Setting up and configuring a new security product can be overwhelming, so we’ve broken down the top 5 things you can do to get the most value out of Halo, quickly.
1. Apply a CSM core policy from a template to detect common security misconfigurations on your OS
Halo offers out-of-the-box templates to detect common security misconfigurations on your server. These templates were written from best practice guidelines recommended by organizations like CIS and NIST – just one click and you can scan your server group(s) against those standards.
Once you’ve applied a policy, go ahead and run a manual configuration scan against your server groups (takes about one minute). You may have to do some optimization, but this first scan will give you a good idea of what Halo’s configuration security monitoring module is all about.
2. Set up File Integrity Monitoring in just a few minutes using a Halo FIM template
Setting up File Integrity policies will be very similar to how you set up configuration scanning. We provide FIM templates to get you up and running doing things like monitoring critical system files or monitoring privilege escalation. Just clone one of those templates and apply to your server group – again, you may want to tweak or add to the policy, but the template will get you up and running.
Keep in mind you have the ability to set up multiple baselines for your FIM policy – that is, you can have two or more “right ways” a target file can look, in case the servers in your group differ slightly. This is incredibly valuable if you are upgrading, replacing, or patching your servers and you have two generations of servers.
After you’ve applied the policy, run a manual scan on your server group (takes 1-5 minutes) to see the results.
3. Set up firewall policies for your server groups
Now you’ll want to set up firewall policies on your server groups – this should look pretty familiar. Just set up a policy, apply it to a server group, and your servers will be updated with the firewall in about a minute. Halo allows you to automate the configuration and management of fine grain host-based firewall policies for both ingress and egress filtering in any IaaS environment. As you spin up or kill cloud servers, Halo server groups will automatically update the firewall within about a minute.
4. Set up GhostPorts for two-factor authentication access to your servers
GhostPorts allows you to add strong authentication for remote users to any network service on any server running in any cloud environment. This is one of Halo’s most popular, and most unique, features.
We saved the easiest for last – when you installed a daemon on your server(s), a software vulnerability assessment scan was automatically run. This scan will identify published vulnerabilities in installed software packages, even if there is no security patch available from the distribution vendor yet. View the results of the scan to get some quick visibility into the state of your cloud servers.
** Note: This feature is Linux only.
* Bonus: Integrate and automate!
If you are feeling motivated, you may want to check out our integration and orchestration tools up on GitHub, that use our secure API to allow you to easily connect Halo to the tools you already know and love.
- Use the Halo Event Connector to connect with your logging tools like Splunk and Sumo Logic
- Use the available scripts and recipes to connect Halo with your orchestration tools, like Chef, Puppet, and Rightscale
- Do you use something that’s not in this list? Post a request on the community support site and we’ll see what we have cooking. Or go ahead and build it yourself using the Halo API!
With just these five activities, you can gain incredible visibility into your servers and take major steps in securing your infrastructure.
This is only the tip of the iceberg for what you can do to secure your infrastructure – we’ll be continuing this three-part blog post series with “Top 5 Things you should do next with Halo”, and “Top 5 advanced things you can do with Halo”.