'Halo' architecture from CloudPassage built for securing software-as-a-service offerings
January 26, 2011
A startup came out of stealth mode today with two free service offerings that secure servers for SaaS providers.
CloudPassage's new Halo architecture for securing cloud servers uses a lightweight, 2 MB daemon that runs on the server and connects them to the Halo's grid. "We provide the elastic cloud that does the heavy-lifting for all the daemons," says Carson Sweet, co-founder and CEO of CloudPassage. "Very little computing is done on the individual servers, which preserves the performance of the VMs themselves."
CloudPassage is basically offering a cloud service for the cloud. "We're securing the cloud versus spray-painting for the cloud," says Sweet, former principal solutions architect at RSA.
The company's target customer is the SaaS provider, or customers that use infrastructure services like Amazon's EC2. One of its first customers is social networking company Foursquare, which is based on EC2. David Birdsong, senior operations engineer for Foursquare, says the social network needed continuous firewall and vulnerability management.
CloudPassage's Halo Firewall centrally manages host-based firewalls, and handles real-time policy changes, updates, and other administrative tasks. "Amazon, for example, recommends that you use IP tables for the firewall in addition to the cloud provider's. But the problem is that there's no automated way to update policies, so you have to go out and touch many servers," Carson says. "[Halo Firewall] lets us deal with IP tables management ... on a very large scale."
And Halo SVM (Server Vulnerability Management) handles vulnerability scanning, configuration issues, and compliance. "It [does] scanning from insider the server using the daemon so you don't have to get around issues with the cloud not permitting people to do remote scans," Sweet says.
SaaS providers to date for the most part have had to roll their own security, which is labor-intensive to manage and difficult to lock down. "They had to use existing [security] products made for the enterprise, which doesn't work well in the cloud," says Sweet, a former RSA executive.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024