← All Insights
Cybersecurity / Zero Trust Networking
NetBird
An open-source networking platform with genuine infrastructure sovereignty -- using the same "simple and secure" language that Tailscale already owns.
An open-source networking platform with genuine infrastructure sovereignty -- using the same "simple and secure" language that Tailscale already owns.
The corporate perimeter is dead, and the technology built to defend it -- the VPN -- is dying with it. Cloud workloads, remote teams, and BYOD dissolved the inside/outside boundary that traditional VPNs were designed to protect. What replaced it is Zero Trust Network Access: the principle that no device, user, or network segment is trusted by default, and every access request is verified independently. The ZTNA market sits at $1.9 billion and is growing at 20-25% annually, driven not by innovation preference but by structural necessity.
Three forces accelerate the shift. Post-pandemic hybrid work created a persistent demand signal -- enterprises now need network access that follows people, not offices. High-profile supply chain and identity breaches triggered board-level Zero Trust mandates. And regulators in the EU (NIS2, DORA) and the US (NIST CSF 2.0) are formalizing the shift from recommendation to requirement. Gartner predicted that 70% of new remote access deployments would rely on ZTNA rather than VPN by 2025 -- a trajectory that shows no signs of reversal.
NetBird, a Berlin-based company backed by an EUR8.5M Series A, occupies a specific position in this market that no other vendor credibly holds. They ship a fully open-source (BSD-3), fully self-hostable Zero Trust networking platform with genuine enterprise controls -- posture checks, SSO, MFA, network segmentation, SIEM streaming. The combination of open source transparency, infrastructure sovereignty, and enterprise-grade access policies is architecturally unique. The problem is that none of this leads the messaging.
The ZTNA market has consolidated into three distinct tiers with different buyers, price points, and definitions of "done." NetBird bridges tiers two and three in a way no other vendor does -- and that bridge position is the positioning opportunity hiding in plain sight.
Tier 1: Enterprise SASE platforms. Zscaler and Cloudflare sit here -- full SASE/SSE platforms with complex procurement, six-figure annual contract values, and CISO-level buyers. NetBird is not competing here today. But Cloudflare keeps expanding free Zero Trust tiers, which pressures everyone below.
Tier 2: Developer mesh tools. Tailscale ($100M+ in funding) and Twingate (~$69M) dominate this tier with polished UX, fast onboarding, and VC-funded growth. Developer-led adoption drives upmarket push. Tailscale owns "simple and convenient." Twingate owns enterprise proxy architecture. This is NetBird's primary competitive zone -- and the zone where its current messaging ("Simple and Secure Remote Access") is indistinguishable from the incumbents.
Tier 3: Open source networking. NetBird, ZeroTier (~$13.5M), and Netmaker live here. Self-hosted, auditable, no vendor lock-in. But ZeroTier's enterprise controls are basic. Netmaker's community is smaller. NetBird uniquely combines tier 3 openness with tier 2 enterprise controls -- and that intersection is the structural advantage.
| Dimension | NetBird | Tailscale | Twingate | ZeroTier |
|---|---|---|---|---|
| Architecture | P2P mesh, no gateway | Mesh VPN | Cloud proxy | P2P networking |
| Open Source | Full (BSD-3) | Partial (client only) | No | Yes (BSL) |
| Self-Hosted | Yes -- full stack | Limited | No | Yes |
| Enterprise ZTNA | Posture checks, SSO, policies | Growing fast | Strong | Basic |
| Primary Target | Security-conscious IT | Developers | Enterprise | Dev / IoT |
| Funding | EUR8.5M Series A | ~$100M+ | ~$69M | ~$13.5M |
The competitive clock is running. Tailscale is pushing upmarket with enterprise features. Cloudflare keeps expanding free Zero Trust tiers. The gap between "developer mesh tool" and "enterprise infrastructure platform" is where NetBird can plant its flag -- but it requires deliberate positioning, not feature iteration. The window for establishing category leadership in sovereign networking is real, and it will not remain open indefinitely.
