The Cloud Native
Automated Moving-Target Defense

animated GIF of Hopr AMTD and rotation with cloud machines

By 2025, the worldwide cost of cyber crime  is estimated to exceed $10 trillion annually.

92% of API attacks reported were against public-facing API endpoints.

84% of API attacks against financial/insurance APIs were authenticated, but were actually threat actors.

The API data breach rate in 2023 is on pace to exceed more than one billion data records.

61% of IT professionals say that the theft or misuse of machine identities is a serious concern.

By 2026, more than 90% of enterprises will operate in multiple clouds, and face increased complexity.

How to solve significant workload, API, and data protection challenges

Trust of workload identities

  • By 2026, it’s estimated that new  devices  will connect to the Internet at a rate of 5,000 per minute!
  • Workload identity trust is constrained by many different identity domains.
  • Centralized identity services within identity domains complicates interoperability and security.
  • Automated certs are issued to workload without vetting for trust.
  • With today's 'certs', the chain of trust ends at the Cert Authority.

Hopr's solution:

Decentralized machine identities that reside with and are managed by endpoints. Identity is verified each time workloads connect, building a chain-of-trust in the workload itself.

Vulnerable transport security 

  • Legacy transport protocols are not supported everywhere in the cloud.
  • Encryption gaps expose data to loss or tampering
  • Session key is vulnerable to intercept.

Hopr's solution:

On-demand, comprehensive, end-to-end encrypted connections (without a key exchange)  ensure the  confidentiality and integrity of data in transit everywhere between endpoints.

See the WoSP in operation

Click the image at left to watch a 3:36 (min:sec) recorded demo of Hopr WoSPs protecting workload endpoints, end-to-end encrypting messages, and refusing access from untrusted connections.
Learn How It Works

Access control at endpoints

  • Threat actors have proven abilities to bypass perimeter security controls.
  • They can identify critical endpoints, avoid detection, and launch attacks.
  • Annual losses from unauthorized access amount to billions of dollars.

Hopr's solution:

Our patented CHIPS™ technology enables rotation of  credentials at a high frequency to create a moving target defense that prevents threat actors from gaining the information they need for an attack.

Theft of static credentials

  • Endpoint access credentials are static and seldom change.
  • Credential theft is an attractive and preferred attack method.
  • It’s estimated that >75% of API attacks occur on authenticated APIs.
  • Threat detection and response is slow and plagued by false positives.

Hopr's solution:

Real-time high-frequency rotation of endpoint identity and secret credentials prevents many methods of endpoint attack.

Learn about a new kind of cyber defense

Automated Moving Target Defense (AMTD) has been described by Gartner as “the future of cyber.” Hopr’s AMTD is a cloud native form that protects containerized workloads, APIs, and data in transit across all clouds. Read our FREE white paper to learn the basics of cloud native AMTD.
Don’t become a threat statistic.

Add Cloud Native AMTD to your cybersecurity architecture.
Abstract graphic icon of a workload   connected to Hopr algorithm
Hopr named a tech innovator in Gartner's
"Emerging Tech: Security — Tech Innovators in Automated Moving Target Defense"

Experts Agree on the Value of a Moving Target Defense

“I am a big fan of this defensive strategy.
Adversaries spend 90% of their time in attack planning, this prevents them from launching an attack.”
SVP Security, Global Financial Services

Want more detail? Learn from our FREE resources.

We curated a collection of white papers, videos, and webinars in our ‘Discovery’ library. The resources are FREE with an email. We also have public resources available from the site navbar menu.
Get Free Discovery Resources

Business Value in Cloud Native AMTD

Exfiltrated API credentials 

Reduced cyber risk from a cloud native AMTD that verifies identity trust and prevents attacks on valuable resources and data.

Exfiltrated API credentials 

Fast time-to-value with self-serve onboarding and simple “low-code” DevOps -friendly configuration and deployment.

Exfiltrated API credentials 

Low adoption cost since changes to existing application or API code are  not required.

Exfiltrated API credentials 

Improved cost efficiency from “cert-free“ cloud native technology, low complexity, and low consumption pricing.

Compelling Advantages

Capability

Others

DECENTRALIZED IDENTITY
With Hopr, workloads carry their own identity and secrets management system.
CENTRALIZED IDENTITY
Multiple external identity, key, and secrets management services constrain connectivity and increase costs.
ATTACK PREVENTION
‍Hopr rotates credentials at a high frequency to prevent theft and misus
VULNERABLE CREDENTIALS
Static credentials are discovered, stolen, and used in cyber attacks.
DATA SECURITY
Hopr achieves comprehensive end-to-end protection of data in transit
DATA EXPOSURE
TLS/mTLS encryption is discontinuous and vulnerable to session key intercept
REJECT UNTRUSTED SOURCES
With Hopr, connections from untrusted sources are blocked from connecting to an endpoint.
UNTRUSTED CONNECTIONS
Access controls are unable to prevent threat access.
See the complete list of Hopr features

Award Winning Innovations

Image of the gold and silver 2023 Globee Cybersecurity World Awards

Exfiltrated API credentials 

Identity Trust Verification. Workload identity trust is established once at deployment and then verified frequently.

Exfiltrated API credentials 

Synchronous Ephemeral Encryption (SEE™). End-to-end encryption (without a key exchange) assures data privacy and integrity of data in transit everywhere.

Exfiltrated API credentials 

Tokenless Authentication. Ingress messages must pass SEE™ decryption to be recognized (authenticated) as originating from a legitimate sender.
Untrusted Message Rejection. Untrusted ingress messages fail SEE™ decryption and  are immediately discarded.
High Frequency Rotation. Identities and secrets of workloads rotate at a high frequency to prevent theft and misuse.
Learn How These Work

Our Latest Insightful Articles

Machine Identity - Avoid the Crisis

A Looming Crisis

Gartner, Emerging Tech: Security — Tech Innovators in Automated Moving Target Defense, Mark Pohto, and Carl Manion, 6 June 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.