Draft:Twingate


Twingate
Company type
Private
IndustryCybersecurity
Founded2019
HeadquartersRedwood City, California, U.S.
Key people
Tony Huie, Lior Rozner, Alex Marshall
ProductsZero Trust Network Access
Websitetwingate.com

Twingate is an American software company headquartered in Redwood City, California. It develops a Zero Trust Network Access (ZTNA) platform designed to replace traditional corporate VPNs by granting users access only to the specific resources they are authorized to use, rather than routing all traffic through a central corporate network.[1]

History

Twingate was founded in 2019 by Tony Huie, Lior Rozner, and Alex Marshall, and was co-incubated by venture firms WndrCo, 8VC, and SignalFire.[2] Huie, who serves as CEO, and Marshall, the Chief Product Officer, are alumni of Dropbox. Rozner, the Chief Technology Officer, was a software architect at Microsoft.[3]

The company publicly launched its product in October 2020, announcing a Series A funding round of $17 million from WndrCo, 8VC, SignalFire, and Green Bay Ventures. Dropbox co-founders Drew Houston and Arash Ferdowsi also participated as individual investors.[1][3]

In April 2022, Twingate raised a Series B round of $42 million led by BOND, valuing the company at $400 million and bringing total funding to $67 million.[2][4]

Product

Twingate's platform is built on a zero trust security model, which requires continuous verification of user identity, device security status, and contextual signals before granting access to any resource. Unlike a traditional VPN, which connects a device to a corporate network as a whole, Twingate enforces granular, per-resource access controls based on factors such as user identity, device security posture, time of login, and geographic location.[5]

The platform uses split tunneling to route only work-related traffic through its network, leaving other traffic unaffected. It employs AES-256 encryption and SSL/TLS protocols to secure data in transit, and supports multi-factor authentication (MFA) and single sign-on (SSO) integration with providers including Okta and Azure AD. It also integrates with mobile device management (MDM) and endpoint protection platforms, with activity logging supported via third-party tools such as Datadog, Elastic, and Splunk — capabilities that TechRadar notes are designed to support compliance with CPRA, GDPR, PCI DSS, and SOC 2.[5]

Architecture

Twingate's network architecture consists of four components: a Client installed on the user's device, a Controller (managed by Twingate) that manages access policy and issues signed authorizations — delegating user authentication to a third-party identity provider — a Relay (managed by Twingate) used as a fallback connection point when a direct connection cannot be established, and a Connector deployed behind the firewall of a customer's private network.[6] The architecture is designed so that no single component can independently authorize traffic; access decisions require confirmation from at least two components before data flows to a resource.[7]

Unlike traditional VPN architectures, which route all traffic through a central gateway, Twingate uses NAT traversal to establish direct, peer-to-peer encrypted tunnels between the Client and Connector where network conditions allow, with the Relay serving as a fallback when a direct connection cannot be established.[7]

QUIC transport protocol

Twingate uses QUIC, a transport-layer network protocol originally developed by Google and standardized by the IETF in RFC 9000. It is also proposed as the underlying transport for HTTP/3. QUIC is built on UDP rather than TCP, which is the foundation of most traditional VPN tunnels.[8][9]

A key limitation of TCP-based tunnels is head-of-line blocking: because TCP guarantees ordered delivery over a single stream, packet loss affecting one data flow stalls all other concurrent flows sharing the same connection. QUIC addresses this by multiplexing independent data streams over a single connection, so that packet loss on one stream does not affect others. Twingate maps traffic from any number of applications on the client device to individual QUIC streams, delivering them concurrently to connectors and resources across its distributed architecture.[8]

Beyond resolving head-of-line blocking, QUIC introduces several other characteristics relevant to enterprise remote access:

  • Faster connection establishment: QUIC completes the initial handshake in a single round-trip (versus TCP's three-way handshake plus a separate TLS negotiation), and can resume prior connections with zero additional round trips.
  • Connection migration: QUIC connections survive client-side IP address or port changes — such as when a user switches between Wi-Fi and a cellular network — without dropping the session. Traditional TCP-based VPN connections must be re-established in this scenario.
  • Improved packet loss recovery: Although QUIC is UDP-based and therefore unreliable at the transport layer, it implements its own reliable delivery mechanisms. These incorporate lessons from TCP's development history without being constrained by TCP's legacy wire format, and are generally more efficient at recovering from packet loss than TCP in high-latency or lossy network conditions.[8][9]

References

  1. ^ a b Crichton, Danny (October 28, 2020). "That dreadful VPN might finally be dead thanks to Twingate, a new startup built by Dropbox alums". TechCrunch. Retrieved June 6, 2026.
  2. ^ a b Cai, Kenrick (April 14, 2022). "This Cybersecurity Startup Aimed At Taking Down VPNs Is Now Worth $400 Million". Forbes. Retrieved June 6, 2026.
  3. ^ a b Holmes, Aaron (December 29, 2020). "Read the pitch deck that Dropbox alumni used to raise $17 million for Twingate, a startup that aims to kill off a 'hated' part of remote workplace security". Business Insider. Retrieved June 6, 2026.
  4. ^ "Twingate Raises a $42 Million Series B Led by BOND to Accelerate the Adoption of Zero Trust" (Press release). PR Newswire. April 14, 2022. Retrieved June 6, 2026.
  5. ^ a b Fadilpašić, Sead (November 6, 2024). "Twingate review". TechRadar. Retrieved June 6, 2026.
  6. ^ "How Twingate Works". Twingate. Retrieved June 6, 2026.
  7. ^ a b "How Twingate Works". Twingate. Retrieved June 6, 2026.
  8. ^ a b c "Network Connectivity for Zero Trust". Twingate. Retrieved June 6, 2026.
  9. ^ a b "Peer-to-Peer Communication in Twingate". Twingate. Retrieved June 6, 2026.

Category:Software companies based in California Category:Computer network security Category:Zero trust security Category:Companies based in Redwood City, California Category:Software companies established in 2019 Category:Cybersecurity companies

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.