We’re happy to announce a CloudPassage Halo update! In this release we’ve focused on simplifying customers’ compliance efforts, deepening integration with Amazon Web Services (AWS) using EC2 metadata, and increasing the accuracy of known software vulnerabilities detection for the Microsoft Windows Server platform. We think that these enhancements will save security and DevOps teams’ time while increasing overall workload security and compliance in any IT infrastructure.
CloudPassage Halo for PCI — Automate credit card detection in log files with just a few clicks
A common PCI compliance challenge for companies handling credit card data is to ensure card numbers are not accidentally exposed in application log files. This common mistake can cause cascading exposures of credit card numbers in downstream reporting tools, and increases the likelihood that the data will get into the hands of fraudsters and other attackers. A best practice to avoid these issues is to inspect code for configuration errors that can lead to data leaks before the application is deployed, but security practitioners must also have a way to detect these data leaks in production. With this latest release of Halo, credit card numbers can be detected in log files simply by checking a box within Halo’s pre-built policies.
Enhanced AWS EC2 and Microsoft Windows support
CloudPassage Halo now integrates with AWS EC2 metadata service. Halo users can now use the AWS EC2 instance identifier (as opposed to hostname or IP address) to identify assets needing further investigation or remediation and communicate those issues to the personnel responsible. For organizations who build new images rather than remediate in place, the AMI ID is provided so that the source image can be flagged for remediation. In addition, assets can be located and more easily organized in Halo by their AWS EC2 metadata attributes.
We’re also providing more accurate detection of known software vulnerabilities for Windows Server platforms. Halo users can receive notifications when Windows server instances are deployed with known software vulnerabilities, continuously monitor for new vulnerabilities, and understand how long vulnerabilities have been present within their environment without being remediated. Detailed reports of vulnerable software on individual servers are also available.