Halo Platform Features

Cloud Security Platform Features: Everything you need to secure your cloud workloads, containers, and IaaS assets in a unified cloud computing security platform.

Access

Enterprise Access Model

Key use cases

Provide an access model for users to log into Halo with visibility limited to only the assets they are responsible for, based on organizational business units, applications, or projects.  

Allow users to participate in one or more groups depending on the different applications for which they may have responsibility.

How it works

Halo administrators create groups representing their desired organizational model, in a hierarchical structure and assign users to one or more groups. 

A user’s group assignments are referred to as their group scope. When adding assets to monitor, assets are configured to be automatically placed in the appropriate group. 

When users login, Halo limits the users’ visibility to assets within their group scope. API clients adhere to the same model.

Related Features

All.

Policies Used

No policy required.

Role-based Access Control

Key use cases

Provide varying levels of permissions to any given user based on their role.

How it works

Halo has predefined user rules including Site administrator, group administrator, standard user, and auditor. Users are assigned to any one role, and the permissions for that role are in effect for the user’s group scope when they are logged in. 

Site administrators have permissions to administer all aspects of Halo at the highest level, and they have administrative control to all monitored assets and users. 

Group administrators have administrative permissions to make changes and manage users, only within their assigned group.

Standard users have some ability to make changes to policies but no ability to make administrative changes such as managing users.

Auditor users have read only permissions within their assigned group scope.

Related Features

All.

Policies Used

No policy required.

Enterprise-class Authentication

Key use cases

Go beyond username and password authentication for user access to Halo. 

Configure password requirements, multi-factor authentication (MFA), and single-sign on (SSO). 

Restrict access to Halo to specific IP addresses such as the corporate network. 

Require browser fingerprinting, idle timeouts, and temporary lockouts based on failed login attempts.

How it works

Halo Site administrators can configure authentication settings that apply to all users in their organization. 

They can set the password strength requirements and MFA using TOTP, SMS, or Yubikey, and configure SSO with any SAML provider such as Okta, Ping, and OneLogin. SSO can be marked as required so that there is no other way to login.

Site administrators can specify the IP addresses from which users can login. Users’ browsers are fingerprinted on login, and an email based authentication is sent to the user in case they login from a new browser within 30 days.

If the administrator has required MFA and specified which MFA types are allowed, all users are seamlessly enrolled on their first login.

All changes to authentication settings and user activity are logged in the Halo event stream as audit events.

Related Features

All.

Policies Used

No policy required.

Halo Activity Auditing

Key use cases

Ensure that all user and API client activities are recorded for compliance and auditing purposes.

Retrieve historical information about Halo user logins, updates to settings, policy changes, and other activities.

How it works

Halo administrators can specify which activities in Halo should be logged by using the Halo audit policy in Site Administration. Most activities are default set to log.

Site administrators can customize these settings and even specify whether certain events should be alertable.

Halo logs events according to the audit policy, and users can view the audit events in the Halo event viewer.

Related Features

Not applicable.

Policies Used

Halo audit policy (Site administration)

Integrations

Bi-directional REST API

Key use cases

Automate security by managing Halo through API. Manage settings, policies, users, and assets to automate management of the application. 

Integrate events to SIEM. 

Integrate issues to downstream reporting and ticketing tools such as Atlassian and ServiceNow. 

Update policies in response to certain events or issues being discovered. For example, certain events may indicate that deeper inspection or a new set of rules is needed.

How it works

Halo’s REST API provides a single API to manage and query any resources in Halo. 

With 30+ API endpoints for issues, events, assets, policies, users, and administration settings, and others, users can write APi scripts to use anything that can be done in the user interface to build any integration or automation they need.

API clients need only authenticate once and can use any endpoint until their token expires in 15 minutes before reauthorizing.

Related Features

All.

Policies Used

No policies required.

CD Pipeline Integration

Key use cases

Scan images in continuous integration pipelines to reduce software vulnerabilities before reaching production.

Fail or pass image builds based on the results, preventing container images from being committed to repositories; or preventing virtual machine images from being approved for use until issues are remediated.

How it works

The Halo CI connector is used for scanning container images as part of a build pipeline that is on a continuous integration (CI) platform, such as Jenkins or Travis-CI. The connector is packaged as an ad-hoc container and executed on-demand as a step in the CI build process pipeline. 

The Halo CI plugin is a plugin to Jenkins that permits vulnerability and configuration scanning of Docker images at build time. Using the plugin allows developers to check container images once the build is complete, so they can decide whether to fail the build or push the built image to a trusted registry.

Related Features

Not applicable.

Policies Used

No policies required.

Halo API software developer's kit (SDK)

Key use cases

A python SDK which facilitates developing against the Halo API.

What it does

Simplifies API interactions for integration and automation.

How it works

An object representation of data and functionality in the Halo API managing things like pagination and other operations to make working with the Halo API easier.

Related Features

All.

Policies Used

No policies required.

Halo CD pipeline SDK

Key use cases

A set of libraries which facilitates integrating Halo into the Continuous Delivery pipeline.

What it does

Facilitates security testing in CD pipeline

How it works

An object representation of data and functionality in the Halo API managing things like pagination and other operations to make working with the Halo API easier.

Related Features

All.

Policies Used

No policies required.

Central Management

Customizable Policy Interface

Key use cases

Leverage predefined policy templates to achieve security and compliance use cases. 

