HOPZERO: Providing Security at the TCP/IP Network Layer

HOPZERO

Bill Alderson, CTO Hopzero, HOPZEROBill Alderson, CTO
According to the founders of cyber security startup HOPZERO, the network-security industry has suffered considerably due to ineffective security solutions. As demonstrated by so many data compromises last year alone, security measures that were touted as “next-gen” or “bullet-proof ” failed to remedy the mistakes that were made behind the firewall, a flaw that could jeopardize an organization.

Realizing these inherent flaws, they decided to change the status quo by creating an effective data containment system. HOPZERO’s security solutions represent a stark contrast to that of their competitors. Instead of keeping hackers out of an organization’s data center HOPZERO keeps data inside the servers with a unique algorithm that imposes an absolute travel limit for critical business data and thereby prevents data leakage. HOPZERO can stop data travel at any router – it’s like placing a firewall right where it’s needed.

After years of research, the company successfully tested its solutions at JIFX (Joint-Interagency Field Experimentation) at the U.S. Naval Postgraduate School and went on to build prototypes for the defense sector. In this interview with “CIO Applications,” Bill Alderson, the CTO of HOPZERO, outlines the benefits of their flagship enterprise security product and their unique approach to achieve top-notch security.

Tell us more about your flagship enterprise security product?

The HOPZERO data exfiltration prevention system uses data containment to prevent data from traveling beyond a safe perimeter. We can show what data is leaking out of a company and set parameters to contain it. Our data containment capability makes us unique in the enterprise security arena.

Our technology works in stark contrast to conventional ways of firewall protection. Our flagship product detects data exfiltration across an entire enterprise and classifies data travel as safe or unsafe, depending on the location. After that, our exfiltration prevention system, called HOPSphere Radius Security, prevents data travel beyond a safe perimeter. Additionally, we have a visibility solution that monitors network traffic to detect attempts to breach the radius.

We achieve this by limiting the number of devices data will travel to by setting an appropriate HOP count. HOP count is a simple parameter every computer uses since the beginning of TCP/IP and the entire Internet. A HOP occurs when a packet of data is passed from one network segment to the next. The HOP count refers to the number of intermediate devices through which data passes, starting from the source to the eventual destination. If the HOP limit is less than the distance to the edge of the data center or enterprise, information cannot be directly accessed or exfiltrated. It’s as simple as that. Lower the HOP value – contain the data at the distance you choose.

How does the data containment work?

Each time a packet goes through a router, the value of the HOP count is decremented. When a router decrements the HOP limit to zero, the same router discards the packet and issues an alarm.

We limit data travel by managing packet lifespan. Setting the initial HOP limit shortens the distance a packet can travel before being discarded. This approach creates a short virtual leash, preventing data from leaving the network segment, data center, or enterprise.

Our technology works in stark contrast to conventional firewall protection. Our flagship product detects data exfiltration across the entire enterprise and classifies data travel as safe or unsafe, depending on location

For instance, if you are communicating with a server in Russia, the packet goes through the Internet, and the HOP count is decremented every time it goes through a router. We learn how many HOPs are necessary to keep data inside an organization’s data center.

We will then learn how many routers are there in the data center and set that server to the same HOP count. When the HOP count for that packet goes to zero, the data packet is unilaterally destroyed. When the packet is destroyed, the router simultaneously sends an alert message back to the data center. There are two advantages to this approach: 1) data cannot travel beyond the data center and 2) if someone tries to break into your most valuable HOPZERO protected server, we contain the data and alert the IT security team. HOPZERO catches phish and ransom attacks before they can reach valuable data, providing protection of data and alarms on any attempt to connect.

What makes your solution unique?

Our patent pending data containment and visibility solution make us unique. Our technology was appreciated by Vincent Cerf, the father of the Internet. He was surprised to know that HOP counts would be used to create a “clever” security perimeter solution. So, we built a whole suite of products that learn the HOP count and set a lower more appropriate value. The lower HOP value lowers the “attack surface” by reducing the number of devices that can reach or be reached by a vital server. A lower attack surface equates to much greater security.

Data containment is a powerful capability. But in order to implement our ground-breaking data containment solution, we need to generate statistics about HOPs and inform the customer where data travels. This is the visibility aspect of our solution. We show both sides of network devices on a map where the data travels. We can even show them where exactly the data travels inside the organization. They can even set limits for the path it takes inside the company. Effectively, clients get visibility into where their data is going, and we fix some constraints to the path it takes. That’s what our real flagship product does.

What are the features and functionalities of your product?

The very first thing our client might do is look at where their data is traveling on our portal. The portal shows the customer every available source where the data goes. The client can pick a source where they want to see where data is traveling. Automatic alarms tell security teams when valuable data is exfiltrating or even when an attempt occurs giving security professionals and executives confidence their data is safe.

In addition to that, the distinct dots on the map correlates to an IP address from where it’s coming. We can also show the customer the application protocol which is being used to communicate outside, like an Oracle or Microsoft SQL server. Moreover, our system automatically alerts on data packets that are at high risk.

What were the founding factors that led to the conception of your organization?

HOPZERO was co-founded by information security professionals who wanted to change the status quo of network security, to give security professionals a powerful, new tool for their toolbox. We realized existing solutions in the market were no respite for network security breaches, regardless of industry, geography, and budget. We brought our years of experience and innovation to address major challenges in the cybersecurity landscape.

Tell us more about the company’s track record and the future?

In the year 2020, we plan to move from on-premise to cloud and make our capabilities available to new industry segments. We currently serve both classified government and commercial organizations. Our products protect sensitive information such as employee PII, financial information, trade secrets, customer lists, and regulated information like PCI, FERPA, HIPAA, GDPR, and SOC2, to name some. Through our solutions, we intend to put hackers on notice by combining our experience, innovation, and tenacity.

HOPZERO

News

HOPZERO Officially Launches HopSphere Radius Security to Prevent Unauthorized Access to High-Value Servers

Read Also



Featured Vendors