Zero Trust Architecture in terms of seven basic tenets. Though these tenets are the ideal goal, not all tenets need be fully implemented in their purest form for a given strategy. The British National Cyber Security Centre (NCSC) has also published a set of Zero Trust architecture design principles in which they define eight principles to help organizations implement a zero trust network architecture.

Zero Trust Architecture, NIST (2020)
Zero Trust Architecture Design Principles, NCSC (2021)

Everything is a resource

All data sources and computing services are considered resources

Session-based access

Access to individual resources is granted on a per-session basis

Monitor security posture

Monitor and measure the integrity and security posture all assets

Collect, measure and improve

Collect as much information as possible. Use it to improve security posture

NIST Special Publication 800-207

Secure all communications

All communication is secured regardless of network location

Policies must be dynamic

Access to resources is determined by dynamic policy

Authenticate before connect

Authentication and authorization are dynamic and enforced before access

NIST Special Publication 800-207

Everything is a resource

All data sources and computing services are considered resources

Secure all communications

All communication is secured regardless of network location

Session-based access

Access to individual resources is granted on a per-session basis

Policies must be dynamic

Access to resources is determined by dynamic policy

Monitor security posture

Monitor and measure the integrity and security posture all assets

Authenticate before connect

Authentication and authorization are dynamic and enforced before access

Collect, measure and improve

Collect as much information as possible. Use it to improve security posture

Security, at the edge

Gartner hails a SASE future. Forrester calls it Zero-Trust Edge.

Secure Service Access Edge (SASE) or Zero-Trust Edge (ZTE) combines network security functions with WAN capabilities to support the dynamic secure access needs of organizations. These capabilities are delivered primarily as a Service and based upon the identity of the entity, real time context and security / compliance policies. Central to the Zero Trust Edge (ZTE) model is Zero Trust Network Access (ZTNA) to authenticate and authorize users.

Andrew Lerner, Gartner (2019)
David Holmes, Forrester (2021
Gartner hails a SASE future. Forrester calls it Zero-Trust Edge.

Architecture

Many roads lead to ZTNA
Each architecture has strengths, weaknesses and trade-offs

Cloud-based Identity Aware Proxy

...

View Vendors
Cloud-based Identity Aware Proxy

Identity Defined Network

...

View Vendors
Identity Defined Network

Next Generation Firewall

Slicing the network into small logical segments and controlling access to applications and data on those segments. Diving the network into smaller segments reduces the attack surface for malicious attackers. Micro-segmentation policies are based on logical attributes or resource identity versus the user’s identity or IP addresses.

View Vendors
Next Generation Firewall

Network Virtualization Overlays

https://datatracker.ietf.org/wg/nvo3/documents/

View Vendors
Network Virtualization Overlays

Identity Aware Proxy

...

View Vendors
Identity Aware Proxy

SD-WAN

Inter-site encryption and routing, bandwidth control, path selection and application visibility between appliances at the edge of each logical or physical network in the organisation.

View Vendors
SD-WAN

Software Development Kits (SDKs)

View Vendors
Software Development Kits (SDKs)

Software Defined Perimeter

Endpoint agent connectivity to an SDP connector (reverse proxy appliance) deployed at the network edge governed by a controller. Usually based on single packet authorization (SPA). May also be deployed as a straight Identity Aware Proxy (IAP), with no agent or SDP connector. Applications are accessed through a tunnel at the network layer or a reverse proxy.

View Vendors
Software Defined Perimeter

Secure Web Gateway

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque non libero at sapien laoreet dapibus. Donec in semper augue. Sed elit odio, consectetur ut risus ac, sodales scelerisque nisl. Integer enim eros, ullamcorper a sodales faucibus, molestie vel urna. Sed euismod molestie pretium.

View Vendors
Secure Web Gateway

Unclassified

...

View Vendors
Unclassified

Zero-Trust Overlay Network

Direct, peer to peer connectivity enabled by UDP or TCP hole punching.

View Vendors
Zero-Trust Overlay Network

Technology Timeline

2000

2003

2007

2009

2010

2015

2017

2021

2000

Software-defined perimeter

A software-defined perimeter (SDP), also called a «black cloud», is an approach to computer security which evolved from the work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative around 2007.

