Automated Moving Target Defense

Beyond the Locked Front Door - ZTNA

Tom McNamara

September 2, 2025

Hopr.co is leading the cybersecurity industry in building true Zero Trust cybersecurity solutions for cloud infrastructure.

Why "Allow and Ignore" is a Recipe for Disaster in the Era of Zero Trust

In the ever-evolving landscape of cybersecurity, "Zero Trust" has emerged as a guiding principle for enterprises striving to protect their valuable assets. The concept is simple yet powerful: never trust, always verify. However, as organizations have rushed to adopt Zero Trust Network Access (ZTNA) solutions, a critical flaw has emerged in many first-generation implementations – a model we call "Allow and Ignore." This approach, while focused on identity and seemingly an improvement over traditional perimeter-based security, is akin to locking the front door of your corporate headquarters but leaving all the internal doors wide open for attackers to roam freely once inside.

The industry data is clear: the vast majority of breaches occur on "trusted" and "allowed" connections. This stark reality exposes the fatal flaw of ZTNA 1.0. Once a user or device is authenticated and granted access, they are often given an implicit "pass" for the duration of their session. This session-based trust is a recipe for disaster in an era of sophisticated cyber threats, where lateral movement and insider threats are the primary vectors of attack. It's time to move beyond this outdated paradigm and embrace a new standard of security: Zero Trust by the Transaction.

The Illusion of Security: The "Allow and Ignore" Fallacy

Traditional ZTNA solutions have made significant strides in securing the perimeter, but they have largely failed to address the internal threat landscape. The "Allow and Ignore" model is based on a fundamentally flawed assumption: that once a connection is authenticated, it can be trusted for an extended period. This creates a dangerous illusion of security, as it ignores the dynamic and ever-changing nature of cyber threats.

Here's why the "Allow and Ignore" model is no longer sufficient:

  • Lateral Movement: Once an attacker gains a foothold in a network, they can move laterally with relative ease, seeking out high-value targets and exfiltrating sensitive data. Traditional ZTNA does little to prevent this, as it focuses on initial access rather than ongoing activity.
  • Insider Threats: Malicious insiders, whether intentional or unintentional, pose a significant risk to enterprise security. With the "Allow and Ignore" model, a compromised user account can become a powerful weapon in the hands of an attacker.
  • API Vulnerabilities: In today's interconnected world, APIs are the lifeblood of business. However, they also represent a significant attack surface. The "Allow and Ignore" approach is particularly dangerous in the context of APIs, as it can allow a single compromised API key to be used for a wide range of malicious activities.

The bottom line is that session-based trust is a relic of the past. In the modern enterprise, where data is distributed across multiple clouds and accessed by a wide range of users and devices, a more granular and continuous approach to security is required.

The Evolution of Zero Trust: Introducing "Zero Trust by the Transaction"

"Zero Trust by the Transaction" is a new paradigm that addresses the critical limitations of ZTNA 1.0. This approach is based on the principle of continuous verification, where trust is established for every single API call and workload interaction. This means that every transaction, no matter how seemingly insignificant, is treated as a potential threat until it is verified.

This per-transaction trust model is a game-changer for enterprise security, as it provides a level of granularity and control that is simply not possible with traditional ZTNA. By continuously verifying trust for every transaction, organizations can:

  • Stop Lateral Movement: With "Zero Trust by the Transaction," an attacker's ability to move laterally is severely restricted. Every attempt to access a new resource or perform a new action is subject to a new round of verification, making it much more difficult for attackers to go undetected.
  • Mitigate Insider Threats: Per-transaction trust also helps to mitigate the risk of insider threats. Even if a user's credentials are compromised, the attacker will not be able to access sensitive data or perform malicious actions without passing a series of continuous verification checks.
  • Secure APIs: "Zero Trust by the Transaction" is particularly effective at securing APIs. By verifying trust for every API call, organizations can prevent the misuse of stolen API keys and ensure that only authorized users and applications can access their APIs.

Hopr: Leading the Charge to True Zero Trust

At Hopr, we are leading the cybersecurity industry in the shift to "true Zero Trust" with our groundbreaking Enterprise Ultra platform. We believe that "Zero Trust by the Transaction" is the future of enterprise security, and we have built our platform from the ground up to support this new paradigm.

The Hopr Enterprise Ultra platform is a strategic infrastructure upgrade that provides elite enterprises with the tools they need to protect their most valuable assets. Our platform is built on a foundation of innovative technologies, including:

  • Automated Moving Target Defense (AMTD): AMTD is a proactive cyber defense that continuously rotates workload credentials at a high frequency, making it virtually impossible for attackers to gain a foothold in the network.
  • Synchronous Ephemeral Encryption (SEE™): SEE™ is a patented protocol that creates end-to-end encrypted communication channels without a key exchange, ensuring that data is always protected in transit.
  • Codes Hidden In Plain Sight (CHIPS™): CHIPS™ is a unique technology that allows two identically configured Workload Security Proxies (WoSPs) to generate an identical secret if their algorithms run at nearly the same time. This enables secure communication without the need for a centralized key management system.
  • Machine Alias ID (MAID™): A MAID™ is a decentralized dynamic machine identity credential that is managed and rotated by the WoSP and verified for trust by an external Trust Verifier at the start of each communication session.
  • Runtime Microsharding™: The AMTD fractures the large attack surface of the application layer into many small pieces (microshards) and animates each one to confuse attackers in runtime.

