If you’re running applications in cloud environments like AWS, Azure, or OpenStack, you need a different security strategy than for your data center. Here’s why the old approach no longer fits:
- Architecture. Cloud workloads are just one configuration mistake away from open Internet attack. The traditional security practice of hardening the perimeter and leaving the inside “soft and chewy” is an invitation to disaster.
- Speed. Cloud workloads spin up and down very quickly. A traditional security system that is based on periodic (e.g. monthly) scans and/or manual deployment processes is no longer sufficient.
- Change. Cloud hosted applications are likely to have a high rate of change. Practices such as DevOps, immutable infrastructure, and automation tools all contribute towards this. Security controls that are manually installed at the end of the deployment cycle are not sustainable in modern infrastructure.
- Automation. Enterprises that leverage cloud environments typically also leverage automation tools, DevOps, and containers. A security system that does not accommodate these modern systems is holding you back and leaving you exposed.
- VMs and containers. If your DevOps teams are not already using containers, they soon will be. Containers require a different set of security controls than servers, but purchasing a point-product that only secures containers can be a costly mistake. Who wants to manage yet another security product?
CloudPassage® Halo® is an automated security platform that has been purpose-built for modern cloud environments and DevOps methodologies. Halo lets you:
Harden workloads to reduce your attack surface. Key functions include:
- Software vulnerability assessment for Linux and Windows hosts and containers
- Secure configuration management for Linux and Windows hosts and containers
- Host access monitoring for Linux and Windows
- Detection of secrets embedded in images and containers
Detect policy violations and suspicious activities. Key violations that Halo detects include:
- Newly announced vulnerabilities in workloads
- Configuration drift
- Unauthorized processes or ports
- Changes to server accounts or escalation of privileges
- File system integrity violations
- Suspicious activity in log files
- Suspicious network connections and traffic flow
Respond to incidents
- Halo’s bi-directional API lets you automate security workflows and implement a closed-loop security model including remediation via systems such as Puppet.
- Send security events and alerts into your existing SIEM or GRC system
- Quarantine workloads that have indications of compromise.
Security for modern cloud environments needs to be different from a traditional data center.
How Halo is different:
- Comprehensive. Halo works with servers, virtual machines, cloud instances, Docker containers and images. This lowers your management overhead and costs.
- Easy to deploy. Halo is a SaaS-based system. No hardware or software to buy or maintain. Halo micro-agents are deployed automatically via scripts or popular orchestration tools such as Puppet, Chef, Ansible, Jenkins, Kubernetes, Docker Swarm, Mesos.
- Works anywhere. Halo works in any data center, public cloud, hybrid environment, or multi-cloud environment.
- High-frequency data collection. Halo monitors workloads every 60 seconds, giving you visibility to even short-lived (ephemeral) workloads.
- On-demand scalability. Grow from 100 to 10,000 workloads. Expand to new VPC environments. Halo is available when you need it.
- Shift security left. Assess workloads and images early in your deployment cycle and across your registries, providing fast feedback to developers and letting you be sure that workloads are secure before you deploy them.
- Easy integration. Halo contains a robust RESTful API and a well documented SDK which let you easily integrate Halo with your CI/CD toolchains, infrastructure automation technologies, GRC, and analytics platforms.
Configuration Security Monitoring (CSM)
Software Vulnerability Assessment (SVA)
Server Account Monitoring (SAM)
File Integrity Monitoring (FIM)
Log-based Intrusion Detection (LIDS)
Firewall policy automation
Events & alerting
AWS EC2 & ECS