Halo Cloud Secure: A unified product


This post was originally published here by carson sweet.

Vitaliy Geraymovych, Talli Somekh, and I founded CloudPassage in 2010. In those early days, cloud infrastructure was broadly dismissed as little more than a hosting environment for games, blogs, and experiments.

The bulk of IaaS offers revolved around cloud servers (a.k.a. cloud VMs, cloud workloads, virtual private servers). “The Phoenix Project” had yet to be written. What we now call “devops” didn’t even have a name. There was no breakout winner in cloud infrastructure services, and many snickered at the online bookstore that was quietly changing application infrastructure forever.

The CloudPassage team entered the market early, building solutions ahead of the mainstream cloud trend that we saw coming. We developed our technology early, refined it through collaboration with the earliest cloud innovators, and battle-tested the resulting Halo platform with the first wave of large-scale enterprise adopters. Dubbed Halo, our platform was about re-inventing the agent model to be light, scalable, portable, and supremely fast. Halo’s design embraced the early cloud trend of “software-defined-everything” to create new levels of on-demand security automation.

We were fortunate to be among the pioneers. But even among those earliest cloud adopters, the server-based compute model was still dominant. Cloud infrastructure security was still all about the servers.

Fast forward to 2018.

Cloud infrastructure services crossed the chasm and mainstream adoption has hit full stride. Most enterprises now consider the agility and flexibility of IaaS an imperative to compete in a SaaS-driven world. Catalogues of available infrastructure and application services have grown exponentially. Databases, storage, DNS, encryption key management – you name it – are all available on demand to anyone with a credit card. Devops is the new norm, and devops teams operate with great autonomy, often outside of central I.T. Continuous delivery models mean delivering iterated code and infrastructure – well, continuously.

This rapid-fire series of innovations has forever changed how we approach securing application infrastructures. Instead of seperate network, sysadmin, application system and development teams collaborating on an application, a single “full stack” team now owns it all – including security control implementation. These teams have more deployment options available to them than ever, and are usually autonomous in choosing them.

On a practical basis, it’s now impossible for a single centralized security team to maintain the skills needed to keep up with wildly disparate control implementations. Containerization, microservices, and serverless compute models coupled with true continuous delivery generate a rate and pace of change orders of magnitude greater than anything seen before. And many enterprises now default to public cloud infrastructure for new application deployments.

In other words, there’s now much more to cloud infrastructure security than just the servers.

CloudPassage has been incredibly fortunate to work with dozens of the largest and most advanced cloud enterprises in the world. As always, we’ve recently been collaborating with our lighthouse customers — the trendsetters and innovators — to once again evolve the Halo security platform for what’s next.

These enterprises have collectively made three asks of CloudPassage:

  • Address application deployment diversity. Because of the new diversity in application architecture, deliver one platform capable of addressing components running on cloud servers, containers, and serverless environments.
  • Deliver automatable intelligence. Because cloud environments change incredibly quickly and application teams own remedial actions, focus on providing intelligence that enables application teams to automate remedial action.
  • Empower application teams on their own terms. Because devops teams are now distributed and autonomous, enable infosec to empower those teams with deep security & compliance visibility, on-demand and in “the devops way”, regardless of whether or not there is a formal devops methodology in place.

Nothing drives innovation more than a clear, consistent message from the users and we’ve been fortunate to have collaborative customers. In 2010, Halo was purpose-built for cloud server and workload security needs. Our team evolved to expand Halo’s workload-based capabilities to include dozens of controls that our customers needed. In 2017, Halo evolved to address security and compliance visibility for Docker containers and CICD-based operation.

I am delighted to share that CloudPassage has once again enhanced the capabilities of the battle-tested Halo platform. As of spring 2018, CloudPassage launched Halo Cloud Secure to provide security and compliance visibility for a broad range of IaaS infrastructure and application services. These capabilities will provide existing and new Halo users with comprehensive visibility that’s critical to answering two key questions: what IaaS assets do I have, and are they secure?

Our customers asked for Halo to support this capability to unify their workload, container, and IaaS needs in one solution. They realized that time, effort and intelligence were being lost when using separate tools/products to manage disparate application components.  Stitching together data simply wasn’t sustainable. Since Halo already protected their cloud workloads and containers, this unification in function made perfect sense. Moving forward, Halo Cloud Secure will provide fully unified capabilities to support our customers’ needs to protect servers, containers, and IaaS services with one platform.

The IaaS services capability of Halo Cloud Secure has been in beta just a few months and is already protecting over one million AWS assets. Even before GA, multiple enterprises are now using Halo Cloud Secure for deep and broad visibility across many public IaaS deployments including IaaS services, workloads and containers. With this kind of success in a beta, we can’t wait to see what happens when it goes GA.

Vitaliy, Talli, and I founded CloudPassage to ensure that enterprises large and small can safely take advantage of the power of public cloud infrastructure. Eight years, hundreds of global customers, and millions of protected workloads later we’re just as excited to see Halo evolve again to fulfill that promise for our customers.

The video below will introduce you to Halo Cloud Secure. You can also join the open beta by starting a Halo Cloud Secure trial today and gain new insights into your cloud security. And of course, don’t hesitate to contact us if you’d like to discuss your specific situation.



No posts to display