Enabling security for cloud operations: DevSecOps

Watch the video

The problem

The rise of DevOps has standardized continuous integration/continuous development (CI/CD) cycles as the normal mode of operation for modern application development. Developers release code frequently – often daily – and automated toolchains push updated applications into production at a rapid pace.

Legacy security tools can’t keep up. They require manual configuration, are labor intensive, and are costly to implement in modern environments. Security for both VMs and containers can’t just be bolted on at the end of a production cycle anymore – it must be implemented during pre-production, and it must be automated.

CloudPassage® Halo® addresses these challenges

CloudPassage Halo solves these problems by moving control implementation and security audits as early as possible in your deployment cycles, ensuring that new applications, instances, and workloads are protected from pre-production onward. The ultralightweight Halo micro-agent installs automatically through your existing build management, configuration management, and configuration tools, anywhere – public and private clouds, or traditional data center environments.

With Halo you can be secure from build to run:

Halo @ build

Halo incorporates a comprehensive set of security checks, ensuring that build artifacts meet all your security and compliance policies. The checks include:

  • Testing for any known vulnerable packages
  • Secure configuration monitoring

Halo @ pre-production

Halo will continuously monitor your workloads and container images for any new vulnerabilities. Halo will also monitor your systems for the following policy violations:

  • Configuration drift or deviations
  • PII or SPI data in any of the log files

Halo @ production

Halo incorporates checks for various IoCs in your production systems including:

  • File system integrity
  • Investigating and auditing various log file for events of interest.
  • Privileged access auditing and monitoring
  • Network traffic monitoring

Continuous security automation

From pre-production to deployment and beyond, Halo’s security automation capabilities allow you to:

  • Automate security assessment as part of infrastructure provisioning, receiving a comprehensive assessment in under 90 seconds
  • Automate security workflows and implement a closed-loop security model. Halo comes with full REST APIs, which can be used to integrate security events and alerts into your existing SIEM or orchestration workflows. Halo implements a continuous monitoring model and automatically resolves issues that have been successfully remediated.

What’s unique about Halo’s solution?

Halo provides a broad range of security controls within a single platform that integrates with your existing orchestration tools for seamless DevOps security.

Halo includes:

  • Supports servers and containers
  • Comprehensive capabilities that can be integrated in DevOps toolchains
  • Infrastructure agnostic
  • Scales linearly
  • Cloud-native

With Halo, your development and operations teams won’t have to choose between speed and security – they can have both.

Learn more Schedule a demo

Top 10 ways to achieve agile security

Between 2017 and 2021, worldwide spending on cybersecurity will top $1 trillion, according to predictions from Cybersecurity Ventures . From the barrage of cyberattacks on enterprises to new threat vectors within networks due to the move to the cloud, CIOs and CISOs have more to consider around cybersecurity than ever before.

Download the eBook

Request a demo

Get a live demo that is customized to help you see how easy it is to be secure and compliant in the cloud with CloudPassage Halo.