These technologies, combined with our Workload Security Proxy (WoSP), enable us to deliver a level of security that is simply unmatched in the industry. The WoSP is a lightweight, networking proxy that incorporates our unique and patented security technologies and protocols to provide unparalleled protection for containerized applications, APIs, and data.

The Hopr Advantage: Protecting Your Most Valuable Assets

With the Hopr Enterprise Ultra platform, you can:

  • Achieve True Zero Trust: Our platform is designed to help you achieve true Zero Trust by providing continuous verification for every transaction.
  • Protect Against Advanced Threats: Our innovative technologies, such as AMTD and SEE™, are designed to protect you against the most sophisticated cyber threats, including lateral movement, insider threats, and API attacks.
  • Simplify Security Operations: Our platform is designed to be easy to deploy and manage, with a simple, DevOps-friendly configuration and deployment process.
  • Reduce Costs: By reducing the need for costly external services and the complexity of certificate-based solutions, our platform can help you to reduce your overall security costs.

The Future is Per-Transaction Identity Trust

The "Allow and Ignore" model of ZTNA 1.0 is a ticking time bomb. In a world where cyber threats are constantly evolving, session-based trust is no longer a viable security strategy. It's time to move beyond the locked front door and embrace a new paradigm of security: "Zero Trust by the Transaction."

With the Hopr Enterprise Ultra platform, you can make the transition to true Zero Trust with confidence. Our platform is designed to provide you with the tools you need to protect your most valuable assets and stay one step ahead of the attackers. Don't wait for a breach to happen – contact us today to learn more about how we can help you to secure your enterprise with the power of per-transaction trust.

Keep Reading

Runtime Microsharding Shrinks the Enterprise Attack Surface

Enterprises a challenged to defend their ever-growing attack surface. Complexity, Zero Days, and static network configurations make a target rich environment for increasingly sophisticated threats. Conventional defenses seem to have reached a ceiling of effectiveness. But a new Cloud Native AMTD is an active cyber defense that microshards the attack surface in to many small pieces and animates them so that attackers are confused in targeting application workloads.

Author Avatar
Tom McNamara

July 16, 2025

Proxies in the Cloud: Managing Traffic and Securing A Digital World

Proxies are common software designs that are widely used to abstract repetitive code and simplify a software architecture or code development. While they come in different types and are used for different purposes, the use of proxies for communications management is common, but many people may not know that security functions can also be proxied. In this article, I explain a novel and powerful new proxy – a Workload Security Proxy – that decentralizes access credential management to dramatically improve security and shrink the attack surface of digital enterprises.

Author Avatar
Tom McNamara

June 5, 2025

AMTD and Zero Trust in a Single Solution: The WoSP

Enterprise CISOs are challenged to find cost savings without compromising security. As cyber threat sophistication increases and overcomes conventional defenses, Zero Trust becomes an important cosideration for security architectures and compliance. A new option has arrived that combines AMTD with Zero Trust principles to deliver stronger security and cost savings for CISOs.

Author Avatar
Tom McNamara

June 5, 2025

A Short History of Moving Target Defense

Automated Moving Target Defense (AMTD) is emerging in the cybersecurity market as a new form of moving target defense (MTD). Not many people know that MTD is not new. It has been used effectively in communications security and information security for over 50 years before it appeared as a cybersecurity strategy. Today’s AMTD is a generational improvement over MTD, even the MTD from just a few years ago. The latest forms of AMTD are built for the cloud and are far more sophisticated than their predecessors. One new form even combines AMTD with Zero Trust to produce a strategic combination that amplifies the cybersecurity benefits at a relatively low cost.

Author Avatar
Tom McNamara

June 5, 2025

Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Case StudiesHow It WorksUnique FeaturesAMTD ProductsPricingContact usSecurityWeb Retriever OSSAboutPrivacy policiesTerms of service
Hopr.co delivers Zero Trust, cloud-native, multi-cloud infrastructure purpose-built to protect high-value applications, APIs, and data across clusters, clouds, and organizations.

Hopr's Cloud Native Automated Moving Target Defense (AMTD) frequently hops workload access credentials and produces Runtime Microsharding™, a novel technique that shrinks and animates the attack surface—breaking it into very small, short-lived pieces (microshards)—that disrupt threat reconnaissance, block lateral movement, and render credential theft ineffective.

Hopr’s Workload Security Proxy (WoSP)—a lightweight, drop-in proxy—enforces Zero Trust at every transaction, and rejects all untrusted attempts to access a trusted workload.
copyright 2021-2025 | Hopr Corporation
CHIPS™, MAID™, and SEE™ are trademarks of Hopr Corporation
CHIPS™ and MAID™ technologies and the SEE™ protocol
are protected by US Patents and patents pending.