CloudPassage's new Halo architecture for securing cloud servers uses a lightweight, 2 MB daemon that runs on the server and connects them to the Halo's grid. "We provide the elastic cloud that does the heavy-lifting for all the daemons," says Carson Sweet, co-founder and CEO of CloudPassage. "Very little computing is done on the individual servers, which preserves the performance of the VMs themselves."
CloudPassage is basically offering a cloud service for the cloud. "We're securing the cloud versus spray-painting for the cloud," says Sweet, former principal solutions architect at RSA.
The company's target customer is the SaaS provider, or customers that use infrastructure services like Amazon's EC2. One of its first customers is social networking company Foursquare, which is based on EC2. David Birdsong, senior operations engineer for Foursquare, says the social network needed continuous firewall and vulnerability management.
CloudPassage's Halo Firewall centrally manages host-based firewalls, and handles real-time policy changes, updates, and other administrative tasks. "Amazon, for example, recommends that you use IP tables for the firewall in addition to the cloud provider's. But the problem is that there's no automated way to update policies, so you have to go out and touch many servers," Carson says. "[Halo Firewall] lets us deal with IP tables management ... on a very large scale."
And Halo SVM (Server Vulnerability Management) handles vulnerability scanning, configuration issues, and compliance. "It [does] scanning from insider the server using the daemon so you don't have to get around issues with the cloud not permitting people to do remote scans," Sweet says.
SaaS providers to date for the most part have had to roll their own security, which is labor-intensive to manage and difficult to lock down. "They had to use existing [security] products made for the enterprise, which doesn't work well in the cloud," says Sweet, a former RSA executive.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.