Unified Cloud Security Platform

CloudPassage Halo is a unified cloud security platform that automates cloud computing security controls and compliance across servers, containers, and IaaS in any public, private, hybrid, and multi-cloud environment. Halo’s extensive automation capabilities streamline and accelerate workflows between InfoSec and DevOps.

Everything You Need To Make Cloud Computing Security Fast, Automated, Scalable, And Cost-effective

A Single

Automates asset inventory, vulnerability assessment, security posture management, threat detection, network security, and continuous compliance.

A Single

Supports all cloud computing components including IaaS, servers, and containers deployed in any mix of public, private, hybrid, and multi-cloud environments.

A Single

All capabilities purpose-built for the cloud, built into the stack by design, and fully integrated with an automation-first objective—nothing was repurposed.

Unified Control Automation

CloudPassage Halo unifies and automates all of your cloud computing security and compliance controls across your cloud infrastructure, cloud servers, and containers. Over 20,000 pre-configured rules and more than 150 policy templates cover standards such as PCI, CIS, HIPAA, SOC, DISA STIGs for IaaS services, virtual and bare-metal servers, containers, and Kubernetes environments.

Cloud Asset Inventory and Discovery

Automates continuous inventories including asset discovery, interrogation, and ongoing updates as assets are added, moved and changed

Vulnerability & Exposure Management

Evaluates your IaaS, server, and container assets to identify risks in configurations, administrative access, and vulnerable software packages

Continuous Cloud Security Monitoring

Monitors changes and activities that can impact your cloud security posture and risk to ensure your cloud environments remain in a strong survivable state

Threat & Compromise Detection

Automatically detects intrusions through log monitoring, file and system integrity monitoring and IoT/IoC detection


Microsegmentation & Network Traffic Monitoring

Assesses cloud network security posture, orchestrates server microsegmentation, and visualizes workload network traffic

Continuous Compliance Management

Uses common industry compliance standards to continuously assess your cloud for deviations and enable faster, automated remediation

Cloud Computing Security for Any Mix of Environments

Halo was built to provide cloud computing security across any mix of public, private, hybrid, and multi-cloud deployments. The Halo platform operates seamlessly across environments, without requiring multiple product deployments like some products do. Halo even enables workload migration between environments—a critical requirement for lift-and-shift projects.

Public Cloud

Halo supports cloud computing security and compliance in any cloud environment, including AWS, Azure, and GCP.


Halo unifies cloud computing security and compliance across AWS, Azure, and GCP environments.


Halo unifies cloud computing security and compliance across public clouds, private clouds, and data centers.

Private Cloud

Halo provides cloud computing security in your private cloud just as it does the public cloud.

cloud computing security platform
* All Fidelis CloudPassage Halo services, including Halo Cloud Secure, Halo Server Secure, and Halo Container Secure, support all international AWS, GCP, and Azure regions.

Three Unified Security Services on One Platform

Cloud Secure

IaaS Accounts, Services, and Resources

Amazon Web Services
Microsoft Azure
Google Cloud Platform

Learn More

Server Secure

Linux and Windows Servers

Cloud server instances
Containerized servers
Virtual machines
Bare-metal hosts

Learn More

Container Secure

Docker and Kubernetes

Docker hosts
Kubernetes clusters
AWS: ECS, EKS, ECR, Fargate
Azure: ACI, AKS, ACR

Learn More

Unified Management Across IaaS, Servers, and Containers

Bi-directional REST API​

  • Comprehensive, bi-directional REST API for every Halo function
  • Developer SDK and toolkit
  • Halo plugin for Jenkins and CD pipeline SDK
  • Automatic ingest of IaaS metadata, including user-defined tags

Centralized Management and Security​

  • Single sign-on ready (SAML 2.0)
  • Unified, hierarchical enterprise modeling and asset management
  • Immutable auditing of Halo user and API activities
  • Central microagent & connector management

Control Management​

  • Unified asset, policy, issue, and event management
  • Extensive user-configurable controls for Halo access
  • Policy management tools including user-owned rule libraries, policy cloning, "stackable" policies, policy management APIs

Dashboards and Alerts

  • Single pane of glass
  • Configurable alerts for critical events & findings
  • User-configurable dashboards (extensive filtering and sorting, field selection, customer-defined views)

Cross-Service Platform Features​


Enterprise access model

Role-based access control

Enterprise-class authentication

Halo activity auditing


Bi-directional REST API

CD Pipeline Integration

Halo API software developer's kit (SDK)

Halo CD pipeline SDK

Central management

Customizable policy interface

Microagent and collector management

Unified views and inventories

Cloud assets

Security & compliance issues

Asset-related events


Contextual alerting

Tag-Based Filtering

To Learn More About Cloud Security

TAG Cyber Enterprise Buyer's Guide for Cloud Security

Use the TAG Cyber Buyer’s Guide to help determine the right cloud security solution for your organization.

Cloud Workload Security ebook

Explore four key requirements that are critical to cloud workload security

API-level Connectivity and Control for IaaS and PaaS

Learn the value of and what you can accomplish with the comprehensive Halo REST API