CloudPassage Halo

Promote this Nomination

Additional Info

Company size (employees)128
Type of solutionSoftware


The rise of continuous development and deployment methods like DevOps have enabled fast, highly efficient innovation of new and improved products and services, but they put a huge strain on security organizations. Traditional security tools are not built for automated deployment and typically require manual configuration and operation before they can be put into production. This slows down the DevOps cycle and increases the risk of configuration errors.

CloudPassage Halo solves this problem by giving security and DevOps teams an agile security and compliance platform that bakes security right into the DevOps pipeline, ensuring that new workloads are protected from the start without ever slowing the DevOps process.

The Halo platform provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds at scale. The platform is delivered as a service, so it deploys in minutes and scales on-demand. Halo uses minimal system resources, so layered security can be deployed where it counts, right at every workload.

CloudPassage is also the first Cloud Service Provider to achieve “FedRAMP Ready” status through the new accelerated Federal Risk and Authorization Management Program (FedRAMP Accelerated). As a result, the CloudPassage Halo platform is now listed on the FedRAMP marketplace for federal agencies and government contractors, allowing them to leverage cloud computing while facing an outbreak of sophisticated nation-state cyber attacks.

Halo is a comprised of three packages that can be purchased separately or in combination.
Halo Protect reduces the software attack surface of workloads by ensuring proper security configuration, discovering software vulnerabilities, and controlling administrative access.
Halo Segment reduces your network attack surface through traffic discovery, host firewall orchestration, and multi-factor network authentication.
Halo Detect alerts you if any of your workloads have been compromised by monitoring whether important files have changed and by monitoring important server log files.

How we are different

CloudPassage Halo was purpose-built with the cloud in mind to be automated, shared and dynamic. Scalability was a critical capability designed into the system. Large enterprises adopting cloud infrastructure and agile development to stay nimble and continuously differentiate, are finding that traditional security products become ineffective in the cloud where the perimeter vanishes and the compute environment is automated, shared and dynamic.
Instead of functionality being hard-coded into agents, Halo agents use “dissolvable code,” meaning the Halo platform literally writes the code each agent needs as it’s needed. This makes the agents low-maintenance. They don’t need to be redeployed all the time. In addition, since Halo is a SaaS-based service, completely new capabilities can be introduced with very low impact to our customers as they don’t need to install software upgrades or deploy new agent versions.
In August 2016, CloudPassage announced new packaged offerings for CloudPassage Halo to more cost-effectively address enterprises’ need for workload security. Halo is now comprised of three packages - Halo Protect, Halo Segment and Halo Detect - which can be purchased separately or in any combination to provide workload protection, microsegmentation, compromise detection, compliance, DevSecOps and AWS EC2 security.