Request early access through our website. We'll schedule a 30-minute call to understand your environment, then provision a dedicated LayerV tenant connected to your Okta org. Most pilots protect their first resource within 24 hours.

Proxy mode deployments take less than an hour—just a DNS change and Okta app configuration. Sidecar agent deployments (coming soon) for EKS/ECS take 2-4 hours including testing. Full enterprise rollouts typically complete within 1-2 weeks.

You need an Okta tenant (any tier), AWS infrastructure you want to protect, and admin access to configure DNS. No agents are required for proxy mode. We provide guided setup with our team.

Pricing is based on the number of protected resources and monthly active users. We offer pilot programs at no cost to qualified organizations. Contact us for a custom quote based on your environment.

All plans include email support, documentation, and access to our engineering team during onboarding. Enterprise plans include dedicated Slack channel, 24/7 support, and a named customer success manager.

Yes. We offer a 30-day pilot program where you can protect up to 3 resources at no cost. This includes full functionality and onboarding support from our team.

LayerV integrates natively with Okta via SAML 2.0 or OIDC. We support Okta Device Trust for device posture verification, Okta Groups for access policies, and Okta System Log for unified audit trails. Setup takes minutes through our guided configuration. Learn more about our Okta integration.

LayerV can protect any AWS resource including ALB/NLB endpoints, API Gateway, EC2 instances, EKS clusters, RDS databases, and internal tools like Jenkins, Grafana, and admin panels. Our proxy mode requires only a DNS change.

No. Proxy mode is completely agentless—users authenticate via their browser with Okta SSO. For advanced use cases like SSH access or non-HTTP protocols, we offer an optional lightweight agent.

Our primary focus is Okta integration, but we're actively expanding support. If you use Azure AD, Google Workspace, or another IdP, contact us at info@layerv.ai—we'd love to discuss your use case and timeline.

While we're optimized for AWS infrastructure today, LayerV can protect any internet-accessible resource. If you're on Azure, GCP, or on-premises infrastructure, reach out to info@layerv.ai to discuss your environment.

LayerV uses the cryptographic primitives defined in OpenNHP: Elliptic Curve Cryptography (ECC) for efficient public key operations, and the Noise Protocol Framework for secure key exchange and mutual authentication—the same framework used by WhatsApp and WireGuard.

No. Each knock includes a cryptographic timestamp and nonce. The Controller maintains a sliding window of seen nonces and rejects replays. Stale packets are automatically rejected.

Even if an attacker knows the URL, they cannot connect. All ports remain closed until a valid cryptographic knock is received. Port scans return nothing. The infrastructure is invisible at the network layer. Try our interactive demo to see this in action.

LayerV Controllers are deployed in high-availability clusters across multiple AWS availability zones. If a controller becomes unavailable, requests automatically failover to healthy nodes with no user impact.

Knock-to-access latency is under 50ms (p99), faster than typical VPN handshakes (100-300ms). Once connected, traffic flows directly with negligible overhead. Users don't notice any difference.

Failed knocks are silently dropped—attackers receive no response, maintaining invisibility. After configurable thresholds, source IPs can be temporarily blocked. All attempts are logged for security analysis.

VPNs encrypt traffic but still expose server IPs to the internet—attackers can find and probe your VPN endpoints. LayerV hides your infrastructure entirely. There's nothing to scan, nothing to attack. Plus, no client software required for web applications. See how LayerV works.

ZTNA solutions like Zscaler and Cloudflare Access control access at the application layer, but your infrastructure is still visible and scannable. LayerV operates at the network layer—ports don't open until after authentication. It's a complementary layer, not a replacement.

LayerV eliminates direct DDoS attacks against your infrastructure—you can't attack what you can't find. However, LayerV doesn't provide WAF functionality (SQL injection, XSS filtering) for your applications. We recommend using LayerV for infrastructure invisibility alongside a WAF for application-layer protection.

OpenNHP (Network Hiding Protocol) is an open standard developed by the Cloud Security Alliance. It defines cryptographic protocols for "authenticate first, connect second" networking. LayerV is a commercial implementation with enterprise features. Learn more about OpenNHP and open source.

Yes. LayerV provides identity-based audit logs for every connection, supporting SOC 2, HIPAA, PCI-DSS, and other frameworks requiring access logging and least-privilege controls. Every connection is attributed to a verified identity, not just an IP address.

We're currently pursuing SOC 2 Type II certification. Contact us for our current security documentation, including our security whitepaper and architecture overview.