2003

The Lord of the Rings: The Return of the King

Epic fantasy adventure film directed by Peter Jackson, based on the third volume of J. R. R. Tolkien's The Lord of the Rings. The film is the final entry in the Lord of the Rings trilogy and was produced by Barrie M. Osborne, Jackson and Fran Walsh, from a screenplay by Walsh, Philippa Boyens and Jackson.

2007

Pirates of the Caribbean: At World's End

American epic fantasy swashbuckler film directed by Gore Verbinski, the third installment in the Pirates of the Caribbean film series and the sequel to Dead Man's Chest (2006)

2009

Avatar

The film is set in the mid-22nd century when humans are colonizing Pandora, a lush habitable moon of a gas giant in the Alpha Centauri star system, in order to mine the valuable mineral unobtanium.

2010

Toy Story 3

In the film, Andy Davis, now 17, is leaving for college. Woody, Buzz Lightyear, and the other toys are accidentally donated to a daycare center by Andy's mother, and the toys must decide where their loyalties lie. .

2015

Star Wars: The Force Awakens

Set thirty years after Return of the Jedi, The Force Awakens follows Rey, Finn, Poe Dameron, and Han Solo's search for Luke Skywalker and their fight in the Resistance, led by General Leia Organa and veterans of the Rebel Alliance, against Kylo Ren and the First Order, a successor to the Galactic Empire.

2017

Star Wars: The Last Jedi

Shortly after the battle of Starkiller Base,[N 1] General Leia Organa is leading the Resistance forces in evacuating their base when the First Order fleet arrives. Against Leia's orders, Poe Dameron leads a costly counterattack that destroys a First Order dreadnought.

2021

Spider-Man: No Way Home

After Quentin Beck frames Peter Parker for murder and reveals his identity as Spider-Man,[N 1] Parker, his girlfriend MJ, best friend Ned Leeds, and aunt May are interrogated by the Department of Damage Control. Lawyer Matt Murdock gets Parker's charges dropped, but the group grapples with negative publicity.

Lorem Ipsum is simply

The no-bullshit ZTNA vendor directory

Cloud-based Identity Aware Proxy

Vendor ingests some, or all traffic from the Enterprise to the vendor's network, applies security filtering and provides egress pathways to the Public Internet, SaaS or internal applications.

Strengths

  • Vendor applies security on their platform.

Weaknesses

  • Business network depends on vendor uptime.

Trade-offs

  • All network traffic is routed via the vendor.
  • Vendor terminates your TLS sessions.
  • Vendor has access to your data.

Cloud-based Identity Aware Proxy Vendors

# Company Product License Deployment Pricing
1. Axis Security
2. BlackBerry BlackBerry Gateway
3. CloudFlare Access
4. CloudFlare Gateway
5. Xaptum Edge Network Fabric Commercial SaaS n/a

Identity Defined Network (IDN)

Nullam quis risus eget urna mollis ornare.

Strengths

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Weaknesses

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Trade-offs

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Identity Defined Network Vendors

# Company Product License Deployment Pricing
1. Tempered Networks Airwall

Identity Aware Proxy (IAP)

Customer hosts a proxy appliance on the Public Internet with open ports. Clients to connect to public proxy and authenticate. Some architectures chain proxies together, secondary proxies may connect to the primary with reverse tunnels and so not also require a presence on the Public Internet. Usually no endpoint agent is required. Proxies are often publically visible. Applications are accessed through standard HTTPS protocols at the application layer.

Strengths

  • Protocol aware. Access to application traffic.

Weaknesses

  • Business network depends on vendor uptime.

Trade-offs

  • All network traffic is routed via the vendor.

Identity Aware Proxy Vendors

# Company Product License Deployment Pricing
1. Gravitational, Inc Teleport xxxxxxxxxxxxxxxxxxxx
2. ZScaler Private Access

SD-WAN

Nullam quis risus eget urna mollis ornare.

