How Hopzero Sphere of Trust Works
Contain threats before they spread by controlling the fundamental travel distance of data: packet lifetime.
Built on TTL: Time-to-Live as a Containment Tool
Every packet in an IP network has a time-to-live value—a counter that decreases with every router hop. When it reaches zero, the packet is dropped. Hopzero reclaims this overlooked field to create real containment zones.
Packet lifetime, also known as TTL or HOP Count is an 8-bit value in a packet header that signifies how long the packet can exist in the network. It prevents lost packets from being routed forever and creating congestion on the Internet. This slide illustrates how packets have a lifetime causing it to be discarded when it decrements to 0.
Hop-by-Hop Enforcement for Containment
Endpoint Agents
Set TTL values on outgoing packets based on policy
Gateways
Inspect TTLs and reject out-of-bound traffic
Switch Port Policy Injection
Allows TTL rules to be enforced without endpoint control
This creates a network-wide enforcement mesh—unbreakable by attackers, invisible to users.
Containment Capabilities
Packet Lifetime Containment
Define the reach of every device or application in hops.
Network Geo-Fencing
Prevent data from escaping regions or cloud zones.
Application Tethering
Keep apps tethered to only their approved resources.
Man-in-the-Middle Detection
Detect path manipulation through TTL deviation.
Micro-Segmentation
Enforce Zero Trust zones without complex VLANs or firewall rules.
Visualizing Hopzero Containment
Hopzero Sphere of Trust manages packet lifetime by Protocol, Application Port, IP Source and IP Destination creating Sphere of Trust Micro-Segmentation around each application packet.
Resources
Flexible Deployment Models
Deploy as agent, gateway, or inline sensor. Hopzero integrates with firewalls, cloud routers, switches, and SIEM tools.
- Inline Enforcement (SDN or virtual TAP)
- Cloud-native agent deployment (AWS, Azure, GCP)
- Passive monitoring with alerting integration