Drop-in encryption

Encrypt every connection between your hosts

Encrypted connections between servers

Turn on strong, end-to-end encryption for the traffic between your servers, containers, and devices. No per-app TLS to configure, and no certificates to wrangle.

Connect up to 100 devices free

No credit card required

Encrypted connections between servers

A simpler way to encrypt everything

Automatic, certificate-based encryption instead of per-app TLS and hand-built tunnels

Patchwork encryption

TLS
  • Every app or link needs its own TLS or IPsec setup
  • Certificates are issued and rotated by hand, then expire unnoticed
  • Internal, east-west traffic often still travels in plaintext
  • Adding a host means reconfiguring tunnels and firewall rules

With Defined

  • Every host-to-host connection is encrypted by default
  • Certificates are issued and rotated automatically
  • East-west traffic is mutually authenticated, not just the edge
  • New hosts join the encrypted mesh with a single command

Encryption built into the network layer

Every host-to-host connection is mutually authenticated and encrypted automatically

Encrypted by default

Every connection uses modern, end-to-end encryption automatically, with no per-app TLS or key exchange to configure.

Mutually authenticated

Certificates decide which hosts can talk, so both ends of every tunnel prove their identity before any traffic flows.

Works anywhere your hosts run

Encrypt traffic between hosts on the same subnet or across the public internet, and Defined finds a direct route regardless.

Support compliance

Encrypt data in transit and mutually authenticate every connection to help satisfy HIPAA, SOC 2, PCI DSS, and GDPR.

Zero trust by design

Encryption pairs with an identity-based firewall, so hosts reach only the services they are explicitly authorized to.

Scales with your fleet

Roll out encryption across every host and network from one dashboard as your infrastructure grows.

How Defined stacks up

See how Defined compares to the tools teams most often replace

Frequently asked questions

  • Drop-in encryption adds strong, end-to-end encryption to the traffic between your servers, containers, and devices without changing your applications. With Defined Networking, every host joins an overlay mesh where connections are mutually authenticated with certificates and encrypted automatically, so you do not configure TLS or key exchange for each service yourself.

  • Each host runs a lightweight agent built on open-source Nebula and establishes direct, peer-to-peer tunnels to the hosts it is authorized to reach. Those tunnels use the Noise Protocol Framework with Curve25519 for key exchange and AES-256-GCM or ChaCha20-Poly1305 for encryption, so all traffic is encrypted in transit end to end.

  • No. Defined issues each host a certificate when it enrolls and handles rotation for you. There are no shared keys to distribute, no per-service TLS certificates to renew, and no expiry surprises, so encryption stays on without ongoing maintenance.

  • Yes. Because every connection rides the overlay, host-to-host traffic inside a data center or VPC is mutually authenticated and encrypted the same way as traffic across the public internet. You are not limited to encrypting only north-south traffic at the edge.

  • No. Defined provides network-layer connectivity, so any TCP or UDP service is encrypted transparently, including databases, internal APIs, and legacy applications that have no TLS of their own. Your apps keep talking to the same addresses while the traffic is encrypted underneath them.

  • Yes. Encrypting data in transit and mutually authenticating every connection supports controls in frameworks such as HIPAA, SOC 2, PCI DSS, and GDPR. Because encryption is applied consistently across every host, you avoid the gaps that come from configuring it service by service.

  • Yes. Hosts make outbound connections and use UDP hole punching to establish direct encrypted tunnels, so there are no inbound ports to open and no public endpoints to expose. Relays maintain encrypted connectivity when a direct path is not available.

  • Yes. You can connect up to 100 hosts for free with no credit card required, which is enough for most teams to encrypt their infrastructure before scaling up.

Encryption that just works

Fast, secure overlay networking with unlimited scalability. Up to 100 hosts free, no credit card required.

Get started