Cloud Security Startup Comes Out Of Stealth To Secure Cloud Servers

The Menlo Park, Calif.-based SaaS startup came out of the gates Wednesday with a pair of products that companies can use to manage their own cloud security and defend cloud servers. The Halo SVM (Server Vulnerability Management) and Halo Firewall -- Halo is short for highly-automated/low overhead -- products were built to perform server exposure assessments, monitor configuration compliance and provide network access control, all in an automated fashion to secure public and hybrid cloud servers, CloudPassage Marketing Vice President Brent Bilger said.

"Elasticity requires a different security model," Bilger said. "We provide security for companies using IaaS" like Amazon EC2, Rackspace, GoGrid and others.

The cloud computing paradigm introduces myriad new security concerns and the elasticity and multi-tenant nature of the cloud requires security policy to be enforced regardless of location.

Halo SVM and Halo Firewall are built on CloudPassage's Halo architecture, through which provides automation for security functions while handling issues inherent to fluid, agile and scalable cloud server hosting environments. The architecture consists of a Halo Daemon installed on customer OS servers which talks to the Halo Grid, an elastic compute grid. From there, the daemon collects information, which is processed by the Halo Grid and the Grid issues commands back to the daemon, for example to make a change to a firewall policy.

Bilger said CloudPassage's Halo SVM addresses server vulnerability needs specific to cloud server environments. It delivers server exposure assessment by examining thousands of server configuration points in seconds, arming users with exposure and compliance intelligence.

"We're on the inside. We're literally taking an inventory of the software packages," Bilger said.

Meanwhile, CloudPassage's Halo Firewall controls server attack services by centralizing and automating host-based firewall management. It provides cloud-wide firewall policy management from a Web front-end, eliminating the overhead and errors that can arise with manual host-based firewall management. The Halo Firewall auto updates individual host-based firewall configurations whenever cloud servers are added or removed, including server cloning or cloud-bursting operations. It also addresses dynamic public cloud IP addressing, Bilger said.

"Other server protection solutions that work in public clouds require painful deployment and management contortions," CloudPassage CEO and co-founder Carson Sweet said. "Because dozens of new servers can be created in seconds, through cloning and bursting, vulnerability and firewalling need to be done differently in the cloud; they need to be elastic."

Sweet said currently Halo SVM and Halo Firewall are free for unlimited servers and paid versions are to follow, which will provide advanced features. Paid versions will launch toward mid-2011 with enterprise editions expected in late-2011 or early-2012.

For the channel, CloudPassage will target service providers and managed service providers, and is also planning to offer a white label package for resellers.

"Because it's a Software-as-a-Service, it can extend to MSPs and other providers," Sweet said, adding it can be added as a security component of cloud managed services. Sweet said CloudPassage is working with cloud providers for integrated partnerships.