Press Release

CloudPassage Halo Now in Solution-Specific Packages

Halo Protect, Halo Segment, Halo Detect Offer Cost-Effective Entry to Workload Security

San Francisco, CA , August 23, 2016

CloudPassage today announced new packaged offerings for CloudPassage Halo to more cost-effectively address enterprises’ need for workload security. Award-winning CloudPassage Halo is now comprised of three packages–Halo Protect, Halo Segment and Halo Detect–which can be purchased separately or in any combination to provide workload protection, microsegmentation, compromise detection, compliance, DevSecOps and AWS EC2 security. At one-third the full platform pricing, the new packages provide enterprises with a more cost-effective entry point to workload security and the flexibility to add fully integrated functionality as the need arises.

“While most of our customers eventually use the full range of security controls in CloudPassage Halo, many are initially looking for a more tailored solution to a specific security problem,” said Jack Marsal, Product Marketing Director, CloudPassage. “These solution-focused packages allow enterprises to address their most acute security problem in the most cost-effective manner while giving them flexibility to add a broader range of security controls as their security needs evolve. Customers can evolve their security systems and posture at the pace which is right for them.”

The new CloudPassage Halo packages are designed to meet specific security challenges:

Halo Protect reduces the software attack surface of workloads by ensuring proper security configuration, discovering software vulnerabilities, and controlling administrative access

  • Configuration Security Monitoring (CSM) automatically monitors operating system and application configurations, processes, networks services, and privileges and compares them to the latest policies and standard industry benchmarks.
  • Software Vulnerability Assessment (SVA) automatically scans servers and cloud workloads to check for software vulnerabilities and to maintain continuous exposure awareness in the cloud and across all environments.
  • Server access management lets IT security managers monitor, audit and evaluate account access and privileges of all servers in any operating environment though a single online management console.

Halo Segment  reduces the network attack surface through traffic discovery, host firewall orchestration, and multi-factor network authentication.

  • Traffic discovery and visualization lets IT security managers visualize the IP connection patterns and listening ports of workloads and servers, both between Halo-protected systems as well as connections to and from remote systems. This makes it easy to create dynamic firewall policies that prevent unwanted lateral movement of threats.
  • Workload firewall management lets IT security managers easily deploy and manage dynamic host firewall policies across all environments. Policies are based on the server tags, not the IP addresses, so changes to host firewall tables are made automatically as new servers are added, retired, or as IP addresses change.
  • Multi-factor network authentication lets IT security managers keep server ports and IP addresses hidden and secure while allowing temporary on-demand access for authorized users.

Halo Detect alerts you if any of your workloads have been compromised by monitoring whether important files have changed and by monitoring important server log files.

  • File Integrity Monitoring (FIM) protects cloud server integrity through constant monitoring for unauthorized or malicious changes to important system binaries or files.
  • Log-based Intrusion Detection (LIDS) continuously monitors key server log files for suspicious activity that could indicate misuse, misconfiguration or compromise.

Additional details specific to CloudPassage Halo solutions can be found at

CloudPassage Testimonials

“Xero moved to a Security-as-a-Service model based on three principles: repeatable security automation, security at speed, and security on-demand,” said Aaron McKeown, Lead Security Architect, Xero. “CloudPassage Halo fits those principles, and for workload protection, we’ve mandated that Halo be included with every new EC2 instance we deploy. This has enabled our hundreds of developers to securely build and release over 800 new features last year alone.”

“Qualpay has been using CloudPassage for two years, primarily to monitor our servers for compromise detection,” said Todd Troutman, System Administrator, Qualpay. “Halo has become critical to our PCI compliance posture. With Halo, we can rapidly meet new PCI requirements as well as new interpretations of existing requirements. We’ve recently started leveraging CloudPassage Halo’s traffic discovery and visualization functions in order to microsegment workloads and add visibility.”

“Consensus Corporation chose CloudPassage for initial use in compliance,” said Dmitriy Dunavetsky, Director of Information Security, Consensus Corporation. “We were first focused on finding a solution that was easy to use and automated. We also wanted to make sure our decision was future-proofed for our evolving security needs. CloudPassage was the only automated, on-demand security platform we found that provided a broad range of security controls for compliance as well as workload protection, microsegmentation, compromise detection and DevSecOps and could work on any infrastructure.”