Hopr named as AMTD leader in Gartner's "Hype Cycle for Endpoint Security, 2023"

Say Good-bye to Bulk Key Replacement

Security breaches often require the immediate and costly replacement of all customer API keys (bulk key replacement). But it doesn't have to be that way.
Hopr detects stolen keys automatically, even if a breach has not been discovered. Bulk key replacement is unnecessary because only customers whose keys are known to be compromised are notified to reset them.

69% of organizations have been compromised due to an unknown, unmanaged, or poorly managed external asset

49% of breaches in 2022 involved credentials

68% of enterprises experienced a business impact event and along with it increased costs related to an identity breach.

API Keys are valuable targets for threat actors

API key theft

Static API keys are easy for threat actors to locate and steal. Stolen API keys and those from a trusted workload are identical. Bulk key replacement due to a breach is costly in reputation loss, financial impact, and erodes customer trust.

Hopr's Solution

Equip public-facing API endpoints with trust verification capabilities to recognize ensure only API keys used by trusted third parties reach the API endpoint.

Learn More
abstract icon of a certificate

Uncertain trust of API key security

The security of API keys issued to third parties relies on the vigilance of the third party to secure them. Third parties may not secure their keys. All keys are passed between endpoints for authentication and lose their secrecy over time.

Hopr's Solution

Equip trusted third parties with AMTD technology that makes the API keys the pass to the API endpoint distinguishable from stolen keys presented by an imposter third party.

Learn More

Authentication is not a security measure

Authentication requires passing keys between client and API endpoints exposing them to theft. Stolen keys are authenticated without verifying the user identity and trust. Authentication cannot prevent the use of a stolen API key

Hopr's Solution

Equip trusted third parties to wrap their API keys in Synchronous Ephemeral Encryption (SEE) when making an API call. API keys in calls arriving from untrusted third parties are detected when they fail decryption and are rejected.

Learn More
No items found.

Valuable Benefits

Lower cyber risk
Compromised API keys used by untrusted third parties are automatically recognized, disabled, with notification to reset.
True Zero Trust
Identity trust verification is performed each time third party client and public-facing API server workloads connect for an API exchange.
Fast time-to-value
Onboarding, configuration and deployment of Hopr Connect by an average-skilled DevOps can be achieved in about 5 days.
Lower costs
Consumption-based pricing and the elimination of multiple centralized cloud services reduces costs.
Simple deployment
Configuration of a DevOps YAML file in automated CD production is all that is needed.
No code changes
Modification of existing services, application, and API endpoint code is not needed.

Compelling Advantages

Connect Gateway detects and stops third-party API key misuse without foreknowledge of a compromise.
Existing API security tools are unable to prevent authentication of stolen API keys and leak data from the API.
Connect Gateway eliminates the bulk key reset protocol when a breach of key stores is detected.
Existing protocols force costly disabling and resetting all customer API keys on suspicion of a breach.
Connect Gateway protects both the client and API server endpoints from untrusted access.
Existing API security tools do not protect third-party clients from untrusted access. A client vulnerability is an attack vector on the API server.
icon of a smart phone

Discover How AMTD is a Winning Defense

Schedule a 15-minute discovery call with one of our experts to discuss your use case and learn how Hopr's automated moving-target defense can prevent cyber attacks on your business.
Schedule a Call
Gartner, Hype Cycle for Endpoint Security, 2023 Franz Hinner, Satarupa Patnaik, Eric Grenier, Nikul Patel, et al.., 1 August 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.