Breaking
APR 2024: Zscaler acquires Airgap Networks to go east-west  •  $18.6M total raised  •  Industry-first Ransomware Kill Switch  •  Every device gets a /32 "network of one"  •  Agentless zero trust segmentation  •  Founded 2019 in Santa Clara  •  APR 2024: Zscaler acquires Airgap Networks to go east-west  •  $18.6M total raised  •  Industry-first Ransomware Kill Switch  •  Every device gets a /32 "network of one"  •  Agentless zero trust segmentation  •  Founded 2019 in Santa Clara  • 
Company Profile · Cybersecurity

Airgap Networks

The startup that decided ransomware's real problem wasn't getting in - it was moving sideways. So they put every device in a network of one. Then Zscaler bought the whole idea.

Santa Clara, CA Founded 2019 Acquired by Zscaler · 2024 Series A · $18.6M
Airgap Networks logo
The Airgap Networks wordmark, salvaged from the company's old homepage - which now quietly redirects everyone to Zscaler.

In a Santa Clara office in 2019, two Juniper Networks veterans looked at the way enterprises segment their networks - thousands of firewall rules, brittle NACs, endless spreadsheets - and decided the whole approach was backwards. Five years later, Zscaler agreed with them by writing a check.

Who they are now

A bet that became a feature

Airgap Networks no longer exists as a standalone company. As of April 2024 it lives inside Zscaler, the cloud-security giant, as the engine behind a feature called Zero Trust Device Segmentation. Visit airgap.io today and you don't land on a scrappy startup page - you land in Zscaler's product catalog.

That is, in the unsentimental arithmetic of enterprise software, a happy ending. Airgap had a sharp idea about a stubborn problem, built it into a product, sold it to enough customers to matter, and got acquired by the company best positioned to scale it. The technology didn't die. It graduated.

"Airgap was formed with the mission to simplify and secure business-critical infrastructure."

- The company's founding mission
The problem they saw

Ransomware doesn't break in. It spreads.

Here is the uncomfortable truth Airgap built a company around: most security spending guards the front door, but ransomware does its real damage after it's already inside. One compromised laptop, one unpatched IoT sensor, one forgotten factory controller - and the malware walks laterally across a flat internal network, encrypting everything it can reach.

The traditional fix is segmentation: chop the network into zones so a breach in one can't infect the rest. Sensible in theory. Miserable in practice. It means east-west firewalls, network access control appliances, VLAN gymnastics, and a maintenance burden that grows with every new device. And the devices that need it most - headless IoT, legacy servers, operational-technology gear in factories and hospitals - are exactly the ones that can't run a security agent.

"Their agentless approach was a total re-think of the complexity of legacy segmentation."

- On Airgap's design philosophy
The founders' bet

Two networking lifers, one contrarian idea

Ritesh Agrawal spent the better part of two decades at Juniper Networks, much of it running product management for the company's security portfolio. His co-founder Satish Mohan brought deep networking architecture chops. Between them they had seen enough firewall rule sets to develop a healthy allergy to them.

Their bet was almost cheeky: what if segmentation didn't need agents, APIs, or a forklift upgrade of the network at all? What if you could enforce zero trust using a protocol that was already running on every network on earth - the humble, 30-year-old DHCP that quietly hands out IP addresses?

2019
Founded
2
Co-founders
$18.6M
Total raised
2024
Acquired

Four numbers that bracket a company's entire life. The middle two are the ones investors care about.

The product

A network of one

The clever bit works like this. Airgap's DHCP proxy intercepts every device's request to join the network and hands it a /32 address - a subnet containing exactly one host - plus a default gateway pointing at Airgap itself. The result: each device thinks it is alone on the network. Every conversation it tries to have routes through Airgap first, where identity and context decide whether it's allowed.

No agent on the endpoint. No change to the existing switches and routers. It works on the printer, the MRI machine, the PLC on the factory floor, the static-IP server nobody dares reboot. Then there's the headline act: the Ransomware Kill Switch, a one-click control that severs all non-essential device-to-device traffic the instant an attack is detected - stopping the spread without unplugging the business.

Agentless Segmentation

Identity-based isolation for every device, with zero endpoint software and no infrastructure changes.

Ransomware Kill Switch

One click halts lateral spread by cutting non-essential traffic - business stays online.