Strengths

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Weaknesses

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Trade-offs

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

SD-WAN Vendors

# Company Product License Deployment Pricing
1. Open Systems ZTNA

Software Development Kits (SDKs) (SDK)

Nullam quis risus eget urna mollis ornare.

Strengths

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Weaknesses

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Trade-offs

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Software Development Kits (SDKs) Vendors

# Company Product License Deployment Pricing
1. NetFoundry Ziti
2. ZeroTier libzt Open Source SaaS Available

Software Defined Perimeter (SDP)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque non libero at sapien laoreet dapibus. Donec in semper augue. Sed elit odio, consectetur ut risus ac, sodales scelerisque nisl. Integer enim eros, ullamcorper a sodales faucibus, molestie vel urna. Sed euismod molestie pretium.

Proin ultricies tortor justo, sed pulvinar sem tincidunt id. Vivamus ullamcorper dictum ante ac dignissim.

Strengths

  • No ingress traffic, firewalls can be closed.
  • Good for north-south (client-to-server) traffic.

Weaknesses

  • Connector deploys as VM or appliance.
  • Connector appliance requires patching.
  • Connector availability determines system uptime.
  • Weak for east-west (server-to-server) traffic.
  • Lacks universal protocol support.
  • Must be reconfigured if network changes.

Trade-offs

  • SDP controller becomes the new target.
  • Replaces multiple (separate) layers of protection.
  • Deploys alongside existing systems.

Software Defined Perimeter Vendors

# Company Product License Deployment Pricing
1. AppGate Secure Access
2. Banyan Security
3. Banyan Security
4. Cyolo SecureLink https://cyolo.io/blog/zero-trust/7-questions-zero-trust-provider/ | https://cyolo.io/zero-trust/
5. Fortinet FortiGate
6. Perimeter81 Perimeter81
7. Pulse Secure Pulse SDP
8. Resiliant
9. Sangfor Technologies Sangfor Private Access
10. TransientX TransientAccess Acquired by Deloitte (2021)
11. Twingate

Unclassified

Nullam quis risus eget urna mollis ornare.

Strengths

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Weaknesses

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Trade-offs

  • Nullam quis risus eget urna mollis ornare.
  • Donec id elit non mi porta gravida at eget.
  • Fusce dapibus, tellus ac cursus commodo.

Unclassified Vendors

# Company Product License Deployment Pricing
1. Akamai Enterprise Application Access Commercial SaaS Bespoke
2. Alkira Alkira
3. Amazon Web Services WorkLink
4. Aviatrix Aviatrix
5. Aviatrix Aviatrix
6. Barracuda CloudGen Access
7. BitGlass Zero Trust Network Access
8. BlackRidge Technology Transport Access Control
9. Broadcom (Symantec) Luminate Secure Access Cloud
10. Cato Networks App Proxy
11. Centrify
12. Certes Networks Zero Trust WAN SDP
13. Check Point Infinity
14. Cisco
15. Citrix
16. Cohesive
17. Colortokens
18. Containo
19. Cyber Ark
20. Deep Cloud Technology Deep Cloud SDP
21. Dexter Edward
22. Dispel
23. Dispersive Networks Virtual Network
24. Duo Beyond
25. Edgewise
26. Elisity
27. Elisity Elisity
28. Ericom Ericom ZTEdge SASE Platform
29. Fly.io
30. Forcepoint
31. Forescout
32. Fyde
33. Google BeyondCorp Remote Access
34. Google Cloud Identity-Aware Proxy Cloud IAP
35. Gravitational
36. Guardicore Acquired by Akamai
37. Hashicorp Boundary
38. Illumio
39. Inlets
40. InstaSafe Secure Access ZTNA as a Service
41. Juniper Networks
42. Kuma
43. LogMeIn Hamachi ??
44. Megaport
45. Meta Networks Network as a Service
46. Microsoft Azure App Proxy App Proxy Windows Only
47. Midonet
48. MobileIron Access
49. Mysocket.io Open Source Self-host
50. Net Abstraction
51. NetFoundry
52. NetMotion Software
53. NetSkope Private Access
54. Ngrok ngrok link
55. OPSWAT
56. Odo.io
57. Okta Advanced Server Access ZTNA as a Service
58. OpenVPN
59. Palo Alto Networks Prisma Access
60. Pritunl
61. Proofpoint Zero Trust Network Access
62. Prosimo Prosimo
63. QI-ANXIN Group
64. Remote.it
65. Retrieve.ro
66. SAIFE Continuum ZTNA as a Service
67. Safe-t Software-Defined Access Suite
68. SecureLink SecureLink
69. Silver Peak
70. Silverfort Silverfort
71. Smallstep
72. StrongDM
73. Tencent Security
74. Trasa
75. Unisys Stealth
76. VMWare Workspace One Unified Access Gateway
77. Verizon Vidder Precision Access ZTNA as a Service
78. Versa Networks ZTNA
79. Viptela
80. Wavery Labs Open Source SDP
81. Weave Works
82. Witesand Witesand
83. Xage
84. Zentera Cloud-Over-IP (COiP) Access
85. Zentry Security
86. ZeroC
87. ZeroTrustEdge Client + Clientless SDP

