Enterprise security isn’t broken simply because there aren’t enough tools. It’s broken because the tools don’t work well together and because legacy vendors lock companies into closed, complex, and overpriced products.
In large organizations, managing secure access is often a patchwork of systems: VPNs that only do networking, Identity Providers disconnected from HR teams, and manual processes for managing who gets access to what. The result? Orphaned accounts, shadow IT, and mounting risk.
Defguard helps organizations cut through that chaos.
The problem
Most organizations want to modernize the IT systems, but they’re stuck.
Many modern VPN, identity and access management platforms are cloud-only, which creates compliance issues in regulated industries and environments that require full control over its critical components of the IT systems.
At the same time, WireGuard, the fastest and most efficient open-source VPN protocol available (just under 4,000 lines of code!), lacks native multi-factor authentication making it not a viable alternative for security-conscious organizations. Moreover it lacks many enterprise functionalities and integrations.
As a result, teams are forced to stick with legacy vendors and overly complex and expensive systems – just to satisfy the security requirements.
At the same time, internal workflows are messy:
- Employees have to request access via Jira tickets, email or Slack threads,
- Identity systems that don’t reflect who’s actually employed,
- VPN & other IT system accounts that stay active long after someone leaves the company.
- No one has a clear view of who has access to what.
This creates risk, slows teams down, and drains IT resources.
The solution
Defguard breaks that cycle.
It brings the benefits of modern and flexible VPN & access management with advanced security features and control that enterprises need.
With Defguard, organizations can:
- Finally adopt WireGuard VPN with protocol-level multi-factor authentication (MFA) enforcement,
- Unify VPN, identity, and access lifecycle management (IAM + ALM) in one platform,
- Eliminate multiple tools, reduce complexity, and manual workflows.
It’s the first platform to combine these three functions in a self-hosted platform that fits the enterprise needs including those of regulated sectors and high-security environments.
It’s also the first platform to add support for MFA directly at the WireGuard protocol level, removing the key blocker that has prevented many organizations from adopting this modern VPN.
This approach has already resonated with industry experts and teams in both large and mid-sized organizations – especially those who’ve lived through the headaches of closed, black-box systems that are difficult to integrate and impossible to fully control.
Why now
New regulations like NIS2, GDPR, and eIDAS 2.0 are forcing companies to rethink how they manage, audit, and secure infrastructure access.
Digital sovereignty concerns and geopolitical pressure are accelerating the shift away from foreign-controlled, cloud-hosted infrastructure.
Organizations need tools that give them:
- Full control over their access stack,
- Local hosting and deployment options,
- Transparency over how critical elements of IT security infrastructure are implemented.
Defguard delivers exactly that at the right time.
Why we invested
1. A real, widespread pain point
Defguard tackles a universal problem: fragmented and insecure access management.
It’s the first open-source platform to integrate VPN, IAM, and ALM into one system. This reduces complexity, eliminates tool fragmentation, and ultimately lowers total cost of ownership.
2. Unique positioning
Defguard identified a specific blocker faced by organizations who want to adopt WireGuard – it lacks multi-factor authentication (MFA). Defguard is the first solution to offer MFA at the WireGuard protocol level, spreading fast among early adopters given its open-source distribution model.
3. Perfect timing
New rules like NIS2, GDPR, and eIDAS 2.0 are forcing companies to rethink how they secure and audit access. Defguard is built for that shift.
At the same time, geopolitical pressure is pushing organizations away from foreign-controlled infrastructure. Defguard’s self-hosted, open-source model gives them the control and transparency they need.
4. Traction without marketing
Defguard already has strong open-source momentum and early enterprise adoption, all without a sales team or marketing spend.
Over 2,000 downloads of the latest OSS version, over 1,000 monthly active users, popularity among the community on GitHub (1.7k stars), first paid PoCs and enterprise deployments to over 30 companies. This is strong, organic validation.
5. Market potential
The ZTNA, IAM, and DevSecOps markets exceed $60B and are growing >13% annually.
In the EU alone, over 100,000 organizations match Defguard’s ideal customer profile and globally, the number is over 500,000. Regulatory tailwinds will only accelerate adoption.
6. A team that’s all-in
Founder Robert Olejnik has 25+ years experience in cybersecurity and his team have walked away from a profitable services business to go all-in on Defguard.
They ship fast, listen closely to users, and deeply understand the cybersecurity space.
Co-founder Michał Gryczka brings strong go-to-market and commercial experience, creating a well-balanced founding team.
7. Clear exit potential
The enterprise security space is consolidating fast. With its unique tech and proven demand, Defguard’s unique positioning and traction make it a likely target for strategic acquirers.
8. Our experience in open-source projects
Maciej Zawadziński, one of the founding partners at our fund, previously built and scaled Piwik PRO, a privacy-focused Google Analytics alternative rooted in open-source. We’ve seen what it takes to turn OSS into a powerful enterprise business and we believe Defguard has even bigger potential, especially given its technical user base (unlike marketers in the case of Piwik) and infrastructure-first positioning.
Defguard is what enterprise security should have looked like years ago. We’re backing the team that’s finally building it.