Content

CloudPassage – Halo

Halo is, essentially, a vulnerability management system for use in hybrid environments that approaches the issue through multiple techniques including file integrity monitoring, application control, vulnerability assessment, configuration management and host log monitoring. It operates at the workload level so it is right at home with microsegmentation. It also can automate security and compliance for Docker and JFrog containers.

Halo sits as an agent on the workload and Docker containers have connections to the Registry. The idea behind Halo is that it secures the build before it goes to runtime. The Registry connection ensures persistence making it secure. It has a complete and documented REST API and integrates with some third-party tools such as SIEMs.

With Halo, you can look at your packages in a group (e.g., Marketing, Linux, Finance, etc) and scan with excellent drill-down. You can set up any package grouping you want and create policies for the group. There are quite a few policy templates and setting policy is point-and-click. As you add servers to a group the policies are instantiated instantly and automatically. Everything is logged and you can look at policy violations on a dashboard that allows you to search logs for any issue you find there. We started our look at Halo in the Policies tab.

Halo lets you determine how you want to filter events and you can send alerts wherever you want. The Registry tab manages all security at build time to ensure that the deployed package is secure.

Next, we dropped into the Environment tab. This displays details of our enterprise segmented by the groups that we selected. In this view, we have a summary as well as breakdowns by issues, operating systems, servers, software, processes, accounts, and scans. There also is a settings tab. Each tab has a lot of details.

In addition to expected vulnerability assessment standards such as NIST and the CVE, Halo compares workload configuration against industry-accepted standards. If that is not enough for you, you can create your own custom policies. All this analysis is automated and continuous. Agents are built into the workloads as the workloads are developed and it makes no difference to the agent how or where the workload is deployed. It is completely IP agnostic and reporting follows the workload itself regardless of where it is deployed.

The analysis is reported through the cloud portal on the Halo platform. This is described in detail in the documentation. Docs are clear and very concise, if a bit sparse. Even so, documentation is well-constructed and well-illustrated. The "How Halo Works" document is especially useful.

Support is a bit of a mish-mash. There is basic no-cost support, which we like. There are fee-based programs that depend upon several criteria for pricing. When we went to the support link on the website we found that it really was an FAQ but the page was no longer supported (there was a link to the new page) and there was a tab for submitting a request and for logging into the portal. We think the entire support section of the website could use some cleanup.

There is a blog on the site but, like the rest of the site, it is more focused on sales and marketing than technical information in a broader sense.

Product title
CloudPassage Halo
Product info
Name: Halo Description: Price:
Strength
Simple to use and deploy approach to security in a microsegmented environment.
Weakness
The web site could benefit from some cleanup and, while the documentation is good as far as it goes, it is a bit sparse. The support structure needs simplification.
Verdict
While we liked this product, there are peripheral aspects that need some cleanup. Pricing seems reasonable but if you have a lot of packages it could get expensive. In any event, it certainly is well worth your time to give it a closer look. We make this one of our Recommended products this month.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.