Additional Info

CompanyCloudPassage
Websitehttps://www.cloudpassage.com/
Company size (employees)50 to 99

Overview

Traditional controls do not operate continuously, which means they can completely miss seeing ephemeral workloads that spin up and down rapidly in the cloud.

To get high-quality detections, network scanners require that credential-based authenticated scanning be performed on endpoints. But managing credentials is a laborious effort when systems are constantly changing.

Traditional host-based security products and log management products are slow to deploy, causing security to be a bottleneck.

The CloudPassage® Halo® security and compliance automation platform solves all of these challenges. Halo provides businesses the easiest, most automated way to verify continuous server compliance in cloud environments.

Working in any combination of cloud or hybrid infrastructure (public cloud, private cloud, hybrid, multicloud, or virtualized data center including bare metal), Halo provides continuous visibility and compliance as a service. Workloads can be assessed both in the CI/CD process as images are created, as well as in runtime environments immediately as they are deployed and continuously thereafter.

Halo consolidates your traditional compliance controls into a single platform
Halo provides within a single platform several different types of controls that are typically needed to comply with regulations like PCI DSS, HIPAA, SOC2, and SOX:

Software Vulnerability Assessment (SVA)
Configuration Security Monitoring (CSM))
Server Account Monitoring (SAM)
File Integrity Monitoring (FIM)
Log-based Intrusion Detection (LIDS)

How we are different

HIPAA (Health Insurance Portability and Accountability Act) is legislation that requires data privacy and security provisions for organizations to safeguard any medical information. Halo allows for HIPAA compliance through automated policy implementation.


The Service Organization Control (SOC) reporting framework for SOC 2, Type 2, is designed for technology and cloud computing organizations, and CloudPassage has been audited against it. The SOC 2 report – which concentrates on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system – is available to customers to meet a wide range of US and international auditing requirements.


The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards. As overseen by the PCI Standards Council (SSC), CloudPassage places stringent controls around cardholder data as both a service provider and merchant.