HOPZERO Sphere of Trust

Hopzero Sphere of Trust is a network containment solution that leverages the IP packet Time-to-Live (TTL) field to create enforcement zones that restrict how far data can travel across a network. Each IP packet carries a TTL value — an 8-bit counter that decrements with every router hop and causes the packet to be dropped when it reaches zero. Sphere of Trust reclaims this field as a policy-driven containment mechanism, allowing administrators to define the maximum hop distance that packets from specific devices, applications, or IP pairs are allowed to travel. Enforcement is implemented through three components: - Endpoint Agents: Set outbound TTL values on packets based on configured policy - Gateways: Inspect TTL values and reject traffic that falls outside defined boundaries - Switch Port Policy Injection: Enforces TTL rules at the switch level without requiring endpoint agents The product supports several containment capabilities, including packet lifetime containment, network geo-fencing to prevent data from leaving defined regions or cloud zones, application tethering to restrict apps to approved resources, man-in-the-middle detection via TTL deviation analysis, and micro-segmentation without reliance on VLANs or complex firewall rules. Deployment options include lightweight agents, embedded gateway shims, inline sensors, SDN hooks, virtual TAPs, Layer 3 switch integration, and cloud-native agents for VPCs and containers. A passive monitor-only mode is also available for alert generation without active enforcement.