CSPM (Cloud Security Posture Management)
with Cloud Secure

Cloud Secure is the cloud security posture management (CSPM) component of the Halo cloud security platform. It automates security and compliance management for critical assets hosted in public clouds, both as a standalone service or in concert with Halo’s server and container security capabilities.

Cloud Secure Automates Security and Compliance Workflows in AWS and Azure

In just minutes, Halo Cloud Secure gives you full visibility into the security and compliance posture of your entire cloud environment and opens the door to fast, consistent, automated remediation workflows. Cloud Secure is the means to establish and maintain a strong IaaS security posture—automatically.

CSPM cloud-secure-lg-icon

DISCOVERY AND INVENTORY

Automatically discovers and inventories dozens of IaaS services and resources for comprehensive infrastructure visibility

AUTOMATED ASSESSMENT

Assesses cloud accounts, services, configurations, and resources for adherence to security and compliance best-practices with pre-built rules

ONGOING MONITORING

Monitors cloud accounts, assets, and events to detect security and compliance risks introduced by innocent changes or malicious activity

DEVOPS WORKFLOW
INTEGRATION

Immediately delivers risk issues to system owners via REST API and message queues—see list of integrations

REMEDIATION
GUIDANCE

Provides detailed issue evidence and remediation guidance, automatically detecting and reporting resolved issues

Comprehensive, Flexible CSPM Policies and Rules

No static rulesets that change without notice with Halo’s CSPM capabilitiesunlike the alternatives. Cloud Secure provides comprehensive policy and rule templates along with very easy, flexible policy management features. 

When rules are applied, the raw data collected from IaaS APIs, manual auditing instructions, rationale for best-practices, and explicit remediation guidance are delivered alongside every rule.

checklist check

18,000 PRE-DEFINED RULES

Security and compliance rules that support over 50 IaaS assets you simply clone into your Halo environment for use and assignment

BEST-PRACTICE STANDARDS

Library of policies and rules based on Center for Internet Security (CIS) benchmarks and support for PCI, HIPAA, SysTrust/SOC 2, and more

CUSTOMIZABLE

Every policy and rule can be customized for specific company, business unit, and application standards by approved administrative users

IMPORT AND EXPORT

Import existing rules and policies—or export versions you have defined in Halo—as JSON, via the Halo portal or REST API

EASY UPDATES

When CloudPassage releases new content, just copy new rules you need into your existing policies—no need to start over

VERSION CONTROL

Implement version control and manage policy distribution and updates with tools like git using the Halo REST API

GROUP-BASED ASSIGNMENTS

Restrict policy visibility and management to specific business units or application teams without risk of affecting others

Improved Communications between Security and Application Owner

Cloud Secure delivers truly actionable data in truly actionable ways. Our CSPM automatically aggregates, normalizes, correlates, and enriches data from cloud service provider metadata (including user-defined tags) across different IaaS providers, delivering seamless functionality and intelligence.

Share your Cloud Security Posture Management Data in a variety of ways.

CSPM improved-communication-icon

JSON

All data available via JSON for easy consumption by downstream tools like SIEM, SOAR, GRC, operational workflow tools

REST API AND SDKS

All functions available to your custom integrations, our off-the-shelf integrations, or to open-source integration code

FLEXIBLE DATA DELIVERY

Mobilize Halo intelligence however your ops team wants it—emails, CSV exports, Reports, message queue delivery

DATA SEGMENTATION AND QUERY

Combine and stack 34 data features into sophisticated operational and workflow views for seamless communications

How Halo Cloud Secure's CSPM Works

Halo Cloud Secure uses lightweight API connectors to your cloud providers’ native APIs to discover, inventory, assess, and monitor cloud assets for issues related to security and compliance posture.

API connectors automatically collect and stream data to the efficient, transparently scalable Halo cloud, which analyzes the data for security and compliance.

CSPM how it works

LIGHTWEIGHT - MINIMAL IMPACT

The API is lightweight and designed to have little to no impact on your environment—like all Halo sensors.

NOTHING MORE REQUIRED

No deployment and management of additional compute or data resources are required.

EASY IMPLEMENTATION

Simply configure Cloud Secure with read-only IaaS access and all the rest is automated.

NO NETWORK CHANGES

API connectors are proxy-aware and require no changes to your network environment.

FINE-TUNE FREQUENCY

Continuous monitoring can be fine-tuned by asset type, to optimize IaaS platform API resources.

Sail through Compliance Audits Successfully, Easily, Quickly

Halo’s CSPM component makes your IaaS audits faster, easier, more successful, and less frustrating.

REAL-TIME COLLABORATION

InfoSec and system owners can address compliance problems as they’re discovered, not during an audit or last-minute fire drill.

ONE PLACE FOR ALL DATA

Halo puts all compliance data in one place, from cloud asset population to configuration findings to remediation records.

SINGLE RECORD OF TRUTH

Halo Cloud Secure provides a non-tamperable record of technical and operational compliance for your IaaS environments.

EASY ACCESS FOR AUDITS

All data is easy to query, export, and report on for auditors via the Halo UI or the Halo API for compliance audits.

SAVE TIME AND EFFORT

DevOps and InfoSec won’t lose time trying to find months-old data or locked in a room explaining technical details.

Extensive Asset and Service Coverage

IaaS

Resource inventory

Resource configuration assessment

Event monitoring

IAM Service

Monitoring inventory

Configuration assessment

Virtual Machines

Image inventory

Instance inventory

Image configuration assessment

Instance configuration assessment

Image software vulnerability assessment

Instance integrity monitoring

Instance event monitoring

Serverless Functions

Inventory

Configuration assessment

Key Management Services

Inventory

Configuration assessment

Infrastructure as Code Services

Inventory

Configuration assessment

Certificate Service

Inventory

Configuration assessment

Network

Inventory

Configuration assessment

Storage Services

Inventory

Configuration assessment

Database Services

Inventory

Configuration assessment

Logging and Monitoring Services

Inventory

Configuration assessment

DNS Services

Inventory

Configuration assessment

API Management Services

Inventory

Web Applications

Inventory

Configuration assessment

Container Services

Registry Inventory

Container Inventory

Registry Configuration assessment

Container Configuration assessment

Purpose-built on the Unified Halo Cloud Security Platform​

Many cloud security “suites” are mashups of old technology that require separate licensing, deployment, administration, and maintenance. Some even require that you purchase their legacy technologies or additional features that should be included to make their “next-generation” technology operate. Unlike “free” IaaS provider tools that don’t provide parity in their competitors’ clouds, Halo works across CSPs.

Halo was designed from the ground up to be a truly unified solution. The Halo Cloud Security Posture Management (CSPM) service uses the same API connectors, microagents, console, API, policy engine, data model, and analytics engine as our Cloud Workload Protection Platform (CWPP) and Container Security services.

checklist-icon

Learn more about the Halo Platform

API-level Connectivity and Control for IaaS and PaaS

Read how the Halo REST API is used to gather data about your cloud assets from your CSP's API

The Five Nastiest Security Mistakes Exposing Public Cloud Infrastructure

The mistakes are common, but easy to fix with with Cloud Secure