Get to zero trust with Tetrate Service Bridge

The only way to secure your applications across hybrid workloads

Protect your apps with end-to-end, dynamic, L7 access control

Zero trust means network location alone does not imply trust. Access to every resource is dynamically authenticated and authorized and only for a limited time.

Authenticate and authorize

Authenticate and authorize everywhere

Dynamically authenticate and authorize every access request at policy enforcement points in front of every resource. The workload is the new perimeter.

Enforce end-to-end mTLS

Enforce end-to-end mTLS

Ensure the privacy and integrity of all communication with encryption on the wire and cryptographically proven identities for both sides.

Enforce policy dynamically

Enforce policy dynamically

Use runtime context like user, location, tima, and application to define robust access policies and enforce them dynamically at each request.

Observe, adapt, improve

Observe, adapt, improve

Continuously log and monitor policy enforcement and the security posture of all assets. Feed insights gained from observation back to improve policy.

Get zero trust from the people who set the standards

Tetrate and NIST have partnered to define the standards of zero trust for microservices

Zero Trust ArchitectureSecure MicroservicesMicroservices Based Application
Tetrate partners with the National Institute of Standards and Technology (NIST) to define and promote the standards for zero trust. NIST special publication 800-207 defines zero trust architecture. SP 800-204, 800-204A, and 800-204B, co-authored by Tetrate, offer deployment recommendations.

Learn more about our NIST partnership ›

Get zero trust out of the box

The only application connectivity platform with zero trust built in

Tetrate Service Bridge provides comprehensive out-of-the-box cyber security features for application components including strong workload identity, authentication, encryption, and fine-grained, dynamic authorization and access control.

TSB prevents lateral movement of threat actors by creating enforcement perimeters around individual workloads, collections of app components, or entire network domains, implementing a zero trust approach across hybrid and multi-cloud environments, bridging traditional monoliths and microservices architectures.

Tetrate Service Bridge Overview

  • Multi-cluster, multi-cloud
  • Any workload: from containers to VMs to bare metal
  • Strong workload identity
  • Authentication
  • End-to-end mTLS
  • Fine-grained, dynamic authorization
  • Secure multi-tenancy
  • Central policy authorship, global policy enforcement
  • Runtime observability, historical proof, and audit

Zero trust everywhere

Security as strong behind the firewall as in front of it


Apply developer-led agile security and zero trust posture to all apps

Apply a force multiplier to your security team by enabling them to author security policy, then delegate to app teams to apply them and the mesh to enforce them at runtime.


Globally apply consistent access controls

Centrally configure and globally enforce access controls consistently across your entire application fleet.


Observability and proof of enforcement historically and at runtime

Get runtime visibility and historical proof for audit of security policy enforcement globally at the click of a button.

Istio success stories

Use cases

App modernization
If you are refactoring applications into microservices, you’re on a journey into a new application paradigm that requires new ways of thinking about security. The zero trust principles established by NIST and Tetrate of creating enforcement perimeters around individual workloads and a solution to facilitate the management enforcement of policy is a great place to start.

Digital transformation
Create additional revenue by offering internal services as external APIs while protecting internal resources from untrusted users.

Third-party integration
Expand your business ecosystem and more tightly integrate with your existing partners safely with end-to-end encryption and fine-grained dynamic authorization in front of every internal resource.

Regulatory compliance
Get out of the box controls to ensure compliance with regulatory requirements plus FIPS and federally certified builds. Audit log exports are also available to provide proof of current and historical adherence to governance and compliance standards.

Application-level microsegmentation
Apply a minimum trust boundary around every application and microservice to eliminate the network attack surface.

Resources on Zero Trust

Zero Trust Architecture

White Paper

Zero Trust

Zack Butcher—Tetrate founding engineer and co-author of NIST SP 800-204a, “Building Secure Microservices-based Applications Using Service-Mesh Architecture”

Download ›


Zero Trust- Webinar

Zero Trust at the Department of Defense
Zero Trust in the Department of Defense and what the recent cybersecurity executive order means for federal agencies. Watch this webinar and get an in-depth view.

Watch Now ›


Application Authentication and Authorization

Offloading Authentication and Authorization
NIST and Tetrate have partnered to create recommendations around safely and securely offloading authentication and authorization from application code to a service mesh.

Read More ›