The Fastest, Easiest Way to Control East-West Traffic

Microsegmentation in any environment. Lightweight. Efficient.

The Problem

In recent years, there has been a growing need to control East—West traffic within data center networks. Advanced threats often bypass traditional firewalls, gain a foothold and then move laterally within the network.

If your organization is moving to a flat network topology and/or a cloud environment, traditional network segmentation strategies will be complex or impossible to apply. As servers are rapidly provisioned and decommissioned, IP addresses change frequently, and it becomes difficult to continuously reprogram ACLs in routers, firewalls and switches. Proprietary “Software Defined Networking” products can do the job, but these solutions tend to be costly and difficult to implement, and they lock you into a single proprietary architecture.


The CloudPassage® Halo® agile security and compliance platform has been purpose-built to solve the East–West traffic problem in modern data center networks. Halo uses a micro-agent that can be deployed automatically on servers and cloud workloads. This allows Halo to orchestrate standard Linux and Windows firewalls and enforce granular network segmentation policies to protect against lateral movement and network attacks inside your data centers and cloud environments.

Get the Solution Brief


Halo works anywhere, so it does not lock you into a proprietary architecture or rules language.

Halo lets you discover and visualize the IP connection patterns and listening ports of your workloads and servers, both between Halo-protected systems as well as connections to and from remote systems. This helps you create microsegmentation policies with confidence, ensuring that you are not blocking desirable traffic.

When workloads are added or retired, or as IP addresses change, Halo automatically ensures that your network segmentation policies are enforced properly. These policies follow the workload wherever it may be—data center, public cloud, private cloud.
  • Block unwanted East-West traffic
  • Run anywhere
  • Automate microsegmentation policies
  • Scale on demand
  • Minimal system impact

Request a Demo