CloudPassage Halo is designed to provide cloud workload security and compliance monitoring for public, private, hybrid and multi-cloud environments at enterprise scale. It focuses on the foundational cloud workload protection strategies, outlined by Gartner as configuration and vulnerability management, microsegmentation, traffic visibility and workload integrity monitoring.
Halo automatically applies security policies predicated on the workload type, regulation category or sensitivity of the data. It also scans for software vulnerabilities referencing a number of sources, such as the NIST CVE database. Configuration of workloads use standard benchmarks from the Center for Internet Security (CIS) and the Defense Information Systems Agency (DISA).
The tool performs three fundamental tasks: reduction of the software attack surface, reduction of the network attack surface and monitoring for compromise. You begin by deploying micro agents on every server that you wish to protect. The agents talk to the Halo security orchestration engine which, in turn, communicates with the portal and, through a REST API, with various SOC systems, such as Splunk or GRC systems. The tool supports private clouds and data centers from Microsoft, VMware and OpenStack, and infrastructure orchestration from third-party vendors such as CHEF and Puppet. It can reside in public clouds as well, supporting such public clouds as Amazon, Google and Microsoft.
This is absolutely an asset-centric tool in that it focuses on servers. The first task when you go to the landing page in the portal is to set up your environment. You do that by going out from your selected server(s) to the Halo portal and downloading the appropriate script to set up your servers with their micro agents. We selected a Windows Server 2008 and the setup was simple and straightforward. After we registered we simply logged into the portal from the server we wanted to configure. The rest was almost automatic.
That said, for an enterprise of any real size you will want to automate the process of pushing out scripts to the servers you want to monitor. Once you have set up your servers you can group them by tagging. The next task is to build and apply policies. This is where you will want your servers tagged into groups. It would be excessively tedious to apply policies to hundreds or, even, thousands of servers one at a time.
Policies are available and are easy to edit. This is a typical policy modification exercise. Save a desired policy, edit the saved copy and deploy it. There are a lot of out-of-the-box policies, though, that you can use as-is. Next, you'll want to scan your assets for compliance with your new policies. Finally, you can perform appropriate remediation. All of this step-by-step is available on the website in the Halo quick start and tour. The REST API is easy to set up for folks who are familiar with the use of REST.
We found the pricing on Halo to be attractive. Basic support is included and there are premium support levels available. The website has a good support portal with an FAQ and document library that includes manuals. The documentation is clear and well-written. The quick start is especially useful.
Overall, we liked this product. We liked the lightweight agent as it did not appear to interfere with our test server, hardly making a dent in its performance. As long as you automate the deployment, you'll be fine with this one.