Generation 3 Zero TrustA new trust model for modern infrastructure
Most cybersecurity platforms focus on protecting users and applications. Faction extends Zero Trust principles to infrastructure, OT and IoT devices, data, and AI-enabled operations.
Finally, Zero Trust Has a Secure Foundation
Zero Knowledge Architecture
Faction routes encrypted communications without holding your encryption keys or any decryptable content. Customers have full visibility and control inside of their network, Faction has none.
Owner-Controlled Keys
Organizations create, control and store the keys to their Faction Network. Trust and trust relationships originate with the owner, not the vendor.
Zero Trust for the Cloud
Faction leverages all the benefits of the Cloud, but never trusts centralized infrastructure — even our own — that becomes a high-value target.
Hardware-Embedded Zero Trust
Faction Pods and Portals secure OT, IoT, embedded systems, and infrastructure, making them invisible and unreachable on the Internet.
AI Security
Secure private AI infrastructure and ensure human identity-bound accountability and policy enforcement for Agentic AI.
Cyber Assurance
Independent Cyber Lab inspection and verification of hardware + supply chain and continuous monitoring of network integrity back up Zero Trust.
Trust you can understand and verify
Generation 3 Zero Trust is more than a security philosophy — it is a different architecture. See where Faction sits, what it controls, and how it reduces dependency on centralized infrastructure.
Where Faction sits
Endpoints connect through a Waypoint into a single encrypted overlay that governs networks, devices, data, OT/IoT, and AI. The Waypoint forwards traffic but sees only routing metadata, and the control plane stays off the public internet — reachable only from inside your Faction.
Trust controlled by you, not by us
Traditional cloud ZTNA routes you through a vendor control plane. Faction establishes a direct, encrypted relationship governed by trust the owner creates and holds.
Traditional Cloud ZTNA
Faction
AI security with human control and accountability
Secure your private AI infrastructure in a Faction Network, and deploy a Faction Trust & Control Layer to enforce policy and governance, control access, contain the blast radius, and keep a verified human in the loop.
Built for MSPs and integrators
Deliver Generation 3 cybersecurity to your clients with peace of mind. Client ownership and control of keys and trust ensure that you can never become the point of compromise.
Protection for devices that can't protect themselves
Faction Pods and Portals extend Zero Trust protection to OT and IoT machines and devices that can't protect themselves — regardless of operating system, age, or capability.
Four Zero Trust pillars for your Cyber Security
Networking
Secure networking built around owner-controlled trust and reduced dependence on centralized control infrastructure.
OT & IoT
Protection for the devices traditional, software-only security models struggle to secure.
Data
Encryption and trust governed by the organization rather than third-party vendors.
AI
Identity-bound governance, accountability, and policy enforcement for AI-enabled operations.
Security built around ownership of trust
Deploy alongside existing infrastructure
No rip-and-replace required. Faction is an overlay on what you already operate.
Create owner-controlled trust
Encryption keys that secure your trust relationships are created, controlled and stored by the Faction Network Owner, not Faction.
Authenticate with cryptographic identity
Users and devices are verified out-of-band, impervious to phishing and credential theft.
Escalate to Human Identity when needed
Flexible levels of verification are available when you need to ensure human control and accountability.
Extend protection to OT & IoT
Secure the devices software-only models can't, using Pods, Portals, and embedded capabilities.
Gain Peace of Mind
Your security does not depend on a vendor's infrastructure, untrustworthy hardware, and unknowable Cloud vulnerabilities.
Trust that is verified, not assumed
Generation 3 is more than architecture — it is a commitment to verification. Faction's assurance program applies independent inspection, hardware analysis, and continuous monitoring so trust can be verified, not just claimed.
Independent security testing
Source code and protocol inspection by independent cyber labs.
Hardware assurance
Chip-off and motherboard analysis. ORION Assured.
Continuous monitoring
Assurance is ongoing — not a one-time certification or a checkbox.
The three generations, side by side
Architecture, network visibility, authentication, device coverage, data — and, ultimately, who holds the keys. Here is how the three generations compare across the dimensions that decide an organization's security posture.
| Capability | Gen 1 — VPNs & Firewalls | Gen 2 — Cloud ZTNA / SDN | Gen 3 — Faction |
|---|---|---|---|
| Architecture | Perimeter gateway | Cloud control plane | Zero Knowledge · no public control plane |
| Network visibility | Exposed, scannable | Cloud broker visible | Invisible by default |
| Authentication | Credentials (phishable) | Cloud IAM + 2FA | Out-of-band cryptographic key |
| Certificate authority | Public internet CA | Public internet CA | The network owner is the CA |
| Encryption keys | Gateway-managed | Vendor / cloud-held | Created & held by the owner |
| OT / IoT devices | Unprotected | Software only | Pods, Portals, Modules |
| AI agent control | None | Cloud IAM (vulnerable) | Identity-bound governance |
| Data encryption | In transit only | In transit only | In transit and at rest |
| Cloud Vulnerability | High | Better, but still centralized | Zero — owner holds the keys |
See the architecture in your environment
Request a technical briefing and we'll walk through how Faction establishes trust across your networks, devices, data, and AI.