Most IT people don’t know anything about this, but there is yet another way to approach enterprise security outside of network-centric, workload-centric, file-centric, VM-centric and all the other methods. Companies can protect their data from going out from their storage and servers in an unauthorized fashion by—get this—monitoring hops.
Yes, hops. No, we’re not talking about that important ingredient in beer or the way a rabbit travels. Hops in this context means the number of connections a data packet makes when traveling from one point to its ultimate destination via the internet.
In networking, a hop is one portion of the path between source and its intended resting place. Data packets pass through bridges, routers and gateways as they travel between source and destination. Each time packets are passed to the next network device, a hop occurs.
Stolen Data Becomes Useless After It Reaches a Certain Distance
Turns out one can policy and monitor such activity, and a new Austin, Texas-based startup called Hopzero is doing it with a patented cloud-based service (Hopsphere Radius Security) which controls the number of hops a packet of data is allowed to have before it drops dead in the network. Thus, if a hacker manages to worm into a system and steal files and/or other types of data, the data itself can be directed to destroy itself before it can be used.
This is sort of like the old “Mission: Impossible” television series in which an agent would get instructions for a mission, and after the agent hears the instruction, the message would self-destruct, so no one else would find out. The difference in this case, however, is that none of the valuable information ever gets into the hands of the bad actors, because it self-destructs long before then.
So, instead of trying to keep the hackers out, Hopzero keeps important data in, drawing a line where data is discarded before it—and hackers—can exit a perimeter. This indeed, is an innovation in security, and it was launched July 11.
“For the last two years, I’ve been developing this technology to limit how far data can travel, and we do that by hop count,” Bill Alderson founder and CEO of Hopzero, told eWEEK. “Every packet has a toll value in it, and we limit that toll value based upon our analysis that looks at every device it’s going to, and we record the hop count to and from all their peers.”
Automatically Steps in to Halt Threats
After this analysis, an enterprise will know exactly how many hops a data load will need to get from Point A to Point B. Beyond that, the red flags go up, and Hopzero automatically steps in to halt any further movement.
For example, a particularly valuable piece of stored data might be assigned a hop count of, say, six hops, after which it will evaporate in the network and become unusable for hackers, or anybody else, for that matter. This is another good reason for enterprises to have good, reliable backup inside their storage systems.
The Hopsphere solution is a cloud-based module in the Hopzero’s Secure Portal for customers and security professionals. This first-ever approach allows organizations to upload their network information to receive a security risk assessment of potential breaches based on where their data has traveled.
The Hopsphere solution offers both a cloud-only and hybrid-cloud option, which allows customers to view security risks, determine a safe radius for data, and set a security perimeter to stop any communications beyond a defined radius, Alderson said.
The technology is not only limits a device’s hop radius, it effectively blocks all Internet access and even limits internal network access. Even stolen credentials outside the protected server’s sphere never get a login prompt, obviating attacks, Alderson said.
Protects Any Type of Network Device
Hopzero protects any type of network device, including internet of things devices that have unrestricted Internet access; making them vulnerable to malicious attack and as back doors to the Internet.
Hopsphere Radius Security protects devices from exposure to billions of potential attacks by hackers and malicious malware, and is designed to complement existing access-based technologies: firewalls, IDS (intrusion detection system), IPS (intrusion prevention system), anti-virus, IAM (identity and access management) and MFA (multi-factor access). While firewalls are added at the edge, which is the most vulnerable location in the network, HOPSphere Radius Security uses existing endpoints and network devices, the most protected equipment.
“Current methods have resulted in higher costs and complexity without providing absolute protection from cyber-attacks,” Alderson said. “We believe we have found the solution that everyone has been looking for that will significantly protect our government, businesses, homes and personal devices from hackers and malicious malware.”
Hopzero’s cloud service is now available. Go here for more information.
Image: Hopzero at the 2018 RSA Security conference.