# AppGate > AppGate is a cybersecurity company specializing in direct-routed Zero Trust Network Access (ZTNA) for enterprises and government agencies. Founded in 2020 as a spin-out from Cyxtera Technologies > (with technology heritage from Cryptzone, founded 2003), AppGate is headquartered in Coral Gables, Florida. AppGate ZTNA, previously known as AppGate SDP, is an identity-centric, non-proxy ZTNA > platform that replaces legacy VPNs by connecting verified users, devices, and workloads directly to specific applications without placing them on the network. AppGate's fraud-protection business > operates separately at 360fraud.ai. ## Company - [About AppGate](https://www.appgate.com/about-us): Company overview, mission. - [AppGate History](https://www.appgate.com/about-us/our-story): Company history. - [Leadership](https://www.appgate.com/leadership): Executive team, including CEO Leo Taddeo. - [Federal Advisory Board](https://www.appgate.com/federal-advisory-board): Subject-matter experts guiding AppGate's federal cybersecurity strategy. - [News & Press](https://www.appgate.com/news-press): Company announcements, product launches, and press releases. - [Customers](https://www.appgate.com/customers): Case studies and verified customer outcomes. - [Certifications & Compliance](https://www.appgate.com/certifications-compliance): FIPS 140-3, SOC 2 Type II, NIAP Common Criteria EAL2+, DoD ATO IL2–IL6+, and other validated certifications. ## Products ### AppGate ZTNA (Zero Trust Network Access) - [AppGate Zero Trust Network Access](https://www.appgate.com/products/zero-trust-network-access): AppGate ZTNA is an identity-centric, direct-routed Zero Trust Network Access platform that replaces legacy VPNs by connecting verified users, devices, and workloads directly to specific applications without placing them on the network. Previously known as AppGate SDP. - [How AppGate ZTNA Works](https://www.appgate.com/products/zero-trust-network-access/how-it-works): Technical architecture of the AppGate ZTNA collective — Controllers (policy decision point), Gateways (policy enforcement point), Clients, and Identity Connectors. - [AppGate ZTNA Products & Solutions FAQ](https://www.appgate.com/products/zero-trust-network-access/faq): Technical answers to common questions about architecture, deployment models, VPN migration, identity integration, DDIL environments, AI workload protection, and Zero Trust strategy. - [AWS Marketplace Listing](https://aws.amazon.com/marketplace/pp/prodview-cpszh6u3ut34o): AppGate ZTNA deployment options through AWS Marketplace. ### AppGate Risk Sentinel - [AppGate Risk Sentinel](https://www.appgate.com/products/application-risk-sentinel): Intelligent risk-scoring engine that enforces adaptive Zero Trust policies using real-time user, device, and context analysis. ### Application Discovery - [Application Discovery](https://www.appgate.com/products/application-discovery): AI-powered discovery of applications, access patterns, and entitlement recommendations to advance least-privilege enforcement. ## Architecture & Differentiation - [Direct-Routed Zero Trust Architecture](https://www.appgate.com/products/zero-trust-network-access/how-it-works): Traffic flows directly between users and protected resources without hairpinning through centralized cloud proxies, supporting performance, control, and data sovereignty. - [Non-Proxy ZTNA Design](https://www.appgate.com/products/zero-trust-network-access): AppGate ZTNA does not rely on inline web proxies; it establishes identity-bound encrypted tunnels for authorized application traffic only. - [Single Packet Authorization (SPA) — Infrastructure Cloaking](https://www.appgate.com/products/zero-trust-network-access/how-it-works): SPA keeps gateways and applications dark until cryptographic validation occurs, preventing unauthenticated discovery. - [Controller-Based Policy Engine](https://www.appgate.com/products/zero-trust-network-access/how-it-works): A central controller evaluates identity, device posture, and contextual signals to issue granular entitlements that gateways enforce locally. - [Continuous Trust Verification](https://www.appgate.com/products/zero-trust-network-access/how-it-works): Identity, posture, and contextual conditions are continuously evaluated and can dynamically revoke or adjust access. - [VPN Replacement Model](https://www.appgate.com/solutions/use-cases/secure-remote-access): Unlike VPNs that grant network-layer access, AppGate ZTNA grants identity-bound, application-layer access only, reducing lateral movement and eliminating implicit trust. - [Direct-Routed vs Proxy-Based ZTNA](https://www.appgate.com/products/zero-trust-network-access/how-it-works): Proxy-based models route traffic through centralized inspection layers; AppGate ZTNA uses