Halo Security

Halo Security manages managing and securing the external attack surface of an organization, particularly in complex cloud and multi-provider environments. The platform's technical architecture is designed to automatically discover and catalog all internet-facing assets, including domains, hostnames, and IP addresses, using a seed-based approach. This involves adding initial seeds such as known domains and network ranges, which the platform then expands upon to identify additional assets that likely belong to the organization.

The scanning process is comprehensive, involving four types of scans: firewall, website, server, and application scans. These scans detect various risks, vulnerabilities, and configuration issues, which are then summarized and prioritized based on risk scores. The platform uses an agentless, non-invasive scanning method, providing real-time visibility into the external risk posture without the need for additional infrastructure.

Operationally, Halo Security integrates with existing tools and workflows, offering workflow management tools and user access reviews to ensure that security measures are aligned with organizational needs. The platform also supports quarterly or semi-annual security reviews to identify gaps in coverage and optimize scanning and testing processes. However, the scalability of the platform can be limited by the number of targets being monitored, and pricing is based on the number of targets and services used, which can impact cost management.

Technically, the platform's ability to detect issues goes beyond traditional CVEs, identifying server vulnerabilities, application flaws, and modern cloud configuration issues. The data collected is rich in context, providing insights into what each asset is, what's running on it, and who is responsible for it. This detailed visibility is presented through a single-pane-of-glass interface, making it easier to measure and report on the external risk posture and prioritize remediation efforts effectively.