Start with one of over 150 policy templates for various types of assets, operating systems, and applications and customize to your specific need, or create and apply new policies from scratch. 

Manage configuration, integrity, and log inspection policies from a single, unified interface. 

Audit which policies are assigned to which assets, backup and reapply policies by exporting and importing policy JSON to git or another code repository.

How it works

Halo provides a unified policy management interface for all policies in Halo. Policies are grouped by use cases including compliance, file integrity, and log inspection. 

From this interface, users can quickly clone, customize, and assign policies, or create policies of their own.

Related Features

Not applicable.

Policies Used

No policies required.

Centralized Microagent and Collector Management

Key use cases

Upgrade deployed microagents, manage connections to IaaS accounts, and control registry connectors from a central location.

How it works

Because of the lightweight nature of the Halo microagents which can have inspection code delivered by the Halo Portal, they rarely require upgrade. But in some cases microagents may need to be upgraded. Rather than autoupgrade into customers’ immutable environments, Halo allows administrators to trigger upgrades centrally from the Halo Portal. 

Halo micro-agents require upgrading less than twice per year and frequently outlive their server host, making upgrades rarely needed.

In addition, connections to IaaS accounts and registry connectors are centrally managed in one location in the Portal, to allow quick and easy management of these data collection mechanisms.

Related Features

Not applicable.

Policies Used

No policies required.

Unified Views and Inventories

Unified Cloud Asset Inventory

Key use cases

Maintain an inventory of all cloud infrastructure assets supporting your applications.

View summarized data for more than 30 types of IaaS assets across cloud providers in a single interface.

Filter and drill down to specific asset categories by using contextual criteria such as specific IaaS accounts, regions, and tags.

Quickly find any asset based on its IaaS provider ID.

How it works

Halo provides a unified view of all monitored assets, starting with Overview dashboards summarizing data across IaaS resources, server, and container assets.

Users can drill in to get detailed inventories of all assets and filter by various criteria depending on the need. Extensive search capabilities with 40+ data attributes can be combined into powerful inventory views that can be saved for repeated use. Includes server metadata and user-defined tags for AWS, Azure, GCP, and OpenStack. Halo scales to 100’s of thousands of workloads without requiring customers to scale or manage any additional infrastructure as they continue to grow.

In a single location, users can get inventories of virtual machine instances, storage buckets, serverless functions, or any other kind of monitored asset.

Related Features

Not applicable.

Policies Used

No policies required.

Unified View of Security and Compliance Issues

Key use cases

View and maintain complete visibility to all security and compliance issues related to any kind of cloud asset.

View summarized data of issues about more than 30 types of cloud assets across cloud providers in a single interface.

Filter and drill down to specific issues types or categories by using contextual criteria such as specific IaaS accounts regions, and tags. 

Integrate downstream reporting to Halo’s unified issues for a single source of all cloud infrastructure security and compliance issues.

How it works

Halo centralizes and provides a unified view of issues from all monitored assets, starting with Overview dashboards summarizing data across IaaS resources, server, and container assets. 

Users can drill in to get details of issues belonging to particular types of assets and filter by various criteria depending on the need. Extensive search capabilities with 40+ data attributes can be combined into powerful views that can be saved for repeated use. Includes server metadata and user-defined tags for AWS, Azure, GCP, and OpenStack.

In a single location, users can get issues for any kind of monitored asset.

A single API endpoint is provided which can be similarly filtered to provide issue routing to various downstream tools depending on the nature of the issue, affected assets, owners, and other criteria.

Related Features

Not applicable.

Policies Used

All.

Notifications

Contextual Alerting

Key use cases

Target users for email alerting based on criticality of the issue and owner of the asset.

Configure alerts for immediate delivery or batch alerts into time based intervals based on issue criticality and needs of the target user.

How it works

In Halo, assets and users are assigned to groups representing a business unit or project team. 

Administrators can define alert profiles which determine the users of any group that should receive alerts for issues reported about the assets in that group. Distinct profiles can also be created for critical or non-critical issues. 

Alert frequencies can also be set based on these criteria. When an alertable finding occurs for a monitored asset, Halo determines the asset’s group owner, looks up the alert profiles assigned to that group, and sends email alerts according to the specifications in the alert profiles. 

Policy rules and CVE criticality settings determine whether or not any given control will result in an alertable finding.

Related Features

Not applicable.

Policies Used

All policies have settings which govern whether any given control will result in an alertable finding.

Tag-Based Filtering

Key use cases

Filter the unified views of assets and issues based on tags assigned to the assets in their IaaS account. 

Get assets and issues based on the business context of the assets, such as asset sensitivity, compliance requirements, ownership, application, and other criteria. 

Produce asset inventories based on tags so that you can instantly get all assets with compliance=pci, for example. Or, obtain all CVEs affecting servers with tag environment=production.

How it works

Halo Cloud Secure retrieves tags as part of the IaaS inventory, and integrates it into the Halo asset inventory. 

This data is correlated to Server Secure agents, which do not have visibility to tags, so that customers can filter for in depth server issues such as CVEs and configuration issues by the tags assigned to the corresponding virtual machine. 

Users can filter both the unified issues and unified assets interfaces for data based on tags.

Related Features

Requires Cloud Secure.

Policies Used

No policies required.