Hopr Korvette-S
The WoSP for Enterprise Workloads

Did you know? A Corvette is a small, fast, defensive naval vessel that historically served to carry messages between larger naval vessels in a fleet. We spell our Korvette with a 'K' in recognition of its value to Kubernetes systems.
Blue and black graphic logo for the Korvette-S Workload Security Proxy

The Korvette-S is a Workload Security Proxy that is designed to operate as a 'sidecar' to a host workload within an enterprise trust regime, which could be a cluster, segment, cloud, or an entire domain.

"Working with PKI certificates is on my Top 5 least favorite tasks. As a Software turned DevOps Engineer, I appreciate solutions that simplify complexity without compromising security. Hopr’s innovation does exactly that. It’s a smart, efficient approach that addresses real-world challenges"
Stephanie Phifer, Senior Software and Automation Engineer

Korvette WoSPs are Configured, Deployed and 'Bound' as a 'Sidecar' to a Host Workload

Graphic representation of a containerized workload and a WoSP as a sidecar
Access to the host workload container is only possible through the WoSP.
All communications to and from the Workload pass through the WoSP.

Key Features and Advantages of the Korvette-S WoSP

Korvette-S WoSPs build Zero Trust and future-proof application and device networks within an enterprise, and reliably defeat insider threats with simplicity and at a lower cost.
Hover over each card below to see the Advantage gained by each Feature.
IDENTITY TRUST AT EACH SESSION
The Korvette-S includes a decentralized hopping identity crenential (the MAID™) that is verified for trust at the start of a communication session with another workload.
If the MAID™ verification fails, security teams receive an immediate alert and can determine the appropriate action.
HOPR'S IDENTITY TRUST ADVANTAGE
Identity trust verification is an important Zero Trust principal not met by convential identity solutions.
Frequent identity trust verification is an advantage over conventional workload identity certificates (which are static keys) whose trust is only assumed when creating a communication session.
graphic icon representing rotating access control for a containerize workload
RIGOROUS CONTROL OF WORKLOAD ACCESS
Access to any application or device workload operated by the enterprise is controlled by access credentials that hop at a high frequency. These credentials can only be known by other trusted enterprise workloads and they can only be known at the time a communication session starts.
HOPR'S ACCESS CONTROL ADVANTAGE
Frequently hopping workload access credentials disrupts  attempts by threat actors to steal and abuse them to gain unauthorized  access to workloads. Hopping access credentials gives cyber defenders an advantage over sophisticated threat actors.
graphic red and white icon of threat access denied
REJECTION OF THREAT ACCESS ATTEMPTS
Attempts by malicious or untrusted workloads to access a trusted workload are discovered, logged, and rejected without a response to the workload attempting access.
Logs of untrusted access attempts are available to customer security teams for use in Security Incident Event Management tools.
HOPR'S THREAT REJECTION ADVANTAGE
Recognizing threat activity is slow and error prone with detection and response tools. But Hopr's WoSP immediately discover and stop all threat attempts to access a trusted workload. The risk of unauthorized access is significantly reduced.
graphic red and white icon of threat access denied
INSIDER THREAT PROTECTION
Insider threats are prevented from moving laterally and gaining additional access to workloads. Malicious workloads within an environment are unable to communicate with trusted workloads and are isolated. Attempts to exfiltrate data from trusted workloads is preempted.
HOPR'S INSIDER THREAT  ADVANTAGE
Threat actors may bypass perimeter defenses, avoid detection, and move laterally to extend their control and attacks. But they will confront an insurmountable defense at each workload and become isolated and unable to access other workloads or moving laterally to exploit other valuable enterprise assets.
Abstract graphic of a shrinking ball
SIGNIFICANT ATTACK SURFACE REDUCTION
The Korvette-S significantly shrinks the attack surface available to attack. The AMTD cyber defense is formed around trusted workloads each time they connect to share data, which dramatically reduces the opportunity for cyber attack.
HOPR'S ATTACK SURFACE ADVANTAGE
The attack surface for large enterprises operating in multiple clouds has a very large cyber risk exposure. But the ephemeral nature of workload access has the advantage of a much smaller attack surface and it's also much more difficult for a threat to penetrate the attack surface even from inside the network.
graphic image of a padlock witrh code symbols on the front
SYNCHRONOUS EPHEMERAL ENCRYPTION (SEE™)
Identically configured Korvette-S WoSPs use the SEE™ protocol to build on-demand, future-proof, peer-to-peer communication sessions that are bi-directionally end-to-end encrypted (at the application layer) without exchanging the encryption key.
HOPR'S END-TO-END ENCRYPTION ADVANTAGE
Conventional transport layer encryption is secure in some cases, but not all. There can be gaps that leave sensitive data exposed to discovery and theft.
The SEE™ protocol has the advantage of comprehensive end-to-end encryption that ensures the confidentiality and integrity of data in transit wherever it travels. No gaps. No data losses.
graphic icon of a key with a clock face and a threat actor
IMMEDIATE DISCOVERY OF STOLEN API KEYS
When a threat presents a stolen API key in a 'call' to a trusted API endpoint, the untrusted API call is immediately recognized when it fails decryption. The key never reaches the API endpoint, and security teams are alerted to reset the API key.
HOPR'S API KEY THEFT DETECTION  ADVANTAGE
Conventional API Security solutions lack the ability to immediately detect a stolen API key before it is presented at an API endpoint.
WoSPs have the advantage of immediate discovery of stolen API keys and logging the event and metadata so  security teams can reset compromised keys individually rather than force bulk resets.
graphic representation of a hand snapping fingers to indicate fast and simple
SIMPLE AND FAST IMPLEMENTATION
Korvette-S WoSPs need only a few lines of YAML code for configururation. They are easily deployed by DevOps personnel using familiar CI/CD tools, and the AMTD security benefits are immediately available upon deployment. Trial and error implementations are a thing of the past.
HOPR'S IMPLEMENTATION
ADVANTAGE
Implementation of conventional credential management and networking solutions is complicated, error-prone, and time consuming.
WoSPs have the advantage of a simple and fast configuration and deployment that is DevOps-friendly due to the container image packaging and use of  cloud native technologies.   
Hopr named in Gartner’s
”Emerging Tech: Security —
The Future of Cyber Is Automated Moving Target Defense”

