Hopr named as AMTD leader in Gartner's "Hype Cycle for Endpoint Security, 2023"

Synchronous Ephemeral Encryption

On-demand comprehensive protection for data-in-transit everywhere.
Synchronous Ephemeral Encryption (SEE™) is a protocol that builds end-to-end encrypted communication channels without a key exchange.

Session hijacking and key intercept are increasingly used by threat actors to sniff data in transit in the cloud.

Organizations can use commercial services to 'responsibly' remove TLS encryption and inspect traffic in violation to their data privacy policies.

Over 4.5 billion data records were lost due to breaches and leaks in the first three quarters of 2023.

Existing Protocols are Complex, Costly, and Weren't Built for the Cloud Era

Complex Implementation and Discontinuous Protection

Implementing and configuring TLS and mTLS is a complex process that requires skills and time. It is prone to errors and even when implemented correctly it cannot guarantee that data transferred between endpoints is private. Session keys are vulnerable to misuse and can remove encryption. Also, the encryption is often terminated at cloud boundaries and servers and may not be restored afterwards.

Hopr's Solution

The SEE™ protocol is automated with sidecars at endpoints. Hopr's sidecars are simple for DevOps to configure and deploy with each workload. SEE™ operates autonomously to create hardened communication channels that are continuous across all cloud environments at each new session. There is no key exchange so data protection is assured all the way to a trusted endpoint!

Learn More
abstract icon of a certificate

Lack of Verifiable Workload Identity Trust

Currently, workload identity is based on automated tools that issue "PKI certs" to workloads when needed. But unlike root domains, these certs do not verify the workload identity before providing the cert, and when the workload certs are replaced at expiration (if they ever do expire) the workloads receive an entirely new identity credential that lacks any trace to its prior identity.

Hopr's Solution

Hopr equips workloads with an identity credential that we call a MAID. MAIDs rotate frequently and are verifiable by Hopr at the start of each session to ensure identity trust.

Learn More

Static Credentials are Exposed to Theft

Common workload identity certs rely on keys that are static and passed between endpoints. They require secure storage, and may be discovered by threat actors who can steal and misuse them.

Hopr's Solution

Hopr issues workloads a MAID when trust is first established at registration. From then on, Sidecars manage and rotate their MAID frequently using the workload's history. They cannot be spoofed or used if stolen.

Learn More

Why Synchronous Ephemeral Encryption is needed

We compare five types of API security solutions against eighteen API threats for cloud network topologies. The paper explains how many solutions leave gaps in a security architecture and how networks and data are exposed to serious threats. Spoiler alert: there is a combo that prevents gaps.
Read the Paper

Valuable Benefits

Lower cyber risk
SEE™ ensures that no MITM attacks can succeed. Data is completely confidential and tamper-proof in transit.
True Zero Trust
SEE™ includes the verification of workload identity trust at the start of each session.
Fast time-to-value
Onboarding, configuration and deployment of Hopr Connect by an average-skilled DevOps can be achieved in about 5 days.
Lower costs
Consumption-based pricing and the elimination of multiple centralized cloud services reduces costs.
Simple deployment
Configuration of a DevOps YAML file in automated CD production is all that is needed.
No code changes
Modification of existing services, application, and API endpoint code is not needed.

Compelling Advantages

SEE™ guarantees complete and continuous data protection across all cloud environments.
Existing automated mTLS services cannot assure end-to-end encryption across all cloud environments.
SEE™ can be easily deployed by DevOps with little configuration
Existing automated mTLS services are complicated to configure and deploy and require greater skill to avoid errors.
SEE™ utilizes short-lived symmetric keys that never leave the Sidecar and that rotate at each session.
Existing automated mTLS services require handshake and key exchange operations and session tokens may be long-lasting.
icon of a smart phone

Discover How AMTD is a Winning Defense

Schedule a 15-minute discovery call with one of our experts to discuss your use case and learn how Hopr's automated moving-target defense can prevent cyber attacks on your business.
Schedule a Call
Gartner, Hype Cycle for Endpoint Security, 2023 Franz Hinner, Satarupa Patnaik, Eric Grenier, Nikul Patel, et al.., 1 August 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.