DHCP "Network of One"

A patented proxy assigns each endpoint a /32, turning the LAN into a million private segments.

Device Discovery

Automatic, agentless inventory and classification of unmanaged IoT and OT devices.

"A /32 for every device. Airgap made micro-segmentation actually micro."

- The whole pitch, in one line

The five-year arc

2019
Founded in Santa Clara by Ritesh Agrawal and Satish Mohan, both Juniper Networks alumni.
2020
Early funding from Cervin Ventures, Engineering Capital, and Sorenson Ventures; the agentless platform takes shape.
2022
$13.4M Series A led by Storm Ventures to ship the industry-first Ransomware Kill Switch. Total raised reaches $18.6M.
2023
Scaling the Zero Trust Firewall across IT, IoT, and OT deployments in branches, campuses, and factories.
2024
Acquired by Zscaler (terms undisclosed) to power firewall-free east-west segmentation inside its Zero Trust SASE platform.
The proof

The money followed the logic

Investors are not a moral authority, but they are a useful skeptic. Airgap raised a $13.4M Series A led by Storm Ventures in April 2022, on top of earlier rounds from Cervin Ventures, Engineering Capital, and Sorenson Ventures - $18.6M in total. The cap table also picked up notable security operators as angels, including Manoj Apte, Josh Leslie, Anuj Kapur, and Robert Tinker.

Funding, stacked

USD raised, by stage (approximate)
Early rounds
$5.2M
Series A (2022)
$13.4M
Total
$18.6M

Bars scaled to the Series A. The acquisition price? Undisclosed - the polite enterprise way of saying "more than this, we hope."

The bigger validation came from the buyer. Zscaler doesn't acquire often, and when it does, it's filling a specific gap. Airgap filled the east-west one - the lateral traffic inside a network that Zscaler's cloud-delivered security historically didn't touch.

"Combining Zscaler's Zero Trust SD-WAN with Airgap's agentless segmentation transforms how enterprises bring zero trust to IoT/OT and critical infrastructure."

- Zscaler, on the acquisition rationale
The mission

Make the hard thing boring

Strip away the acronyms and Airgap's mission was almost modest: simplify and secure the infrastructure businesses can't afford to lose. The radical part wasn't ambition - it was the refusal to accept that good security had to be complicated. Segmentation, they argued, should be something you turn on, not a multi-year project staffed by a firewall priesthood.

The devices most likely to get a network compromised - unmanaged, legacy, headless - are precisely the ones legacy tools can't protect. Airgap's answer was to protect them anyway, without asking them to change.

For security teams, that translated to practical things: discover every device on the network, contain a ransomware outbreak before it metastasizes, and do it without ripping out the switches. Boring, in the best possible way.

Why it matters tomorrow

The idea outlived the logo

Airgap competed in a crowded field - Illumio, Akamai Guardicore, Cisco, Zero Networks, Elisity, Forescout - all chasing the same goal of stopping lateral movement. Most of them still ask you to deploy something on the endpoint or rebuild your network policy. Airgap's wager was that the winning approach would be the one that demanded the least.

That wager is now Zscaler's to scale. As factories, hospitals, and offices fill with billions of devices that will never run a security agent, agentless segmentation stops being clever and starts being necessary. The startup is gone; the architecture is spreading.

So return to that Santa Clara office in 2019. Two networking veterans, tired of firewall spreadsheets, sketching a way to give every device its own private network using a protocol everyone else ignored. The office is closed now. The whiteboard idea ships inside one of the largest security platforms in the world. The sideways problem they set out to solve is, increasingly, somebody else's solved problem.

Field notes

Things worth knowing

Old protocol, new trick

Airgap weaponized DHCP - 1990s plumbing - as a zero trust enforcement point.

Juniper DNA

Both founders came out of Juniper Networks, where they'd seen segmentation done the hard way.

The redirect

airgap.io now sends every visitor straight into Zscaler's product pages. Tidy.

Watch

Interviews & demos

SearchRitesh Agrawal interviews SearchRansomware Kill Switch demo SearchZscaler Device Segmentation

Direct video links weren't confirmed at publish time, so these point to fresh searches rather than a dead URL. Honest is better than broken.

The paper trail

Website LinkedIn Medium Ritesh Agrawal Acquisition Blog Crunchbase SiliconANGLE SDxCentral