Zero Trust Security

One policy.
Every threat.

Secure web gateway, firewall and access control on one identity-aware policy plane. Enforced at your gateways, audited end to end.

Book a demo → See capabilities
100 %
Decisions audited
6
Device posture checks
0
Implicit trust
365 days
Max audit retention

Identity enforcement

Every request answers two questions: who, and what.

01 · IDENTITY

Who is making the request?

Identity comes from your IdP — the user and their group — verified on every request, not just at login.

  • SSO / SCIM identity, continuously checked
  • Group- and role-based access

02 · DEVICE

What is it running on?

Device posture decides what's allowed — managed, encrypted, patched. Unhealthy devices never reach the app.

  • Disk encryption, OS, firewall, antivirus
  • Managed / unmanaged separation

03 · POLICY

One policy, every application.

Write the rule once and it is enforced at every gateway. SWG, firewall and access live on one policy plane — no rule sprawl.

  • Per-app, per-identity policy
  • One source of truth to manage

04 · VERDICT

Allow or block — and log it.

Every decision is enforced inline and written to a tamper-evident audit trail. Nothing happens off the record.

  • Enforced inline at the gateway
  • Tamper-evident audit trail
Easy to manage

Write it once. Enforce it everywhere.

One policy plane fans out to every app, gateway and user. No duplicated rules, no drift between tools — change a policy in one place and it's live everywhere.

One policy plane SWG + firewall + access Version controlled
ACCESS POLICY one rule payments-api internal-wiki ci-runner s3-store admin-panel

Everything in Security

A full security stack, one policy plane.

Secure web gateway, firewall and access control — unified, application-aware, and audited end to end.

Secure web gateway Lead

DNS-level filtering by domain, category and identity — connections to bad destinations are blocked before they are ever made.

crypto-drainer.net · denied blocked github.com · eng-team allow gambling · category rule blocked

Firewall Lead

Identity-aware L3/L4 firewall with IP lists and a rule simulator — one rule set across every site and cloud.

Access policies

Per-app, per-identity access with IP and time-window conditions — allow exactly who and what should connect.

Device posture

Gate access on live checks — disk encryption, firewall, OS version, screen lock, antivirus — with trust score thresholds.

Application-aware

Policy that understands the app — not just an IP and a port.

Audit trail

Every decision logged to a tamper-evident record, retained on your terms.

Identity enforcement

Who and what, verified on every request.

Policy simulation

Test any access decision stage by stage before it ships.

Compliance

Cyber Essentials Plus certified, with audit evidence built for the questions assessors ask.

Audit trail

Every decision, on the record.

Allow or block, who and what, when and why — every enforcement decision is written to a tamper-evident audit trail, retained on your terms. Built for the questions auditors actually ask.

Tamper-evident chain Retention you control Evidence-ready
audit-trail · live recording
09:42:01 dana@acme · blocked domain block
09:42:03 eng-payments · payments-api allow
09:42:05 unmanaged host · internal-db block
09:42:08 sso:okta · admin-panel · mfa allow
09:42:11 guest-wifi · category: gambling block
09:42:14 ci-runner · s3-store allow
Works with your stack

Posture from signals you already trust.

The agent reads the device's own security state — encryption, antivirus, firewall, OS — and scores it into every access decision.

Disk encryption BitLocker · FileVault · LUKS
Antivirus & firewall Defender · XProtect · OS firewall
OS & screen lock Version enforcement · lock status
Cyber Essentials Plus certifiedGDPR-readyRegion-pinned data residencyTamper-evident audit

Plans

Security unlocks at Business.

Every plan includes the full self-hosted network. Add Security from Business and above — same policy plane, no migration.

Core

  • Full Network product
  • Secure web gateway
  • Firewall & access policies
Talk to sales
Security included

Business

  • Everything in Core
  • SWG, firewall & access policies
  • Device policies & audit trail
Talk to sales

Enterprise

  • Everything in Business
  • Posture & trust score enforcement
  • Custom audit retention & SLAs
Talk to sales

Full feature breakdown on the plans page →

Better together

Network comes with every plan.

Security runs on the Pulse Network — and Network is included in every tier, including yours. The policy plane that enforces your traffic also routes it, with managed gateways, egress and DNS built in.

  • You already have it — Network ships in every plan.
  • One policy model across network and security.
  • Application-aware routing and enforcement, together.
Explore Network