NEW
XTRA Beta is now available to enterprises
x

A moving-target defense

Protection for workloads, APIs, and the data they exchange

Animated abstract graphic of cloud machines operating with hopr kerberos for the cloud moving target defense
We help enterprises

protect workloads and their data.

prevent misuse of workload credentials.

harden workloads and block malicious traffic.

secure data in transit over any route.

verify trust in workloads at each session.

Discover a winning defense

Schedule a 15-minute discovery call with one of our experts to discuss your needs and learn if Hopr's moving-target defense can enhance the protection of your critical business services.
Schedule a Call

Stop Threats
Before They Become A Problem

Malicious API traffic grew by 117% in the past year

  • Malicious API traffic targets sensitive workloads and PII data
  • Use of APIs to support critical business processes is growing
  • API security incidents are common, suggesting that existing tools aren't stopping attackers

Hopr's solution:

We verify the identity of trusted workloads at every session through a novel protocol. And apply end-to-end message encryption to block all malicious traffic.

Icon of a malicious actor in the Cloud attacking API endpoints over network routes
APIs are vulnerable

Exfiltrated machine credentials 

  • Three of the four most common vulnerability paths for API attacks involve the misuse of credentials
  • Static and semi-static API keys are sniffed, removed, and misused by attackers
  • The vast majority of API exploits happen against authenticated APIs. Suggesting that authentication is failing to protect workloads

Hopr's solution:

We rotate workload secrets at a high frequency in real time and use them for encryption-decryption rather than authentication. Secrets expire and vanish before they can be found, removed, and misused.

Untrusted identity of transient workloads

  • Many workloads appear on networks for a limited time and lack persistent identities
  • A recent survey of security professionals found PKI certificates "incapable of supporting new applications"
  • IP addresses and ports are reused making trust of ephemeral workloads a significant challenge

Hopr's solution:

We provide each workload with a rotating identity credential that is coupled with its session history. The credential represents an immutable chain of trust in the workload even if its presence in the network is transient.

Transient machine identities in the Cloud
Experts Agree on the Value of a Moving-target Defense
SVP Security, Global Financial Services
“I am a big fan of this defensive strategy.
Adversaries spend 90% of their time in attack planning, this prevents them from launching an attack.”

How our Moving Target Defense delivers value

Credentials are a prime target for adversaries. Forensics analysts know that adversaries spend 90% of their time in planning an attack and only 10% in the attack. We'll describe how we make credentials fast-moving targets and prevent attacks.
Read Our White Paper
Learn more

Our Defense is Different

Exfiltrated API credentials 

Positive Security Model. We start with trust and continuously verify and recognize trusted workload rather than search for negative threat activities.

Exfiltrated API credentials 

Moving micro-perimeters. We secure the perimeter of the smallest computing units in a modern architecture: containers and workloads and their communications.

Exfiltrated API credentials 

High frequency credential rotation. We frequently rotate access credentials to eliminate credential theft and misuse by adversaries.

Security That Contributes to Business Success

Exfiltrated API credentials 

Reduced risk because our defense operates in real time across all clouds

Exfiltrated API credentials 

Fast time-to-value through a simple low-code integration with existing containers and workloads

Exfiltrated API credentials 

Low adoption costs because no modification to existing Apps or API code is necessary

Exfiltrated API credentials 

Improved operating margins from a reduction in the management of  stored static secrets and identity materials

Scalable, easy
to maintain

Webflow hosting is lightning fast, and comes with enterprise grade uptime, scalability and security. Automatic backups, painless editing, collaboration, and straightforward SEO controls will make your website a pleasure to use.
image of computer code for hopr's "Codes Hidden in Plain Sight" technology

Watch a recorded demonstration

Click the button below, provide your email address, and watch a 3:13 (min:sec) recorded demonstration of how Hopr's CHIPS technology protects an interaction between two workloads.
Watch the Video
Unique Technology and Features

Feature

Others

Rotate credentials at high frequency for a moving target defense
hover or click to flip over
Existing solutions rely on static or semi-static credentials that are easy targets for adversaries
Secure both the identity and secret credentials
hover or click to flip over
Some solutions may secure one credential (identity or secret) but not both at the same time
Verify trust in an identity per session
hover or click to flip over
Automated PKI certificate identities seldom rotate and lack a chain of trust

Our Latest Insightful Articles

Small, Fast-moving Targets

Four Dilemmas of Keeping Secrets