Defguard’s Next Chapter: Scaling a Self-Hosted Open-Source Security Platform

• Defguard launched 2.0, its re-architected platform improving deployment, scalability, and usability
• The product unifies VPN, IAM, and ALM into a single self-hosted platform
• The company’s ISO 27001 certification unlocked regulated clients and accelerated enterprise adoption
• Defguard’s ambition includes expansion into high-security sectors and scaling partner-driven enterprise growth

This April, the fairly young but already well-known Polish cyber security startup Defguard rolled out the beta version of its 2.0 unified security platform. The new version is a fully re-architected platform with a new multi-component design, built-in certificate authority and SSL, improved deployment and migration workflows, and foundations for high availability and scalable Zero Trust infrastructure.

Defguard in Recap

Defguard initially evolved from earlier internal tools built by its co-founders Robert Olejnik (CEO) and Michał Gryczka (CRO) at Teonite, particularly a remote access solution developed around 2008–2009, and was formally shaped into a standalone product around 2021 before gaining its first paying customers in 2024 and fully pivoting the company toward it in 2025.

Its core offering is a self-hosted, open-source security platform that unifies VPN, identity and access management (IAM), and access lifecycle management (ALM) into a single system, addressing the fragmentation and complexity of enterprise security tools. The platform is built on the WireGuard protocol and introduces protocol-level multi-factor authentication, along with features like centralized access control, SSO integration, and firewall capabilities, making it suitable for organizations with high security and compliance requirements.

Trend Toward Integrated Zero Trust Platforms

‘For the user – regardless of whether that’s an individual juggling 100 online accounts or an IT administrator overseeing hundreds of employees – the fatigue of managing a dozen different security tools is real. Every additional app, service, and dashboard, all with disparate interfaces and policies, creates a potential security gap, and headache. When it’s all too complicated, people take shortcuts, and that’s what attackers exploit,’ NordPass‘ head of product Karolis Arbačiauskas comments.

‘Demand for solutions that combine VPN access, identity management, and device posture control within a single product is indeed growing. Organizations are seeking to reduce the complexity of their IT landscape and move away from a set of fragmented tools—VPN, MDM/UEM, separate MFA services, and access control solutions—toward integrated platforms with centralized management. This approach aligns logically with Zero Trust principles, where not only the fact of network connection matters, but also user identity, access context, and device compliance with security requirements,’ Olga Voloshyna of the Committee on IT and Cyber Security of the German-Ukrainian Chamber of Industry and Commerce adds.

Sovereignty and Transparency as Core Positioning

Defguard positions itself as an alternative to closed, cloud-based security vendors by emphasizing transparency, customization, and full control over infrastructure through self-hosting. Its approach aligns with growing European demand for digital sovereignty and regulatory compliance, particularly as companies seek to reduce reliance on foreign-controlled systems and regain control over sensitive data and access management. 

The founders emphasize that Defguard’s core differentiator is its hardware and OS-agnostic architecture that enables on-premise deployment with full organizational control and transparency. Unlike competitors relying partially or fully on cloud infrastructure, Defguard allows companies to deploy on their own equipment and data centers while maintaining open-source visibility into all operations. This sovereignty focus, combined with enterprise features, including IDP integration, connection-level MFA, and enterprise support, uniquely positions Defguard as the solution meeting the criteria of regulated enterprises seeking modern, transparent, and controllable VPN infrastructure.

Fixing Complexity Without Sacrificing Security

Mr Gryczka specifies that the biggest friction point in Defguard 1.0 was its deployment and configuration complexity stemming from the secure-by-design architecture: an isolated control plane (internal network only) and external edge/gateway components (public-facing), requiring administrators to set up separate machines, configure networks, and generate certificates securing inter-component communication. This multi-step process reportedly caused struggles during PoCs and deployments, with admins frequently asking questions and making configuration errors.

Defguard 2.0 addressed this by automating these actions through wizards, guiding users through setup without requiring manual configuration file editing, enabling faster PoCs and approaching appliance-level simplicity while maintaining the security-by-design architecture.

This represents significant product maturation while maintaining its open-source and transparent nature. The 2.0 release includes a completely rewritten UI/UX, strengthened security architecture, and usability improvements such as wizards for gateway adoption and automated configurations.

Defguard 2.0 significantly simplified both administrative setup and end-user onboarding

• For end users, improvements include one-click desktop client activation and automated zero-touch enrollment where admins can enroll users without user action, assuming device control.
• For administrators, the 2.0 release replaced manual configuration of environment variables with graphical wizards that automate security communication, certificate generation, gateway adoption, and high-availability configuration.

