'Halo' architecture from CloudPassage built for securing software-as-a-service offerings

A startup came out of stealth mode today with two free service offerings that secure servers for SaaS providers.

CloudPassage's new Halo architecture for securing cloud servers uses a lightweight, 2 MB daemon that runs on the server and connects them to the Halo's grid. "We provide the elastic cloud that does the heavy-lifting for all the daemons," says Carson Sweet, co-founder and CEO of CloudPassage. "Very little computing is done on the individual servers, which preserves the performance of the VMs themselves."

CloudPassage is basically offering a cloud service for the cloud. "We're securing the cloud versus spray-painting for the cloud," says Sweet, former principal solutions architect at RSA.

The company's target customer is the SaaS provider, or customers that use infrastructure services like Amazon's EC2. One of its first customers is social networking company Foursquare, which is based on EC2. David Birdsong, senior operations engineer for Foursquare, says the social network needed continuous firewall and vulnerability management.

CloudPassage's Halo Firewall centrally manages host-based firewalls, and handles real-time policy changes, updates, and other administrative tasks. "Amazon, for example, recommends that you use IP tables for the firewall in addition to the cloud provider's. But the problem is that there's no automated way to update policies, so you have to go out and touch many servers," Carson says. "[Halo Firewall] lets us deal with IP tables management ... on a very large scale."

And Halo SVM (Server Vulnerability Management) handles vulnerability scanning, configuration issues, and compliance. "It [does] scanning from insider the server using the daemon so you don't have to get around issues with the cloud not permitting people to do remote scans," Sweet says.

SaaS providers to date for the most part have had to roll their own security, which is labor-intensive to manage and difficult to lock down. "They had to use existing [security] products made for the enterprise, which doesn't work well in the cloud," says Sweet, a former RSA executive.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights