Ask a Solutions Engineer your technical questions in our October 9 Office HoursSign up
Get started
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.
Zero Trust Networking icon

Zero Trust Networking

Authorize, authenticate, and verify every interaction on your network

Identity-based, zero-trust access controls ensure your critical infrastructure is always protected.

remote access

Tying identity to network connections

Secure resources
ACL tags
Secure resources

Bolster your organization’s security posture

End-to-end encryption

End-to-end encryption

Modern WireGuard® encryption protocols protect communications across your private network
Microsegmentation

Microsegmentation

Any connection on the network between user, node, or service must be explicitly authorized in access control lists (ACLs).
Visibility into your network

Visibility into your network

Record and stream audit logs to your SIEM to surface any anomalous activity.
alt
[With Tailscale’s mesh topology], if a device is compromised, it’s much harder to move laterally through the network, because you don’t have the same level of wide-open network access.
Roopak Venkatakrishnan, Head of platforms and infrastructure at Bolt
Read full story

Dynamic access controls to meet the needs of any organization

Users

SSO with IDP

Users can authenticate using one of our supported identity providers to access the tailnet.

User & group provisioning (SCIM)

Sync users and group settings from one of our supported IdPs to keep ACLs up-to-date.

On-demand access

Partner integrations allow administrators to provide time-bound, elevated privileges for users.

Policies

Access controls lists (ACLs)

Create RBAC policies to determine which users, roles, or groups can access, which nodes on your tailnet.

ACL tests

Verify ACLs provide sufficient coverage against unnecessary exposure.

GitOps for ACLs

Manage ACLs version control within a CI/CD workflow using GitHub or GitLab.

Tailnet lock

A predetermined trusted node must verify the trusted keys of any nodes attempting to join your tailnet.

Logging

Configuration audit logging

Surface what configuration-based actions occurred, by whom, and when.

Network flow logging

Surface what node-to-node interaction occurred, and when.

Log streaming

Natively stream configuration or network flow logs to our SIEM integration partners.

SSH session recording

Store any Tailscale SSH session recording long-term in any S3-compatible service or local disk.

Try Tailscale for free

Schedule a demo
Contact sales
cta phone
mercury
instacart
Retool
duolingo
Hugging Face