Enterprise Management Associates (EMA) is a leading voice in the information security industry. With its dedication to in-depth research — and unrivaled analysis — the EMA is an important resource for data management and IT professionals anywhere.
That’s why it’s with much excitement we announce HOPZERO, in October 2018, was named a “EMA Vendor to Watch.”
Below is a reprint, with permission, of the report compiled by EMA.
HOPZERO: EMA VENDOR TO WATCH OCTOBER 2018
©2018 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
HOPZERO is a new security startup founded on old-school principles of using network protocol fundamentals to help enterprises protect their mission-critical data. The company’s approach, which it refers to as “hop starvation,” analyzes the number of bridge, router, and gateway hops that critical data takes as it traverses the corporate or data center network and then limits the hop count to just that number. Should someone attempt to send a packet beyond the number of hops allowed, the network device at the end of the specified hop count essentially discards the packets and sends an Internet Control Message Protocol (ICMP) about the event to a management console.
The year-old startup is in the early stages of releasing the product. It has a couple of paying customers and HOPZERO is working through proof of concept projects with a handful of prospects in the Fortune 100, Department of Defense, and financial services sector. Its founders have a long history in the protocol analysis, application performance monitoring, and network integration worlds and plenty of experience in developing and then selling startups to deep-pocketed buyers. CTO Bill Alderson was an early employee at Network General, founded Pine Mountain Group, and later sold it to NetQoS, where he met HOPZERO cofounder Ben Haley, who was a NetQoS founder. NetQoS was sold to CA Technologies. The team is rounded out by cofounders Jim Rounsville, a network integration expert, and Shawn Mack, investor/advisor. The Hop Sphere Radius Security product, which has a patent pending, was launched in July 2018. The company to date has raised just $600,000 from angel investors, but once the POCs prove out the technology, HOPZERO intends to pursue additional funding.
HOPZERO complements enterprise firewalls, adding another layer of network-based protection by controlling the distance a packet can travel over a TCP/IP network, rather than controlling access to that network. The patent-pending analysis technique in Hop Sphere Radius Security uses a packet trace or live network feed to study where packets from a source like a backend server travel and harvests the total number of hops they make. Then, HOPZERO changes the default hop count in the host operating system to the limit it has learned. For more primitive devices, such as security cameras, whose hop count can’t be changed, HOPZERO uses a device called a modifier installed on the wire to learn what’s appropriate and set the appropriate hop count in the modifier. It addresses multiple use cases, including stopping unauthorized bulk data exfiltration and IoT distributed denial of service attacks, and it can prevent an attacker using stolen credentials outside a server’s protected sphere from accessing sensitive data. It can also reduce the complexity of managing large and unwieldly access control lists in enterprise firewalls, which has the added benefit of improving network performance. It essentially touches on the data loss prevention (DLP) and intrusion detection system (IDS) markets (it leverages ICMP to notify security when a packet reaches the end of its hop count).
HOPZERO will initially target Fortune 500 and Global 2000 data centers and their high-value systems that require ironclad security, although any organization that has highly sensitive and extremely valuable data to protect is also a prime prospect.
More specifically, HOPZERO will focus on backend infrastructures that are highly defined and changed infrequently. The value of the new tool extends past protecting sensitive data from traveling beyond where it shouldn’t go. Hop Sphere Radius Security also provides visibility into where data is traveling (geographic locations) and how much of it is going to different locations, as well as metrics such as latency, throughput, and other contextual data they can easily gather thanks to years of experience in evaluating networks and protocols. Such visibility can uncover unwanted activity, such as search engine spiders attempting to index backend or middleware servers, as one POC revealed.
Hop Sphere Radius Security is deployed as a SaaS (pure cloud and hybrid), and it leverages third-party packet aggregators or virtual taps from vendors like Gigamon to gather only the metadata it requires for analysis in the cloud. HOPZERO collaborates with customers to determine where to capture packets or locate collectors. Once policies are established using lower hop count settings, Hop Sphere Radius Security monitors detect attempted breaches of the established radius. Attackers don’t know they’ve been shut down—they don’t get a response and it just appears that the device is offline. However, the organization’s security team gets an alert that an attempt was made to move packets beyond the established radius. The alert includes information about where the attack originated, which systems were targeted, and when the attack occurred.
What HOPZERO does is akin to putting a leash on customers’ data to limit its travel to within a network segment, data center, or enterprise. It can only travel within a specified radius. It addresses a dirty little secret about the default hop settings within industry standard operating systems and commercial servers: they are set dangerously high. Linux, for example, is set at 64 hops, Microsoft operating systems are set at 128 hops, and Oracle database servers are set at 255 hops. Anything beyond 40 hops means that packets can travel across the globe. By learning what the appropriate sphere of operations is for a given server or endpoint and then setting those hop counts lower, HOPZERO can keep sensitive data out of the hands of cyber thieves. This represents real out-of-the-box thinking. It’s no surprise that a common question the founders often get is, “why didn’t someone think of this before now?”
HOPZERO founders see a potential total addressable market for this new firewall complement as reaching six percent of the overall firewall market, which comes out to be about $840 million annually. Only time will tell whether that is wishful thinking or not. Working in their favor is the fact that there are no changes to the enterprise’s routing infrastructure required because routers already enforce hop limits. That can lower the barrier to adoption. Working against the small startup is the huge education effort required to help IT recognize the danger in default hop count settings and in convincing network security practitioners of the technology’s viability. The company’s sales motion will also require courting not only security professionals and executives, but application or line of business owners as well.
The best technology doesn’t always win, but a good, innovative idea like HOPZERO’s deserves its day. For it to become a viable offering in the market, Hop Sphere Radius Security will require a champion to promote its value. There are well over one thousand IT security vendors in the market. That is a testament to the fact that organizations are still open to best-of-breed buying decisions, and HOPZERO’s technology is a breed all its own.
About Vendor to Watch: “EMA Vendors to Watch” are companies that deliver unique customer value by solving problems that had previously gone unaddressed or provide value in innovative ways. The designation rewards vendors that dare to go off the beaten path and have defined their own market niches.
About EMA: Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help EMA’s clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise IT professionals and IT vendors at www.enterprisemanagement.com or blog.enterprisemanagement.com. You can also follow EMA on Twitter, Facebook, or LinkedIn.