Get Hopr Sidecars for free and experience simpler DevSecOps and stronger security via AWS Marketplace

The Cloud Native
Automated Moving-Target Defense

Prevent cyber attacks by disrupting threat actors and
their attacks on containerized workloads.

animated graphic of machines operating with a moving target defense and rotation to prevent attacks and disrupt threats
We help enterprises

stop attacks with a moving target defense.

prevent misuse of workload credentials.

harden workloads and block malicious traffic.

secure data in transit over any route.

verify trust in workloads at each session.

protect workloads and their data.

connect workloads and services anywhere.

Discover How AMTD is a Winning Defense

Schedule a 15-minute discovery call with one of our experts to discuss your use case and learn how Hopr's automated moving-target defense can prevent cyber attacks on your business.
Schedule a Call

Four challenges data-rich enterprises confront to
build resilient security

Uncertain trust in workloads

  • Automated identity manager services prioritize speed and scale to enable transport security.
  • Identity of workloads is not vetted before certificates are issued. Workload identity trust isn't verified.
  • The chain of trust for certificates is in the certificate authority and is unable to reach the workload.

Hopr's solution:

Use a decentralized an identity credential whose chain of trust is with the workload itself, then rotate and verify it frequently to ensure high trust.

Abstract graphic icon of a containerized workload with uncertain identity trust
abstract graphic icon depicting unsecured transport in a network

Vulnerable transport security 

  • Transport layer security has improved a lot, but not enough to meet the speed and scale of cloud operations.
  • Transport layer security isn't supported everywhere in the cloud, and it can be removed before data reaches its destination.
  • Unsecured transport exposes valuable data to sniffing and tampering of data in transit.

Hopr's solution:

We invented Synchronous Ephemeral Encryption (SEE™), a protocol that builds on-demand end-to-end encrypted communication between workloads, without a key exchange. The confidentiality and integrity of data is assured over the entire route between endpoints

Theft of static credentials

  • Workload credentials (identity and secrets) are static and seldom change.
  • Threat actors eventually discover and steal credentials without enterprises knowing of the theft.
  • Stolen credentials leave services and apps vulnerable to man-in-the-middle (MITM) attacks.

Hopr's solution:

Our patented CHIPS™ technology enables rotation of  credentials at a high frequency to create a moving target defense that prevents threat actors from gaining the information they need for an attack.

Abstract graphic icon of a threat actor obtaining access to a cluster of workloads
Abstract graphic of a ransomware attack

Malware delivered in encrypted message traffic

  • As the use of TLS encryption becomes more prevalent, threat actors have learned to hide malware in TLS encryption.
  • Studies report that >85% of malware payloads are delivered through TLS encrypted channels .
  • Protections cannot recognize "friend or foe" because untrusted and trusted message traffic looks the same.

Hopr's solution:

Trusted messages are sent via SEE™ and only trusted messages can be decrypted. Malware, even if TLS encrypted, fails SEE™ decryption and is discarded.

Experts Agree on the Value of a Moving Target Defense

“I am a big fan of this defensive strategy.
Adversaries spend 90% of their time in attack planning, this prevents them from launching an attack.”
SVP Security, Global Financial Services

Learn about the AMTD that lowers cyber risk

An Automated Moving Target Defense prevents attacks. But Hopr's AMTD goes further and ensures workloads are trusted, data-in-transit is encrypted everywhere, and malware is never delivered.

Our Defense is Different

Image of the gold and silver 2023 Globee Cybersecurity World Awards

Exfiltrated API credentials 

High trust. We establish workload trust once and verify workload rotating identity and secrets credentials at every session to build a chain of trust in the workload.

Exfiltrated API credentials 

Synchronous Ephemeral Encryption (SEE™). We build a hardened tunnel (without a key exchange) between two workloads each time they start a communication session.

Exfiltrated API credentials 

High frequency credential rotation. We frequently rotate two workload credentials to disable a threat actor's ability to steal credentials or gain access to service and app endpoints.
Fast and simple deployment. DevOps-friendly configuration and deployment saves time and lowers costs. And there are no changes to existing app and API code.
See all differentiating features

Security That Contributes to Business Success

Exfiltrated API credentials 

Reduced cyber risk from insider and external threats due to comprehensive protection from AMTD.

Exfiltrated API credentials 

Fast time-to-value in less than a week with fast and simple “low-code” DevOps deployment.

Exfiltrated API credentials 

Low adoption costs since changes to existing application or API code are not needed.

Exfiltrated API credentials 

Improved operating margins from a cert-free solution that protects without the need for certificates and other external identity and security services.

Watch a recorded demonstration

Click the image at left to watch a 3:15 (min:sec) demo of Hopr Sidecars protecting workload endpoints, using the SEE™ protocol to encrypt messages, and refusing untrusted access.
Learn How It Works

Unique Technology and Features



Rotate credentials at a high frequency for a moving target defense
Existing solutions rely on static or semi-static credentials that are easy targets for adversaries
Synchronous Ephemeral Encryption protects data in transit - hardened tunnels are built without a key exchange
Transport layer security is not assured everywhere in the cloud and gaps expose data
Verify trust in the workload identity every communication session
Automated PKI certificate identities seldom rotate and they lack a chain of trust in the workload

Our Latest Insightful Articles

IAM in a Box

Gartner, Emerging Tech: Security — The Future of Cyber Is Automated Moving Target Defense, Lawrence Pingree, Carl Manion, et al.., 28 February 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.