The Korvette-S Shines in Secure Application Networking
Within a Common Identity Regime

abstract graphic of threats operating within a network
Common Identity Regime Within an Enterprise
Common identity regimes can be cloud clusters, segments, sub-domains, on-premises clouds, or commercial clouds.
Comon Top Level Domain
Common identity regimes are controlled by a single enterprise often associated with a top level domain (e.g. enterprise.com) and centralized identity authorities that govern transport layer security (TLS).
Preventing Cloud Intrusions
A 2023 study found that Cloud intrusions increased by 75%. The intrusions exploited unique Cloud security features, gained network access and maintained persistence.
Micro-segmentation and Access Control
Properly segmenting networks to limit the impact of attacks and manage the complexity of modern enterprise networks is a significant challenge faced by digital enterprises.
Networking at the Application Layer
Korvette-S works at the application layer to simplify secure networking and segmentation at the highest layer of the stack.

How Hopr WoSPs protect app networks with AMTD

Hopr WoSPs are small, lightweight proxies that easily build secure networks of applications and devices across clouds, segments, and clusters. Read our white paper to learn about the WoSP's features, advantages, and benefits.
Read the Paper

Korvette-S Enterprise Benefits

Improved Security Posture Against Insider Threats
Cloud Native AMTD with identity trust verification protects trusted workloads and their data from unauthorized access.
Configure and deploy with ease.
Low-friction configuration and deployment with DevOps-friendly YAML and CI/CD tools.
Reduce architectural overhead.
Reduced use of costly external services and complexity of cert-based solutions. Reduced errors and APIs.
Immediate discovery of threat activity
Rejection of all unauthorized attempts to access trusted workloads are immediately discovered and prevented.
Improved compliance
Strong data confidentiality, integrity, and access control features add an additional layer of data privacy protections.

Frequently Asked Questions

Can a Korvette WoSP be deployed on a Virtual Machine (VM) instead of a container system?
Can a Korvette WoSP be deployed in container systems other than Kubernetes?
What is the skill level required to implement Korvette WoSPs in a cloud environment
Do I have to make changes or alterations to my existing application or API code to use this?
Does the Korvette solution interfere with traditional workload identity and transport security?
Graphic icon of two connected containerized workloads

Try Our Tech

We offer a FREE Hopr WoSP trial so you can evaluate it for your use case. Deploy Hopr WoSPs with your containerized apps and perform up to 5,000 communication sessions for one month at no charge.

Onboarding is self-serve and WoSP config and deployment is a simple DevOps process.
Try for Free

Available Premium Features

The Korvette-S can be customized for enterprises with critical use cases needing a tailored solution.
five gold stars in a circular pattern
Enhanced Fault Tolerance
This customization improves the fault tolerance by defining alternate CHIPS™ algorithms should the initial algorithm become inoperable.
Micro-segmentation
This customization uses different CHIPS™ algorithms assigned to different IP ports to micro-segment workload data sharing.
Custom MAID Rotation
This customization tailors the configuration of the default MAID hopping cycle.
Custom CHIPS™ Algorithms
This customizes the CHIPS™ algorithm for use in a Hopr WoSP.
Gartner, Emerging Tech: Security — The Future of Cyber Is Automated Moving Target Defense, Lawrence Pingree, Carl Manion, et al.., 28 February 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Case StudiesHow It WorksUnique FeaturesAMTD ProductsPricingContact usSecurityWeb Retriever OSSAboutPrivacy policiesTerms of service
Hopr builds technology solutions for on-demand, Zero Trust, future-proof, and seamless networking of applications and devices within and across all cloud environments.

With Hopr, application networks and data are protected by a Cloud Native Automated Moving Target Defense (AMTD) that preemptively disrupts cyber threats before they can attack.

Hopr's innovations are packaged in a first-of-its-kind Workload Security Proxy (WoSP). WoSPs deliver AMTD for containerized workloads, enforce zero trust at every transaction, seamlessly connect across clusters, clouds, and data boundaries, and immediately discover and reject threat attempts to access a trusted workload.
copyright 2021-2025 | Hopr Corporation
CHIPS™, MAID™, and SEE™ are trademarks of Hopr Corporation
CHIPS™ and MAID™ technologies and the SEE™ protocol
are protected by US Patents and patents pending.