Cloud native Automated Moving Target Defense (AMTD) that prevents attacks on enterprise workloads, APIs, and data.
But XTRA can.
Verified identity trust is essential to secure East-West and North-South endpoints and traffic within the enterprise. Other features are built on that foundation.
Once an enterprise is registered with Hopr, DevOps staff are trusted with access to Hopr's container repository and Help Center for onboarding.
DevOps staff configure Sidecars with a specific CHIPS™ algorithm to enable encrypted communication with other workloads using identical sidecars.
A YAML file pulls a Sidecar container image and deploys it alongside its host workload. On first use, the Sidecar identity is registered with Hopr.
Hopr's cloud native AMTD protection is immediate every time to workloads within the network communicate, whether they operate on-premises, in a commercial cloud, or in a multi-cloud.
Watch a 3:15 (min:sec) video demonstrating Hopr Sidecars at work protecting workloads from untrusted connections
A comparison of Hopr features for internal workloads versus four competitor products
Envoy proxy is open source software developed by the Cloud Native Foundation. It performs many networking functions for workloads using a sidecar pattern. Hopr sidecars add a custom filter to Envoy.
Only sidecars whose workloads need to inter-operate to perform a service must use the same CHIPS algorithm. Other enterprise workloads/sidecars may be configured with different algorithms for micro-segmentation of enterprise services.
It is symmetric encryption that is made possible by two workloads building an identical key using a CHIPS algorithm. The key is never exchanged or exposed to theft.
The encryption-decryption occurs at Layer 4, the Transport layer. Every IP packet (message headers and bodies) is individually encrypted and decrypted.
No. API keys are still used within messages sent to an API endpoint, but they serve an identification purpose only at the endpoint. They are not needed for security, but are protected because they encrypted in the message so they cannot be sniffed in transit.
Synchronous Ephemeral Encryption ensures decryption is only successful if messages arrived from trusted workloads that share the same CHIPS algorithm. All other messages, even if they are TLS encrypted, fail decryption and are discarded before they each a workload (or API) endpoint.
Yes. Hopr sidecars protect all ingress and egress access to enterprise workloads whether or not they are in the same containerized infrastructure or external to it. The only requirement is that the workloads be managed within the enterprise.
Hopr Sidecars may be configured to encrypt egress messages at either Layer 4 or Layer 7 to allow for use of either a Network Load Balancer (NLB) or an Application Load Balancer (ALB) depending on the enterprise architecture.