Halo Server Secure enables you to automate threat prevention and compliance for server-based workloads anywhere, at any scale

Protecting cloud server workload assets is critical

Moving servers from datacenter environment to the public cloud is one of the key use cases for IaaS. Even with containerized and serverless workloads on the rise, servers will remain central to many application stacks for years to come. Protecting server-based workload assets remains a critical requirement.

Security teams have quickly learned that protecting servers in public cloud environments is different. Servers can auto-scale, are updated far more frequently, and their numbers multiply as compute requirements are optimized.

server secure screen shot

Designed to protect cloud-hosted servers

System owners have no more tolerance for traditional agents that are bloated and hard to manage – especially when multiple point solutions turn into multiple agents. On top of these issues, the IaaS control plane must be protected to ensure that both the servers and their environments remain safe.

Halo Server Secure was designed from the ground up to automatically address the new requirements for protecting cloud-hosted servers. You get automatic discovery and inventory of cloud servers and deep, continuous analysis of server configurations, package vulnerabilities, administrative access privileges, runtime activities, threat & compromise indicators, and more. Server Secure’s patented microagent architecture is the most mature in the market, battle-tested and improved in some of the largest cloud workload deployments in the world. We’ve improved our microagent deployment and management capabilities over the years to eliminate friction with your ops teams and make ongoing management simple.

Build-in security from the start

With Server Secure your teams can integrate cloud workload protection capabilities directly into server infrastructure making security built-in from the start, not as an afterthought. Server Secure will enable your team to automate the full lifecycle of cloud server protection including asset & issue discovery, remediation workflow, verifying resolution, and tracking it all. 

Server Secure is built on the Halo platform, so it delivers the same level of integration, automation, scale and speed as our other workload protection solutions. The common Halo platform also means true integration across capabilities, so you don’t have to integrate multiple products – or wait for other vendors to integrate their own point solutions.

How it Works

Patented microagent architecture for deep visibility and control with almost undetectable server overhead, complete portability, and easy management.

Cloud-based deployments make server visibility and control more critical than ever, but traditional endpoint security just doesn’t cut it. We literally invented the cloud server microagent architecture, often copied but never matched. Halo Server Secure leverages that architecture to give you scale, speed, managability, and control that can’t be paralleled. A compact, efficient, and heavily secured sensor, Server Secure agents have a mere 2 MB memory footprint and leverage the Halo security analytics cloud to do the heavy lifting. Server Secure’s patented messaging protocol eliminates the need for network configuration changes and has very low network impact.

Halo Server Secure is also highly functional. A few of Server Secure’s features include continuous server inventory, configuration monitoring, vulnerable and unpatched package detection, automated log inspection, configuration drift detection, file integrity monitoring, network traffic discovery, and orchestration of host-based firewall policies. Servers will remain a key infrastructure component for years to come, making automated, scalable, cloud-aware server workload protection a critical requirement.

security-compliance diagram

To learn more about how Halo Server Secure works, please check out the Halo Server Secure Technical Brief.

Use Cases

Server-based workloads remain essential infrastructure, but IaaS changes how servers are delivered.

Servers aren’t going away any time soon. But like most application infrastructure, enterprises are dialing in to how public IaaS services can make server delivery and management better. Regardless of the reason, getting server protection and compliance right is still critical. Here are some common use cases driving server migration and how Halo Server Secure fits in.

Reducing Datacenter Footprint

The lift-and-shift cloud migration model means moving servers into IaaS environments "as-is" and is usually tied to goals of reducing in-house data center footprint. Even this simple model means new protection and compliance needs since servers will be in a more dynamic environment. Your security team needs the ability to automatically track what server assets are where, evaluate cloud-based servers for exposures, protect the IaaS control plane, and ensure it all meets compliance requirements.

Server Autoscaling

Public cloud infrastructure platforms like AWS and Azure offer server autoscaling, enabling a cluster of servers to grow or "cloudburst" on demand. Security teams require workload protection tools that can automatically deploy controls during autoscaling events without intervention or disruption. Ephemeral workloads still require protection, and the fact they're ephemeral doesn't eliminate them from audit scope.

Blue-Green Deployments​

Continuous delivery strategies often include blue-green deployment processes. This technique reduces the downtime and risk of updating an environment by bringing up a complete new environment (the "green") in parallel with the existing operational environment (the "blue") and rerouting requests to the new environment. Public cloud infrastructure makes blue-green cheaper and easier. Blue-green is typically fully automated, and literally doubles the server count for some period of time. Securing blue-green requires the ability to transparently deploy and scale controls through direct environment integration.​

DevOps Autonomy​

Cloud infrastructure and devops have torn down the monolithic, centralized silos of developers and operations teams, replacing them with small, autonomous, de-centralized DevOps teams. Business units are enthusiastic about this model since it provides competitive agility and cuts through a lot of traditional red tape. Public IaaS providers have consumerized infrastructure, and many enterprises allow each DevOps team to deploy and manage their own infrastructure. Security teams must adapt, now dealing with dozens or even hundreds of autonomous DevOps teams who expect everything - including security and compliance - to be automated, integrated, and programmable.​

Server Efficiency

First-generation virtualization delivered efficiency by optimizing underutilized bare-metal servers. Cloud servers takes this concept to another level by providing extreme flexibility in server definition and the ability to autoscale server groups. Many enterprises target cloud server utilization at 90% or more per-server by scaling server resources to almost exactly what's needed, and scaling servers horizontally. This strategy will result in many more individual servers to protect and a lot more fluctuation in server fleet size.


Halo Cloud Secure gives you instant access to broad, battle-tested capabilities developed through years of real world, customer-driven enhancements.

Our server threat prevention and compliance features are the most complete, integrated, scalable, and automated in the market. You and your team can benefit from the experience and learnings of our customers, who have guided the development of Halo for almost a decade. Forged in real-world deployments with the largest and most sophisticated cloud enterprises in the world, these capabilities are proven to deliver when it comes to automating cloud workload protection. Here are just a few of our key features and capabilities.

For complete details of Halo Server Secure features and capabilities, please download the Halo Server Secure technical brief.

  • Server Discovery & Inventory – continuous discovery and inventory of servers including running processes, network configurations, installed packages, local access credentials, network traffic patterns, and more.
  • Exposure Prevention – assess and continuously monitor servers for configuration hardening, missing patches, vulnerable packages, configuration drift, system integrity, privileged activities, and suspicious network and system activity.
  • Compliance Monitoring – continuous compliance assurance for server configurations, authorized software, access management, change control, asset inventory, and compliance-related system activity.
  • Threat Detection – automated event collection & alerting, host-based intrusion detection, detect indicators of threat/compromise, monitor for unauthorized use of privileged access, detect undesired/suspicious network activity.
  • Microsegmentation – central orchestration of host-based firewalls, network traffic pattern discovery, network service integrity monitoring, auditing of locally managed host firewall policies.

Supported Platforms


  • RedHat Enterprise Linux
  • CentOS
  • Amazon Linux
  • Oracle Linux
  • Debian
  • Ubuntu
  • CoreOS


  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Related Resources

Participate in Independent Cloud Security Research and Get Access to Industry Reports

Take part in one or more of our surveys and let your voice be heard​