Fidelis Blog


Part 2: Is your security vendor ready for the cloud? CloudPassage Halo answers

Today, the question is no longer, “Do I need a cloud security vendor?” Instead, more and more enterprises are shifting their focus to finding the right cloud security solution and asking themselves which criteria matter most in the selection process. After all, a cloud security solution functions as a sentinel for your organization and whichever solution you partner with must know how the space is evolving, threats and vulnerabilities you’re up against, and project what’s on the way.

In a previous article, we highlighted some of those key requirements for security vendors. Now it’s time for the next stage in the decision-making process: getting those answers! Let’s put our own solution, CloudPassage Halo, to the test.

Is CloudPassage Halo dependent on static IPs?

CloudPassage Halo is designed to keep pace with the dynamic nature of servers and is not dependent on IP addressing. Instead, the focus is on the workload, meaning there are no roadblocks created when servers are inevitably created, killed, or altered in some way.

Take for example, Amazon Web Services (AWS). AWS uses DHCP for server addressing; if a server is shut down and restarted, it will have a new IP. With Halo, the new IP is automatically detected so that the same level of security is provided.

Can it work on bare metal servers?

To provide maximum security coverage and visibility, CloudPassage Halo protects bare metal servers, virtual  servers installed on any hypervisor, and cloud servers in AWS, Azure, et al.

Does CloudPassage Halo work the same on AWS, Azure, and GCP?

If you work with more than one cloud service provider (or think you might soon), you’ll want a solution that functions the same with each one. CloudPassage Halo provides the same functionality for AWS, Azure, GCP, and many other cloud platforms.

Is there a different deployment model in public cloud vs. on premise data center?

No, it’s designed for easy deployment. The lightweight micro agent can be deployed using the most popular enterprise  deployment methods, for example: LANdesk, Chef, Puppet, etc. into any server OS.

Does it scale?

You chose the cloud at least in part for its scalability, right? Shouldn’t your security solution be just as scalable? CloudPassage Halo’s functionality stays comprehensive at a large scale and was made to work seamlessly in agile environments and with large enterprises. By including Halo in your build scripts, you can scale to 10,000+ workloads and protect them as soon as your servers spin up.

Are there any hidden costs for appliances?

You may be familiar with the cost splitting of virtual appliances in the cloud, which we mentioned in part 1 of this series. With CloudPassage Halo, there are no appliances to worry about and additionally, there are no hidden costs for any extra infrastructure needed to run appliances or manage servers.

Is it cloud-platform and hypervisor agnostic?

CloudPassage Halo is ready to move with your company if you decide to change or add cloud service providers. The security solution provides equal risk mitigation for servers (whether they’re in the public cloud or an on-premise server) and works against cloud provider lock-in so innovation can run at the pace you want.

Is billing consumption based?

Our pay as you go model is based on workloads (aka servers, instances, or VMs). The licensing is not tied to IP usage in any way. So, if you have 10,000 servers and 100,000 IPs, you will only be charged for those 10,000 servers.

The payment model is similar to many cloud services in that you pay only for what you use, which makes it easier to predict and align these financial commitments.

How easy is CloudPassage Halo to install and configure on 1,000+ servers at the same time?

Pretty darn easy. CloudPassage Halo automatically deploys, configures, and runs at any scale, which allows for increased functionality of security tools to best protect IT infrastructure.

What features don’t work in public cloud?

CloudPassage Halo works in any cloud environment and provides full functionality, meaning you get what you pay for wherever you need it.

So, there you have it! Our own checklist put to the test. Now, it’s time to ask yourself how your own cloud security provider measures up.

Stay up to date on all things security

Subscribe to the Threat Geek Blog