Home
Solutions
How It Works
Blog
Contact us
Privacy Policies
About
Terms of service
Contact us

An Automated Moving Target Defense for
API Threat Protection

animated GIF of Hopr AMTD and rotation with cloud machines
APIs are the front door to a lot of valuable enterprise data. Hopr’s cloud native AMTD ensures that only trusted workloads connect to API endpoints in any cloud.
In a recent survey of security and risk managers, only 15% of respondents found that existing API security tools were “very effective” in preventing API attacks.
Graphic badge for Cybersecurity world award in API security
API Security and Management

Cybersecurity World Awards program recognizes Hopr’s novel moving target defense solutions

Recognition by the Cybersecurity World Awards is a testament to our commitment to provide data-rich enterprises with resilient API threat protection and access control for endpoints in any cloud.
image of computer code for hopr's "Codes Hidden in Plain Sight" technology
Click the image to watch

See the WoSP in operation

Click the image at left to watch a 3:36 (min:sec) recorded demo of Hopr WoSPs protecting workload endpoints, end-to-end encrypting messages, and refusing access from untrusted connections.
Watch the Demo

Rising API Attack Statistics Suggest the Need for a New Defense

Uncertain API endpoint trust

  • The identity of workloads connecting to API endpoints is not verified.
  • Untrusted connections, such as from shadow APIs, are not prevented.
  • Threat actors learn how to avoid API security defenses and exploit APIs.

Hopr's solution:

A decentralized workload identity system where workload identity trust is verified at each connection to another workload, and untrusted connections are rejected.

Learn How It Works
Learn more
Graphic icon of containers that have uncertain trust
abstract graphic icon depicting unsecured transport in a network

Unprotected message traffic

  • Gaps in transport layer security occur due to identity domain boundaries.
  • Unprotected data can be ‘sniffed’ by threat actors.
  • Threat actors obtain sensitive information about the network.
  • Leaked sensitive information allows threat actors to move through a network.

Hopr's solution:

Hopr's Synchronous Ephemeral Encryption (SEE™) protocol protects all messages between client and API endpoints without exposing the encryption key in a key exchange.

Learn How It Works
Learn more
abstract graphic depicting a network of workloads under attack from threat actors

Learn Why API Attacks Continue to Succeed

We compare five types of API security solutions against eighteen API threats in a typical cloud network topology. Many solutions leave gaps in a network security architecture and exposed data and endpoints to serious threats. But one combination of solutions outperforms the others.
Read Our White Paper
Learn more
graphic icon of a gear, malicious attacks, and an API object

Untrusted traffic reaches APIs

  • Threat actors persistently exploit a large number of API endpoints.
  • Use of stolen keys is a favorite API attack vector because they are static.
  • 84% of attacks on financial API endpoints are authenticated.
  • Threat actors learn the business logic of APIs to launch exploits.

Hopr's solution:

Hopr’s Synchronous Ephemeral Encryption (SEE™) protocol recognizes untrusted connections when they fail decryption on arrival at the API endpoint. They are logged and immediately discarded.

Learn How It Works
Learn more
image of computer code for hopr's "Codes Hidden in Plain Sight" technology
Click the image to watch

See the WoSP in operation

Click the image at left to watch a 3:36 (min:sec) recorded demo of Hopr WoSPs protecting workload endpoints, end-to-end encrypting messages, and refusing access from untrusted connections.
Watch the Demo

Valuable Benefits

Graphic icon for lower cyber risk
Lower Cyber Risk
We protect both client and server endpoints and ensure that all traffic from untrusted endpoints is rejected.
Graphic icon for verified trust
True Zero Trust
Our API threat protection is truly zero trust. We verify trust in both client and API endpoints at every session.
Fast Time to Value
Protection of workloads is immediate after deployment. Time to value is typically 1 week.
Lower Costs
We reduce the need for costly centralized PKI-related services such as keys, certificates and secrets managers.
Simply Deployed
Deploying Hopr’s sidecar containers to exi-sting workloads saves time and is DevOps friendly.
No code changes
Our SaaS solutions do not require code changes to existing containerized apps, services, and APIs.

Advantages of Hopr’s API Threat Protection and Access Control

Hopr’s Synchronous Ephemeral Encryption protocol provides on-demand end-to-end encrypted communications without a key exchange.
Other solutions rely on mTLS which is not available everywhere and terminates at identity trust boundaries.
Hopr's “cert-free” decentralized workload Identities are managed and rotated by workloads. The chain-of-trust in the workload is verified by Hopr at each connection.
Other solutions use workload identities based on automated certs that are not vetted for trust. And each cert replacement is an new identity.
Deployment of Hopr's solution is simple and easily performed by DevOps with a familiar  YAML file configuration.
Other solutions require complicated and error-prone implementations of identity and secure transport protocols across environments.
Graphic icon of two connected containerized workloads

Try Our Tech

We offer a FREE Hopr WoSP trial so you can evaluate it for your use case. Deploy Hopr WoSPs with your containerized apps and perform up to 5,000 communication sessions for one month at no charge.

Onboarding is self-serve and WoSP config and deployment is a simple DevOps process.
Try for Free

Tell Us About Your Situation

Submission is an acknowledgement of your consent to our terms of use.
Thank You.
Someone from our team will be
in contact with you soon.
Oops!
Something went wrong while submitting the form.
Gartner, Emerging Tech: Security — The Future of Cyber Is Automated Moving Target Defense, Lawrence Pingree, Carl Manion, et al.., 28 February 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Case StudiesHow It WorksUnique FeaturesAMTD ProductsPricingContact usSecurityWeb Retriever OSSAboutPrivacy policiesTerms of service
Hopr.co delivers Zero Trust, cloud-native, multi-cloud infrastructure purpose-built to protect high-value applications, APIs, and data across clusters, clouds, and organizations.

Hopr's Cloud Native Automated Moving Target Defense (AMTD) frequently hops workload access credentials and produces Runtime Microsharding™, a novel technique that shrinks and animates the attack surface—breaking it into very small, short-lived pieces (microshards)—that disrupt threat reconnaissance, block lateral movement, and render credential theft ineffective.

Hopr’s Workload Security Proxy (WoSP)—a lightweight, drop-in proxy—enforces Zero Trust at every transaction, and rejects all untrusted attempts to access a trusted workload.
copyright 2021-2025 | Hopr Corporation
CHIPS™, MAID™, and SEE™ are trademarks of Hopr Corporation
CHIPS™ and MAID™ technologies and the SEE™ protocol
are protected by US Patents and patents pending.