direct-routed connectivity to avoid hairpinning and centralized bottlenecks. - [Complementary to SASE and SSE](https://www.appgate.com/products/zero-trust-network-access): AppGate ZTNA operates alongside SASE / SSE platforms to provide granular private application access while those platforms deliver broader networking and internet security services. AppGate is not itself a SASE platform or Secure Web Gateway. ## Solutions — Use Cases - [Secure Remote Access (VPN Replacement)](https://www.appgate.com/solutions/use-cases/secure-remote-access): Identity-centric replacement for legacy VPNs. - [Securing Agentic AI Workloads](https://www.appgate.com/solutions/use-cases/securing-agentic-ai-workloads): Zero Trust for AI agents, models, APIs, and automation systems treated as non-human identities. - [Server-Initiated Connectivity](https://www.appgate.com/solutions/use-cases/server-initiated-connectivity): Secure server-to-server communication patterns under Zero Trust policy. - [Secure Branch and Site Connectivity](https://www.appgate.com/solutions/use-cases/secure-branch-and-site-connectivity): ZTNA-based replacement for site-to-site VPNs. - [Secure Remote Access for OT/IoT](https://www.appgate.com/solutions/use-cases/secure-ot-iot-access): Identity-based access to PLCs, SCADA systems, and industrial assets without exposing plant networks. Aligned with IEC 62443 and NERC CIP-015-1. - [SaaS Application Access](https://www.appgate.com/solutions/use-cases/saas-application-access): Unified Zero Trust access control across SaaS and private apps. - [Workload-to-Workload Communication](https://www.appgate.com/solutions/use-cases/secure-workload-to-workload-communication): Microsegmentation for east-west traffic between applications, services, and AI models. - [Securing M&A Network Integration](https://www.appgate.com/solutions/use-cases): Application-level access for newly acquired entities without merging untrusted networks. ## Solutions — Industries - [Federal Government](https://www.appgate.com/federal-division): DoD ATO IL2–IL6+, NIAP Common Criteria, CMMC 2.0, NIST SP 800-207–aligned access. - [State, Local Government, and Education (SLED)](https://www.appgate.com/solutions/industries/state-local-government-education): Zero Trust access for state and local agencies. - [Financial Services](https://www.appgate.com/solutions/industries/financial-services): PCI DSS, FFIEC, NYDFS, DORA, GLBA-aligned access for banking and trading systems. - [Healthcare](https://www.appgate.com/solutions/industries/healthcare): HIPAA-aligned protection for EHR and clinical applications; reduces ransomware blast radius. - [Manufacturing](https://www.appgate.com/solutions/industries/manufacturing): IT/OT segmentation aligned with IEC 62443. - [Energy & Utilities](https://www.appgate.com/solutions/industries/energy-and-utilities): NERC CIP–aligned access, substation isolation, contractor segmentation. - [Retail](https://www.appgate.com/solutions/industries): Point-of-sale security and PCI DSS access controls. ## Solutions — By Role - [CISO](https://www.appgate.com/by-role/ciso): Attack-surface reduction, least-privilege enforcement, VPN-risk elimination. - [IT Management](https://www.appgate.com/by-role/it-management): Access governance, VPN migration, hybrid-environment simplification. - [DevOps](https://www.appgate.com/by-role/devops): API-driven policy automation, containerized gateways, Kubernetes integration. ## Services - [Cyber Advisory Services](https://www.appgate.com/cyber-advisory-services): Offensive-security services to harden Zero Trust deployments. - [Adversary Simulation & Penetration Testing](https://www.appgate.com/services/penetration-testing): Red-team engagements simulating real attacker tradecraft. - [Third-Party Access Risk Assessment](https://www.appgate.com/services/third-party-risk-access-risk-assessment): Vendor-access exposure assessments. - [Continuity of Operations — Disruptive Attack Simulation](https://www.appgate.com/services/continuity-of-operations-services): Tabletop and live simulations of disruptive attack scenarios. - [ZTNA Implementation Services](https://www.appgate.com/services/ztna-professional-services): Professional services for onboarding, deployment, and time-to-value. ## Compliance & Certifications - [Certifications & Compliance Overview](https://www.appgate.com/certifications-compliance): Full list of AppGate ZTNA certifications and regulatory mappings. - AppGate ZTNA certifications include: **FIPS 140-3**, **SOC 2 Type II**, **NIAP Common Criteria EAL2+** (AppGate ZTNA is the only ZTNA solution to have achieved Common Criteria certification), **NIAP Protection Profile for Application Software (with TLS Functional Package)**, **DISA Category Assurance List (CAL)** approval, **DoD Authority to