Server Secure is the cloud workload protection platform (CWPP) service of the Halo cloud security platform. It automates security and compliance management for Linux and Windows servers across any mix of public, private, or hybrid cloud hosting environments.
In a matter of seconds, Halo Server Secure addresses the new security and compliance demands of cloud-hosted servers and workloads—opening the door to fast, consistent, automated remediation workflows.
Server Secure’s CWPP capabilities establish and maintain cloud workload protection—automatically.
Automatically discovers, interrogates, and inventories servers including, cloud workloads, virtual machines, and bare metal
Detects vulnerabilities in operating systems, software configurations, unpatched software, access privileges, security controls, network services, authorized and unauthorized server components, and more
Monitors cloud-hosted servers, virtual machines, bare metal, and software to detect new vulnerabilities and exposures introduced by innocent changes or malicious activity
Immediately delivers vulnerability and exposure issues to system owners via REST API and message queues—see list of integrations
Provides detailed issue evidence and remediation guidance, automatically detecting and reporting resolved issues
Automatically detects server-level intrusions through log monitoring, file and system integrity monitoring and IoT/IoC detection
No static rulesets that change without notice with Halo’s CWPP capabilities—unlike the alternatives. Server Secure provides comprehensive policy and rule templates along with very easy, flexible policy management features.
When rules are applied, the raw data collected from servers, manual auditing instructions, rationale for best-practices, and explicit remediation guidance are delivered alongside every rule.
Security and compliance rules across a wide variety of pre-built policies for common best practices and standards
A wide variety of analysis checks for Linux and Windows servers to build sophisticated security and compliance rulesets
87 configuration security policies, 28 file and registry integrity monitoring policies, 21 automated event collection and inspection policy templates
Every policy and rule can be customized for specific company, business unit, and application standards by approved administrative users
Import existing rules and policies—or export versions you have defined in Halo—as JSON, via the Halo portal or REST API
When CloudPassage releases new content, just copy new rules you need into your existing policies—no need to start over
Implement version control and manage policy distribution and updates with tools like git using the Halo REST API
Restrict policy visibility and management to specific business units or application teams without risk of affecting others
Policies can be “stacked” and enforced hierarchically—so common “base” rulesets can be combined with environment-specific rules with ease
Server Secure is completely environment-agnostic, so you can automate security and compliance management into a single platform that supports servers across any mix of public, private, hybrid, and multi-cloud deployments. Halo’s CWPP manages server security and compliance anywhere, at any scale, with consistency and confidence.
Designed to handle ephemeral workloads, auto-scaling operations, and the long-term growth of your server fleet
Scales from less than 12 servers to over 150,000 with a single Halo account without any additional hardware or software to deploy and manage
Consolidates server security into a single, easily-managed 2 MB microagent with many powerful CWPP functions so you can remove multiple bloated agents from servers
Automates to foster better collaboration, faster issue communication, and dramatically reduce remediation times
Automatically communicates critical server issues to application owners as they are discovered for proactive, automated response to exposures, threats, and compliance issues
Consolidates all security and compliance data in one place, from server population to configuration findings to remediation records
Provides a non-tamperable record of technical and operational compliance for your cloud workload and servers
For Server Secure, CloudPassage completely reinvented the architecture for agent-based server security so you get the powerful capabilities of an agent without the overhead costs of system impact and difficult management.
Server Secure’s patented distributed architecture provides maximum security power with minimum server impact. The architecture’s extreme scalability and dynamic operation allow it to keep up with rapid changes in the most dynamic of cloud implementations.
A lightweight 2MB software sensor that delivers all Server Secure features
No additional software to install and manage such as the massive Java runtimes of other agent-based solutions
Requires no network configuration changes
All communications from agent are outbound via a command and control protocol
Exposes no management or communication interfaces and is not network accessible to reinforce security
Ensures message authenticity, confidentiality, and integrity with layers of patented cryptographic control enabled at the payload and network level
Automatically assesses every microagent hourly to proactively detect signs of tampering
One for Linux-based kernels, one for Windows-based kernels—not dozens for every OS distribution and version like other products
New Halo CWPP functionality is deployed in the Halo cloud and automatically “picked up” by microagents when activated by the user
Updates are automatically integrated via the Halo portal or the Halo API—or pre-scheduled to occur in the change window of your choice
Less than thirty seconds to register new microagents
Full inventory, interrogation, assessment, and instrumentation for ongoing monitoring in less than ninety seconds
A powerful computing environment based on a high-performance and very scalable containerized microservice architecture
A convenient “single pane of glass” to manage all Halo CWPP capabilities
All Server Secure functions are available through the comprehensive CloudPassage REST API and SDK to build security and compliance into operations instead of bolting security on after the fact.
The Halo API is used to automate microagent deployment, integrate with other tools, or create new management tools.
All security data is available via JSON for easy consumption by downstream tools like SIEM, SOAR, GRC, operational workflow tools.
Microagents can be deployed by Chef, Puppet, Bash, and other common tools, by using included deployment automation scripts.
Microagents can be pre-configured and built into server images (e.g. AWS, AMIs) so security and compliance capabilities activate when your servers do.
All Server Secure capabilities can be leveraged in CD pipelines using a Jenkins-native plugin.
A CI/CD SDK enables advanced integration with any CI/CD orchestration tool.
Many cloud security “suites” are mashups of old technology that require separate licensing, deployment, administration, and maintenance. Some even require that you purchase their legacy technologies or additional features that should be included to make their “next-generation” technology operate. Unlike “free” IaaS provider tools that don’t provide parity in their competitors’ clouds, Halo works across CSPs.
Halo was designed from the ground up to be a truly unified solution. The Halo Cloud Workload Protection Platform (CWPP) service uses the same API connectors, microagents, console, API, policy engine, data model, and analytics engine as our Cloud Security Posture Management (CSPM) and Container Security services.