LayerV is a preemptive cybersecurity platform that makes infrastructure invisible to attackers. We implement the OpenNHP (Network Hiding Protocol) standard from the Cloud Security Alliance. Instead of detecting attacks after they start, we prevent them by eliminating the attack surface entirely.

How does LayerV work?

LayerV uses a 5-step authentication flow: (1) Knock - encrypted request sent, (2) Verify - identity and policy validated, (3) Grant - temporary tunnel opened, (4) Connect - resource visible only to authenticated user, (5) Audit - access logged. Protected resources have zero network presence until authentication succeeds.

No. VPNs encrypt traffic but servers remain visible and scannable. LayerV makes servers completely invisible - they have zero network presence until authentication succeeds. This is a fundamentally different approach called Network Hiding.

When will LayerV be available?

LayerV is currently in pilot program, accepting enterprise applications. General availability is planned for Q1 2026, alongside the official CSA OpenNHP specification publication. You can try an interactive demo at layerv.ai/qurl/playground.

What identity providers does LayerV support?

LayerV integrates with major identity providers including Okta, Azure AD (Entra ID), Google Workspace, Auth0, and Ping Identity. Any OIDC or SAML-compatible provider can be integrated.

QURL stands for Quantum URL. It is a cryptographic, time-limited access link that hides a server's real address behind identity verification. QURLs are single-use credentials that self-destruct after access or expiration — eliminating persistent URLs that can be scraped, shared, or replayed. Try the interactive QURL Playground at layerv.ai/qurl/playground.

Back to Blog

March 7, 20264 min read

The White House Just Told Everyone What We've Been Saying for Two Years

The White House released its national cyber strategy with initial access denial as explicit policy. Here's what it means for cloud security teams and why infrastructure invisibility is now a national priority.

Justin PoseyCo-Founder & CEO, LayerV

White HouseCyber StrategyInitial Access DenialNetwork HidingOpenNHP

Server racks with the White House in the background, illustrating the intersection of federal cybersecurity policy and infrastructure protection

Yesterday the White House released "President Trump's Cyber Strategy for America" — seven pages that amount to the federal government finally admitting what should have been obvious: you can't keep getting punched in the face and call your ice pack a strategy.

The document lays out six pillars, but the one that matters most is this: deny adversaries initial access. Not detect them faster. Not respond more efficiently after your data is already in a Telegram channel. Deny them the ability to see your infrastructure in the first place.

I co-authored the Cloud Security Alliance's OpenNHP specification — the standard LayerV is built on. I've spent two years in rooms explaining to smart, well-funded security teams that their entire defensive posture assumes attackers have already mapped their infrastructure — and that this assumption is a choice, not an inevitability. The polite nods I used to get have turned into phone calls. Yesterday's strategy is why.

What Actually Matters in This Document

Six pillars. I'll save you the policy-speak on the ones that are table stakes (talent pipelines, interagency coordination, quantum readiness) and focus on the three that should change how you operate:

1. "Shape Adversary Behavior" is a euphemism for going on offense

The strategy calls for using defensive and offensive capabilities to confront threats before breaches occur, with private industry as a direct partner in disrupting adversary infrastructure. This is not the government asking you to file more incident reports. This is the government saying the kill chain starts at reconnaissance — and they want help cutting it there.

2. Initial access denial is now explicit national policy

The document doesn't just mention it. It's threaded through multiple pillars. The exact words:

"We must detect, confront, and defeat cyber adversaries before they breach our networks and systems."

If your security model begins at detection, you're starting too late.

(Worth noting: offensive postures carry real escalation risks, and thoughtful implementation matters. But the directional shift is significant and overdue.)

3. Private sector companies aren't compliance subjects anymore — they're operational partners

The strategy envisions incentive structures for companies that help disrupt threats at scale. If you're building security technology that removes attack surface rather than monitoring it, you're now aligned with national strategy. That's not nothing when your CISO is justifying budget.

A Direct Note for Cloud Teams

If you're running workloads on AWS, Azure, or GCP, this strategy is talking about you specifically — even if it doesn't name you. Your cloud environments expose attack surface through public endpoints, discoverable services, and security group configurations that scanners can inventory in seconds. Every open port is an invitation. Every DNS record is a map coordinate.

The old model was: expose services, then protect them. The new national direction is: don't expose them at all unless someone has proven they should see them.

If that sounds impractical, it's because you haven't seen it done well yet.

Where LayerV Fits

I'm not going to pretend we built LayerV because we predicted this White House strategy. We built it because the math was obvious. Scanning the entire IPv4 space takes under an hour. Attackers enumerate your infrastructure before your SOC has finished their morning standup. The only durable response is to make your infrastructure invisible to anyone who hasn't authenticated first.

Exposed infrastructure with visible attack surface on the left versus cryptographically dark infrastructure on the right — the core shift from detection to denial

That's what LayerV does. Using the OpenNHP standard, we make cloud resources cryptographically dark — no open ports, no DNS records, nothing for scanners to find. When an authorized user authenticates through your existing identity provider (Okta, Entra ID, whatever you already have), the connection materializes. Everyone else sees... nothing.

Our design partners in regulated industries have gone from thousands of discoverable endpoints to effectively zero, with zero performance hit and no rip-and-replace.

If that sounds like what the White House just described as national cybersecurity strategy, it's because it is.

What to Do Next

Read the strategy. It's seven pages and refreshingly direct — full PDF here.

Then ask your team a simple question: How many of our services are visible to people who have no business seeing them?

If the answer makes you uncomfortable, we should talk.

See how infrastructure invisibility works→Try the QURL Playground — make a resource invisible in seconds→Schedule a 15-minute demo→

Justin PoseyCo-Founder & CEO, LayerV

What Actually Matters in This Document#

1. "Shape Adversary Behavior" is a euphemism for going on offense#

2. Initial access denial is now explicit national policy#

3. Private sector companies aren't compliance subjects anymore — they're operational partners#

A Direct Note for Cloud Teams#

Where LayerV Fits#

What to Do Next#