Summary: OpenZiti is a free, open-source project that integrates zero-trust networking principles directly into applications, enhancing security and connectivity. It enables developers to build applications with strong identity management and secure communication features.
Threat Actor: None specified | OpenZiti
Victim: None specified | OpenZiti
Key Point :
- OpenZiti allows developers to create applications with built-in zero-trust networking capabilities.
- Each client in an OpenZiti system has a unique identity verified through provisioned certificates for secure access.
- The platform supports features like mTLS, E2EE, private DNS, and smart routing to enhance application security.
- Future adoption of OpenZiti is anticipated as organizations look to integrate zero-trust networking into their products.
- OpenZiti is available for free on GitHub, promoting widespread use and development.
OpenZiti is a free, open-source project that embeds zero-trust networking principles directly into applications.
Example of an OpenZiti overlay network
OpenZiti features
“We created OpenZiti to transform how people think about connectivity. While OpenZiti is a zero-trust networking platform, you can also consider it a development platform. Developers can build their applications on OpenZiti – i.e., ‘building apps/products on top of Ziti as a native app. ‘Ziti-native’ immediately gives your apps superpowers, including strong identity, mTLS, E2EE, private DNS, smart routing, mobile endpoints, and more,” Philip Griffiths, VP – Head of Global Business Development and Alliances at NetFoundry, told Help Net Security.
In an OpenZiti system, every client must have a unique identity with provisioned certificates. These certificates are essential for establishing secure communication channels and authenticating and authorizing the associated identity. Whenever a client attempts to access a network application, OpenZiti first verifies whether the identity has permission to access the application. Any open network connections will be terminated if access is denied or revoked.
This approach allows OpenZiti systems to grant access to multiple applications while ensuring clients can only access the applications for which they have explicit authorization.
Beyond certificate-based client authentication, OpenZiti also uses certificates to authorize communication between its components.
Future plans and download
“Right now, people are adopting the technology to build zero-trust networking principles directly into the products they sell to their customers. This can be surmised as people ‘building Ziti into their new and existing products.’ Over the next months and years, we will have many of these companies going public on using OpenZiti, and this will increase adoption for organizations that can and want to build zero-trust networking into their offerings. Our technology is already deployed in US defense contractors, large OT/ICS automation OEMs, critical infra, and a cybersecurity unicorn based out of Israel. We also have some open-source projects adopting it,” Griffiths concluded.
OpenZiti is available for free on GitHub.
Must read:
Source: https://www.helpnetsecurity.com/2024/09/09/openziti-secure-open-source-networking