CloudPassage’s Public Cloud Security Plug-in
Even the most staunchest of public cloud proponents will tell you that security remains a major concern, especially since you have no say in how the public cloud provider you’ve latched onto is managing its security. Sure, you can make suggestions, but the likelihood of these suggestions being considered much less put into action are very slim if not impossible. CloudPassage‘s new Halo NetSec may be the answer to this problem.
Rand Wacker, vice president of product management for CloudPassage had this to say, “Given the fluctuating nature of on-demand computing, we’re finding cloud adopters are challenged to find effective ways to secure their servers, with Halo NetSec, you don’t have to be a security expert to bulletproof your cloud infrastructure. We’ve packaged the most important network security features into an easy-to-manage solution, so securing cloud servers doesn’t have to be a full-time job.”
Functioning much like a security plug-in for public clouds, Halo NetSec is basically a 3MB daemon functioning as the gateway between your virtual server and the rest of the world. It provides perimeter defense, firewall automation, vulnerability management, security event alerting and server account management. This includes a firewall and 2-factor authentication without having to access the hypervisor (which makes this product perfect for AWS and Rackspace). According to CloudPassage, it is also usable across private and hybrid clouds as well. One factor that I liked was that it offers automated firewall management so you could manage the firewall across multiple IP addresses and servers without having to do this one by one. Ease of use is the key here and the interface is both clean and intuitive.
The 2-factor authentication utilizes CloudPassage’s GhostPorts so that when you insert a physical USB key you get access to a one-time passcode. This passcode is in turn used to access the firewall administration of your Halo NetSec console which according to CloudPassage is inaccessible before this because the access ports are both dynamic and invisible. This means that in essence the Halo NetSec solution does not require any specific networking hardware, complex deployment or networking expertise.
CloudPassage’s Halo NetSec offers several plans and pricing. While all offer intrusion-detection, the higher-end Halo Professional allows for automatic intrusion detection scanning with logging for two years. The Halo NetSec offers less services than this but more than the Halo Basic package with a 30-day free evaluation. The Halo Basic account on the other hand is entirely free but the services are likewise just as basic. If you think that you’re up to paying for Halo NetSec then expect to pay 3.5 cents for one server per hour, which is a pretty good deal (comes up to about 84 cents a day), all things considered. The Halo Basic package will cover 25 servers for free with unlimited hours, but will omit certain things and functions such as the GhostPorts dynamic firewall feature and will only keep a one-day log of detected intrusions.
By Muz Ismial