Zero-Trust Overlay Network

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque non libero at sapien laoreet dapibus. Donec in semper augue. Sed elit odio, consectetur ut risus ac, sodales scelerisque nisl. Integer enim eros, ullamcorper a sodales faucibus, molestie vel urna. Sed euismod molestie pretium.

Proin ultricies tortor justo, sed pulvinar sem tincidunt id. Vivamus ullamcorper dictum ante ac dignissim.

Strengths

  • No gateway devices or proxy servers.
  • No ingress traffic, firewalls can be closed.
  • Universal protocol support.
  • Supports incremental deployment.
  • Supports north-south (client-to-server) traffic.
  • Supports east-west (server-to-server) traffic.
  • Removes complexity from the network.
  • Resilient to temporary trust broker failures.
  • Resilient to temporary controller failures.

Weaknesses

  • Agent-based deployment model.
  • Agent software requires patching.

Trade-offs

  • Trust broker platform becomes the new target.
  • Replaces multiple (separate) layers of protection.
  • Deploys on existing systems.

Zero-Trust Overlay Network Vendors

# Company Product License Deployment Pricing
1. Ananda Networks Ananda Commercial SaaS Not Published
2. Defined Networking Nebula Open Source Self-hosted n/a
3. Enclave Networks Enclave Commercial SaaS Published
4. Gravitl Netmaker Open Source Self-hosted Paid support
5. Husarnet Husarnet Open Source SaaS and Self-hosted Published
6. Tailscale Tailscale Open Source SaaS Published
7. Twingate Twingate Commercial SaaS Published
8. Wiretrustee Wiretrustee Open Source SaaS n/a
9. ZeroTier ZeroTier Open Source SaaS and Self-hosted Published
10. n/a Headscale (Tailscale Clone) Open Source Self-hosted n/a

Customer Stories

Customer satisfaction is our major goal. See what our customers are saying about us.

"Sed posuere consectetur est at lobortis. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis mollis, est non commodo luctus, nisi erat. "

Cornelia Gibson

Cornelia Gibson

Financial Analyst

"Vivamus sagittis lacus vel augue laoreet rutrum faucibus dolor auctor. Vestibulum id ligula porta felis euismod semper. Cras justo odio, dapibus. "

Coriss Ambady

Coriss Ambady

Marketing Specialist

"Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget. "

Barclay Widerski

Barclay Widerski

Sales Manager

"Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget. "

Barclay Widerski

Barclay Widerski

Sales Manager

"Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget. "

Jackie Sanders

Jackie Sanders

Sales Specialist

Our Blog

Lorem Ipsum is simply dummy text of the printing and typesetting industry.

wedding

Linux, Cockpit And Enclave
Read svg icon
svg icon

06 Feb 2022

wedding

Wedding With Fashion And Trying
Read svg icon
svg icon

08 Oct 2020

couples

Couples And Danching With Faster
Read svg icon
svg icon

07 Oct 2020

engagement

Engagement Our Statement With Goal
Read svg icon
svg icon

07 Oct 2020

Show more articles
Subscription successfully completed!

Subscription successfully completed!

Thank you for your subscription!