Architecture & integrations
Server Secure’s unique architecture enables fast, efficient security automation & orchestration of servers and cloud workloads, anywhere, at any scale.
Server Secure delivers instant visibility and continuous monitoring of workloads (whether physical, virtual machines, or cloud instances) in any combination of data centers, private clouds and public clouds – at speed and at scale.
You can save time and money by integrating the security functions shown below into your CI/CD process, informing developers when server images have vulnerable software or do not have the proper security controls – so they can be fixed before pushing them into runtime environments where exposures are harder and more expensive to fix.
Once servers have been deployed to test and production environments, Server Secure can continuously monitor them and can inform you of new vulnerabilities, configuration drift, compliance violations, and indications that your servers have been compromised.
Security functions for servers:
Software Vulnerability Assessment
Server Secure automatically and continuously scans for known vulnerabilities in software packages installed on your workloads. Workloads are evaluated immediately upon startup, and continuously at predefined intervals thereafter, ensuring that any newly discovered vulnerabilities since the previous scan are discovered without the need to manually schedule scans. Server Secure’s reporting can base prioritization on CVSS score so that analysts will be quickly alerted to the most serious vulnerabilities.
Configuration Security Monitoring
Server Secure is easy to use, containing pre-built configuration policies based on CIS and NIST benchmarks for common operating systems and applications. CSM can enable hundreds of controls, including to:
- Examine your servers for best practice controls such as benchmarks from NIST and CIS, as well as your own organization’s security standards
- Detect configuration drift and tampering
- Whitelist software packages and applications to alert when un-approved software is running
- Confirm applications are running with the correct user context
- Detect elevation of user permissions
- Check configuration files for the correct configuration parameters
- Detect processes opening disallowed ports
- Check for enforcement of password policy
You can also develop your own custom configuration checks using Halo’s built-in policy editor, typically used to assess the configuration of custom-developed applications.
Server Account Management
In order to reduce your attack surface, it’s essential to closely manage who can log into your servers and what functions they can perform. But when you operate in multiple environments such as traditional data centers, public clouds, and private clouds, managing this can become tedious. Utilizing different tools for each environment wastes time and can lead to mistakes.
Server Secure has been purpose-built to solve these problems, allowing you to identify:
- Who has accounts on which workloads
- What privileges they operate under
- How accounts are being used
- Anomalous accounts / those that don’t belong
Server Secure provides a single online management dashboard where you can monitor your workloads in public, private, and hybrid cloud environments. The convenient user interface makes it easy for you to identify accounts that should be removed.
File Integrity Monitoring
Once you have properly configured a workload or server and hardened it against an attack, you need to be alerted if something changes, for example, a file changes, or a user account is added, or an important function (like the firewall) is turned off.
Server Secure lets you:
- Detect unintended or malicious changes to files, directories, and registry keys on monitored hosts
- Automatically compare new workloads to a baseline of the source image
- Continuously scan deployed workload to detect changes
- Define policy templates for supported OS
Log-based Intrusion Detection
It is critically important to monitor log files for unwanted activity; but in modern computing environments, it is common for systems to be launched and decommissioned rapidly without establishing any log collection mechanism. Even if log collection is in place for such ephemeral systems, in many cases the destination is a SIEM tool or log management system which is not configured to alert security personnel to unwanted activity.
With Server Secure, you can:
- Continuously monitor important server log files
- Indicate misuse, misconfiguration, or compromise to log files
- Detect suspicious events. Details are then inserted into the Halo security events feed and administrators are immediately alerted
- Use pre-built log monitoring policy templates for Windows and Linux