CloudPassage Halo

On-demand, automated server & cloud workload security that works anywhere, at any scale.

What is CloudPassage Halo?

CloudPassage Halo provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. The Halo platform is delivered as a service, so it deploys in minutes and scales on-demand. Halo uses minimal system resources, so layered security can be deployed where it counts, right at every workload – servers, instances and containers.

Halo is the only platform purpose-built for broadly automated, portable, scalable, on-demand security and compliance.


Download the Halo Overview


“CloudPassage is really an investment that will help us sell more efficiently. With CloudPassage we can show what we can do for security and show how we prove it.”

Manny Landron, Senior Manager of Security and Compliance, Citrix

Platform Components

Halo is a comprised of three packages that can be purchased separately or in combination.

Halo Protect

Halo Protect reduces the software attack surface of workloads by ensuring proper security configuration, discovering software vulnerabilities, and controlling administrative access.

Halo Segment

Halo Segment reduces your network attack surface through traffic discovery, host firewall orchestration, and multi-factor network authentication

Halo Detect

Halo Detect alerts you if any of your workloads have been compromised by monitoring whether important files have changed and by monitoring important server log files.

How Halo is Different

Traditional Products


Traditional security systems are slow to deploy. They require change control tickets and manual configuration. They can’t keep pace with rapid server provisioning that is characteristic of cloud environments and DevOps processes.
Halo is fast. Installation of agents is totally automated. Halo integrates with DevOps tools such as Chef, Puppet, Salt, Ansible, and Jenkins. If workloads move or IP addresses change, Halo automatically follows the workload.
Designed for a single environment. Data center products built on proprietary architectures do not work in public cloud environments, and vice versa.
Halo is portable. Halo works with equal efficiency in any environment—data center, private cloud, public cloud, hybrid cloud.
Traditional security agents are large and consume a lot of CPU on your servers and cloud instances. You wind up paying for more cloud resources in order to secure your cloud resources.
Halo agents are extremely lightweight. All security analytics are done on CloudPassage’s servers, instead of your servers and cloud workloads.
Single function products each focused on network security, workload protection, compromise detection, etc, make you acquire an arsenal of tools.
Halo is comprehensive. It includes a broad range of security controls at both the host and network levels. You can replace multiple traditional security products with Halo.
On-premise security systems require effort to scale. As your number of workloads increases, you need to purchase and install more gear.
Halo is scalable instantly, on-demand. Our customers routinely scale Halo to over 10,000 workloads in just a few days.

How Can Halo Be Used?


Workload Protection

Reduce your software attack surface by ensuring proper security configuration, discovering software vulnerabilities, and controlling administrative access



Reduce your network attack surface through host firewall orchestration and traffic discovery


Compromise Detection

Find out if your workloads have been compromised, either unintentionally or through external malicious activity



Ensure compliance in any environment–traditional data centers as well as public or private cloud



Integrate security within DevOps toolchains for fast-paced IT delivery environments


AWS EC2 Security

Complement AWS security with workload-level protection that works in any cloud environment