CloudPassage - Halo
Strengths: Simple to use and deploy approach to security in a microsegmented environment.
Weaknesses: The web site could benefit from some cleanup and, while the documentation is good as far as it goes, it is a bit sparse. The support structure needs simplification.
Verdict: While we liked this product, there are peripheral aspects that need some cleanup. Pricing seems reasonable but if you have a lot of packages it could get expensive. In any event, it certainly is well worth your time to give it a closer look. We make this one of our Recommended products this month.
Halo is, essentially, a vulnerability management system for use in hybrid environments that approaches the issue through multiple techniques including file integrity monitoring, application control, vulnerability assessment, configuration management and host log monitoring. It operates at the workload level so it is right at home with microsegmentation. It also can automate security and compliance for Docker and JFrog containers.
Halo sits as an agent on the workload and Docker containers have connections to the Registry. The idea behind Halo is that it secures the build before it goes to runtime. The Registry connection ensures persistence making it secure. It has a complete and documented REST API and integrates with some third-party tools such as SIEMs.
With Halo, you can look at your packages in a group (e.g., Marketing, Linux, Finance, etc) and scan with excellent drill-down. You can set up any package grouping you want and create policies for the group. There are quite a few policy templates and setting policy is point-and-click. As you add servers to a group the policies are instantiated instantly and automatically. Everything is logged and you can look at policy violations on a dashboard that allows you to search logs for any issue you find there. We started our look at Halo in the Policies tab.
Halo lets you determine how you want to filter events and you can send alerts wherever you want. The Registry tab manages all security at build time to ensure that the deployed package is secure.
Next, we dropped into the Environment tab. This displays details of our enterprise segmented by the groups that we selected. In this view, we have a summary as well as breakdowns by issues, operating systems, servers, software, processes, accounts, and scans. There also is a settings tab. Each tab has a lot of details.
In addition to expected vulnerability assessment standards such as NIST and the CVE, Halo compares workload configuration against industry-accepted standards. If that is not enough for you, you can create your own custom policies. All this analysis is automated and continuous. Agents are built into the workloads as the workloads are developed and it makes no difference to the agent how or where the workload is deployed. It is completely IP agnostic and reporting follows the workload itself regardless of where it is deployed.
The analysis is reported through the cloud portal on the Halo platform. This is described in detail in the documentation. Docs are clear and very concise, if a bit sparse. Even so, documentation is well-constructed and well-illustrated. The "How Halo Works" document is especially useful.
Support is a bit of a mish-mash. There is basic no-cost support, which we like. There are fee-based programs that depend upon several criteria for pricing. When we went to the support link on the website we found that it really was an FAQ but the page was no longer supported (there was a link to the new page) and there was a tab for submitting a request and for logging into the portal. We think the entire support section of the website could use some cleanup.
There is a blog on the site but, like the rest of the site, it is more focused on sales and marketing than technical information in a broader sense.