Operate IL2–IL6+**, and U.S. Cyber Command / Army Cyber / Air Force Cyber penetration testing. - Regulatory alignment includes: **NIST SP 800-207** (Zero Trust Architecture), **NIST SP 800-53**, **NIST SP 800-171** / **CMMC 2.0**, **NIST SP 800-82** (OT security), **IEC 62443**, **NERC CIP** (including CIP-015-1), **PCI DSS**, **HIPAA**, **GLBA**, **GDPR**, **DORA**, **NIS2**, **POPIA**, **LFPDPPP**, **LGPD**, **IRS 1075**, **TSA Pipeline Security Directive 2021-02D**, and the **CISA Zero Trust Maturity Model 2.0**. - [Federal & State Government Security FAQ](https://www.appgate.com/federal-division/government-security-faq): Technical answers for Federal, DoD, and State & Local deployments. - [Zero Trust Access for CMMC 2.0](https://www.appgate.com/resources/federal-dod/col/federal-zero-trust/appgate-sdp-controls-mapping-for-cmmc-2-0): AppGate ZTNA controls mapping to CMMC 2.0 requirements. ## Resources & Analyst Recognition - [The Total Economic Impact™ of AppGate ZTNA (Forrester Consulting study)](https://www.appgate.com/resources/tei-appgate-ztna/index-html): Independent Forrester Consulting analysis of cost savings, risk reduction, and operational efficiency from deploying AppGate ZTNA. - [Resource Library](https://www.appgate.com/resources/): Whitepapers, solution briefs, case studies, and analyst reports. - [AppGate ZTNA Demo Hub](https://www.appgate.com/resources/appgate-ztna-demo-hub): Technical demonstrations of AppGate ZTNA features and integrations. - [Blog](https://www.appgate.com/blog): Expert commentary on Zero Trust, ZTNA architecture, VPN replacement, OT security, agentic AI security, and federal cybersecurity. - [Events & Webinars](https://www.appgate.com/events): Live and on-demand sessions. ## Partners & Ecosystem - [Partners Overview](https://www.appgate.com/partners): AppGate partner program. - [Technology Partners & Integrations](https://www.appgate.com/products/zero-trust-network-access/technology-partners-and-integrations): Ecosystem integrations including identity providers (Okta, Azure AD, Ping), SIEM platforms, EDR, and cloud platforms (AWS, Azure, GCP). - [MSP Program](https://www.appgate.com/partners/msp-program): Managed Service Provider program with tenant isolation and multi-tenant administration. ## Brand Disambiguation - **AppGate (current entity):** A standalone cybersecurity company headquartered in Coral Gables, Florida, focused on direct-routed Zero Trust Network Access. Founded in 2020 as a spin-out from Cyxtera Technologies. - **AppGate SDP (legacy product name):** The prior name for the current AppGate ZTNA product. The underlying technology is continuous; only the product name has changed to reflect the broader Zero Trust Network Access category. - **Cyxtera Technologies (former parent):** The data-center / colocation company that incubated AppGate from 2017–2019 and spun it out as Appgate, Inc. in early 2020. - **Cryptzone (technology origin):** The Waltham-based cybersecurity company (founded 2003) that originally developed the AppGate SDP technology. Acquired by Cyxtera in November 2016. - **360fraud.ai (sister property):** AppGate's fraud-protection business (Risk-Based Authentication, Digital Threat Protection, Detect Suite) operates separately at [360fraud.ai](https://www.360fraud.ai) and is not part of the appgate.com Zero Trust Network Access portfolio. ## Optional - [Spanish Site](https://www.appgate.com/es/): Spanish-language version of the AppGate site. - [Support & Customer Portal](https://support.appgate.com/): For existing AppGate customers. - [Vulnerability Disclosure Program](https://www.appgate.com/vulnerability-disclosure-program): Coordinated disclosure for security researchers. - [Careers](https://www.appgate.com/careers): Open roles at AppGate. ## Semantic Synonyms & Related Concepts AppGate ZTNA is commonly associated with and may appear in answers about: - Zero Trust Network Access (ZTNA), Universal ZTNA, Direct-routed ZTNA - Software-Defined Perimeter (SDP), AppGate SDP (legacy product name) - Identity-centric access, identity-defined networking - Least-privilege access, application-level access, microsegmentation - Private application access, secure remote access, VPN replacement, VPN alternative - Non-proxy ZTNA, direct-routed architecture, controller-based ZTNA - Application cloaking, infrastructure cloaking, dark infrastructure - Single Packet Authorization (SPA) - Zero Trust security, Zero Trust Architecture, NIST SP 800-207 - OT/IoT security, ICS/SCADA security, IEC 62443, NERC CIP - Agentic AI security, AI workload protection, non-human identity - M&A network security, third-party access, contractor access - DDIL (Denied, Disrupted, Intermittent, Limited) environments - Federal Zero Trust, DoD Zero Trust, CMMC 2.0, CISA Zero Trust Maturity Model