These changes address a major pain point where admins previously struggled with complex multi-step setup processes, enabling faster proof-of-concept deployments and compliance-level appliance-like ease of use.

Targeting Enterprise and Regulated Industries

The product has been tailored to meet the needs of medium-to-large organizations, with planned additions of device posture policies and hardware encryption in upcoming releases. With Defguard 2.0, the company’s customer base expands to high-security segments including data centers, hosting providers, technology companies, manufacturing, and health tech—all requiring NIS2 compliance, transparency, and data sovereignty. The startup targets medium-to-large organizations as an alternative to legacy VPN solutions. According to the team, the shift toward larger clients is driven by geopolitical pressures and the obsolescence of legacy protocols (SSL VPN, IPsec, IKE) that vendors are actively withdrawing. Combined with enterprise-grade features like user management, logging, and auditing, Defguard’s WireGuard protocol is more secure and faster than legacy alternatives. Large enterprises migrating from legacy solutions find DefGuard particularly attractive because it addresses their regulatory compliance needs while providing a modern, open-source alternative to proprietary black-box solutions.

Mr Gryczka lists several factors driving Defguard’s customer acquisition:

• approximately 50% are motivated by regulatory requirements (NIS2 in Europe, insurance policies globally) and the growing mandate for MFA on publicly exposed systems;
• another significant portion seeks to withdraw from insecure legacy protocols (SSL VPN, IPsec) and adopt the modern WireGuard protocol;
• security awareness and recent high-profile breaches in legacy solutions create additional pressure to evaluate alternatives;
• and a notable segment generally values modern, consumer-grade UI/UX over the outdated interfaces of 1990s-era solutions.

These factors collectively drive organizations to DefGuard as a comprehensive solution addressing security, compliance, modernization, and usability concerns.

Certification, Validation, and Expansion

Importantly, DefGuard obtained ISO 27001 certification earlier this year. Ms Voloshyna remarks that obtaining an ISO 27001 certification is definitely a result of a costly and complicated project that could only succeed with full support of the company management and tightly-knit teamwork. The comprehensive approach to the informational security management system implementation, including the formalization of the critical business processes and the company’s assets, the development of the set of regulatory documents, the systematic evaluation of the informational systems’ security, and the effective risk management, – all this allows a company to ensure the high level of its cyber security and its responsible attitude toward informational security.

This certification proved critical for engaging regulated organizations that previously viewed Defguard as promising but requiring formal compliance validation. It enabled conversations with companies in regulated industries and directly contributed to customer base expansion toward larger organizations with stricter requirements.

European Focus, Global Opportunity, and Measurable Market Impact

Notably, while Defguard primarily targets European clients (where ISO 27001 carries significant weight and the company’s value proposition aligns with demand for alternatives to American solutions), this certification unexpectedly turned out convincing for US customers, including municipalities and non-government organizations.

That said, Defguard’s strategy involves serving global customers while concentrating marketing and sales efforts on Europe, where the company’s unique value proposition (sovereignty, open-source transparency, alternative to non-European solutions) aligns best with market expectations. Given Defguard’s pre-seed stage and limited capacity, the company is prioritizing Europe where it observes significant traction and substantial untapped opportunity, rather than dispersing resources across multiple regions. At that, DefGuard remains open to other markets and does not actively exclude non-European customers seeking its solutions.

To demonstrate Defguard’s meaningful market impact within one year Mr Gryczka outlines two key metrics:

• adoption by highest-security organizations (medical, hospitals, military, defense) where DefGuard is ideally suited;
• expansion of the partner network.

According to him, the fact that established MSSPs (managed security service providers) are evidently replacing well-known legacy solutions with Defguard validates the product’s market viability and signals genuine market disruption rather than incremental improvement. Meanwhile, growing the partner network is central to DefGuard’s strategy for proving it is fundamentally shifting the market.

Defguard’s trajectory serves as a clear illustration of a broader shift in cyber security toward sovereignty, transparency, and control, particularly in Europe where regulatory pressure and geopolitical realities are reshaping infrastructure choices. By combining open-source principles with enterprise-grade capabilities, the company is positioning itself as a credible alternative to opaque, cloud-dependent security stacks. The rollout of Defguard 2.0 marks a critical inflection point—transforming a technically strong but complex solution into a scalable, accessible platform capable of meeting the demands of regulated, security-conscious organizations at scale.