B Clarity. The current homepage headline -- "Simple and Secure Remote Access" -- describes the category accurately. So does every competitor. "Remote access" and "Zero Trust" are table-stakes terms that create no distinction. A buyer who has never heard of NetBird learns nothing about why this company exists from the headline.
C Differentiation. Nothing in the headline or sub-head signals what makes NetBird different from Tailscale, Twingate, or ZeroTier. The three genuine differentiators -- full-stack open source, infrastructure sovereignty, and P2P mesh with enterprise controls -- are absent from the positioning lead. Open source is treated as a feature spec. Self-hosting is a checkbox. The sovereignty argument that would resonate with regulated-industry buyers is invisible.
B Believability. The proof points are real and visible -- SSO, posture checks, WireGuard heritage, GitHub stars. But they are features, not stories. They do not tell a narrative about why those features matter to a specific buyer. The MSP Portal launch -- enabling Select Tech Group to manage 55+ customer sites through a single NetBird instance -- is buried in product notes when it should be leading a platform narrative.
The core tension: Every enterprise buying ZTNA is implicitly asking: "How much of my network security am I willing to trust to someone else's cloud?" Tailscale's answer is "a lot -- and that's fine." NetBird's answer is "none -- and here's why that matters." The current messaging does not voice that tension. "Simple and Secure Remote Access" is Tailscale's positioning ground. NetBird is fighting on someone else's territory with a smaller brand and smaller budget. The shift from "simple and secure remote access" to "the enterprise network layer you actually control" moves NetBird from competing on convenience to owning a distinct category: sovereign enterprise networking.
The homepage needs to be rewritten around the core buyer tension: Tailscale-level ease, with the control enterprises actually require. Open source and self-hosting should be the lead value proposition, not a footnote in the features section. The BSD-3 license is not a developer preference -- it is a compliance and trust argument. Audit rights satisfy SOC 2, ISO 27001, and government procurement requirements. For a CISO evaluating supply chain risk after reading an NIS2 brief, the distinction between Tailscale's client-only open source model and NetBird's full-stack auditability is decisive. NetBird is Berlin-based. That is not a fun fact. It is a market signal in a regulatory environment that increasingly prefers EU-based, auditable infrastructure providers. Every word of the hero copy should speak to the buyer who got burned by a SaaS dependency -- not the developer who wants a faster VPN.
Select Tech Group managing 55+ customer sites through NetBird's MSP Portal is a reference customer hiding in plain sight. This is not a feature release. It is a platform architecture signal -- multi-tenancy, delegation hierarchies, partner economics. One MSP partner is potentially dozens of end-customer deployments. The MSP channel offers compounding leverage that direct sales cannot match. NetBird should be framed not as "what MSPs use internally" but as "what MSPs deploy for their clients" -- a platform position, not a tool position. A dedicated landing page, a partner case study, and a transparent partner pricing tier would surface a go-to-market motion that the product already supports but the website does not acknowledge.
A third opportunity involves building a "Sovereign Networking" vertical GTM for fintech, healthcare, and EU public sector -- the three verticals where data residency and supply chain audit rights create hard vendor requirements that Tailscale and Twingate structurally cannot meet. A fourth concerns instrumenting the self-hosted user base to surface expansion revenue signals and convert security-motivated open source installs into paying enterprise accounts. Both require deeper understanding of NetBird's current user segmentation and conversion data.
ProductBeacon monitors product leadership signals across European tech companies. NetBird appeared on our radar through a combination of strong open-source community traction, an EUR8.5M Series A, and signals suggesting the company was at an inflection point where developer-led growth needed to transition to deliberate enterprise positioning. This analysis was created without any contact with the company, using only publicly available information (website, LinkedIn, press releases, job postings, and industry databases).
Analyst: Yohay Etsion, Managing Director, ProductBeacon. 17 years leading product organizations at NICE and Cognyte.
We build these analyses for companies where the product has a genuine structural advantage that the messaging treats as a footnote. If your most defensible claim is not your headline, we should talk.
Request a Diagnostic