www.cloudpassage.com | 800-215-7404

THE PROBLEMAs enterprises move applications from traditional data centers to a public or hybrid cloud environment, the security model needs to change. For example, in the Amazon Web Services (AWS) environment, AWS is responsible for securing the data center infrastructure and network, while you maintain responsibility for the security of your application workloads. AWS refers to this concept as the “Shared Responsibility Model.” You need to ensure that your servers and workloads are secure and that they meet the compliance requirements of regulations such as PCI DSS, SOC2, HIPAA/HiTECH, and FISMA.

THE SOLUTION: CLOUDPASSAGE HALO ENHANCED SECURITY CONTROLS FOR AWSAWS and APN Advanced Technology Partner CloudPassage have created a set of security controls that allow you to fulfill your responsibilities under the AWS Shared Responsibility Model. CloudPassage® Halo® gives you instant visibility into and continuous protection for your workloads across the AWS Cloud, virtual private clouds, and hybrid cloud environments. Delivered as a metered service, Halo deploys in minutes, scales on-demand, and eliminates costly, error-prone manual processes by baking security directly into your workloads. Its library of ready-to-use security policies gives you a head start on meeting your security objectives and compliance requirements. The Halo REST API makes it easy to integrate with your existing security tools and extends your security investments.

THE POWER OF HALO FOR AWS4 Instant visibility and continuous protection for AWS workloads

4 Automated provisioning of security for faster deployment

4 Automatic scalability

4 Faster time to value and reduced operational overhead

4 REST API for easy integration with AWS and existing tools

ENHANCED SECURITY & COMPLIANCE FOR AMAZON WEB SERVICES

ON-DEMAND SECURITY AND COMPLIANCE FOR ANY MIX OF AWS PUBLIC, PRIVATE, OR HYBRID INFRASTRUCTURE

SOLUTION BRIEF

www.cloudpassage.com | 800-215-7404

Halo works across any c loud or v ir tual infrastructure: publ ic , pr ivate , hybr id , mult i -c loud or

v ir tual ized data center — including bare metal .

Get instant visibility

Workloads are tracked and reported on instantly

and automatically.

Reduce costs & improve efficiency

Eliminate manual processes — streamline and

automate workflows.

Verify system & data integrity Apply and verify

all required controls are in place.

Automate compliance workflows

Integrate with your existing tools and

processes seamlessly.

Generate & track audit logs

Ensure all critical activities are archived and readily available.

Scale on demand Non-intrusive, agent-

based model scales without breaking a sweat.

Stay flexibleDeploy seamlessly across any cloud or

virtual infrastructure.

THE POWER OF HALO

INFRASTRUCTUREORCHESTRATION

PUBLIC CLOUDS

PORTAL REST API SOC & GRC SYSTEMSSECURITY ORCHESTRATION ENGINE

SERVERS

DATA CENTERS & PRIVATE CLOUDS

CONTAINERS SERVERS CONTAINERS

www.cloudpassage.com | 800-215-7404

HOW IT IS DIFFERENT

54321

Halo is fast. Installation of agents can be

totally automated.

Halo is portable. It works in any

environment—data centers, private

clouds and public clouds.

Halo agents are extremely

lightweight. All security analytics are conducted on

CloudPassage’s servers, instead of your servers and cloud workloads.

Halo is comprehensive. It includes a broad range of security controls at both the host and the network levels.

Halo is scalable. Our customers routinely deploy

Halo to over 10,000 workloads in just a

few days.

ABOUT CLOUDPASSAGECloudPassage® Halo® is the world’s leading agile security platform that empowers our customers to take full advantage of cloud infrastructure with the confidence that their critical business assets are protected. Halo delivers a comprehensive set of continuous security and compliance functions right where it counts—at the workload. Our platform orchestrates security on-demand, at any scale and works in any cloud or virtual infrastructure (private, public, hybrid or virtual data center). Leading enterprises like Citrix, Salesforce.com and Adobe use CloudPassage today to enhance their security and compliance posture, while at the same time enabling business agility.

ABOUT AWSFor 10 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS offers over 70 fully featured services for compute, storage, databases, analytics, mobile, Internet of Things (IoT) and enterprise applications from 33 Availability Zones (AZs) across 12 geographic regions in the U.S., Australia, Brazil, China, Germany, Ireland, Japan, Korea, and Singapore. AWS services are trusted by more than a million active customers around the world—including the fastest growing startups, largest enterprises, and leading government agencies—to power their infrastructure, make them more agile, and lower costs. To learn more about AWS, visit http://aws.amazon.com.

© 2016 CloudPassage. All rights reserved. CloudPassage® and Halo® are registered trademarks of CloudPassage, Inc. CP_SB_ AWS_081116© 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.

HOW IT WORKS AUTOMATED AGENT DEPLOYMENTHalo uses an ultra-lightweight agent that can be deployed automatically via automated scripts or via popular orchestration tools that you are probably already using, such as Chef, Puppet, Ansible, Salt, Jenkins, BOSH, etc.

AUTOMATED VISIBILITYHalo agent automatically connects to the Halo Orchestration Engine every 60 seconds, giving you visibility to systems that are newly created or auto-scaled.

INSTANT SCALABILITYHalo is delivered as a service so it can scale as rapidly as your IT automation systems can provision new workloads.

AUTOMATED POLICY ASSIGNMENTHalo applies the appropriate policy to each system based on tags that define the application and operating system. These policies follow the workload no matter where the workload physically resides—data center, public cloud, private cloud.

BROAD RANGE OF COMPLIANCE CONTROLSHalo controls are directly applicable to many of the data privacy regulations included in PCI, HIPAA, SOC2, SOX. Controls span server access, workload configuration, software vulnerability assessment, file integrity management, and host-based log storage and analysis.

FULL APIThe CloudPassage Halo platform supports an open, RESTful API that makes it easy to integrate with a range of security and operational solutions.