Today CloudPassage boosts security for your cloud-based servers by announcing an enhanced version of its Halo SaaS security tools called NetSec. The new version brings two-factor authentication methods for remote terminal access, as well as improvements to cloud firewall policy creation and management. As with earlier versions, the tools only work on Linux-based instances, since you need to install their agents on each cloud-based server. The tools are being used by Foursquare, for example, to help manage their increase in weekend check-in traffic.
The issue is that the cloud is chaotic: servers come and go and it is hard to use traditional firewall products amongst all these changing IP addresses and network configurations. Halo NetSec is expressly designed for this environment and logically groups servers by application to make it easier to view the security policies, as you can see from the screen shot below. So you can set up rules between all your app servers and your database servers, for example.
Another feature, which has been part of the Halo Pro package, is what they call GhostPorts. CloudPassage has worked with Yubico’s USB two-factor authentication keys to make remote communications with your cloud-based servers more secure. Typically, you open up an SSH terminal session with your cloud server, and that can be a vulnerability for someone who is attempting to attack your server. What Halo GhostPorts does is tie that session with a user who has the USB key so that no one can see an open port or have access via SSH. You can see how this sorts out on its management console below:
There are three different pricing plans for Halo: There is a free Halo Basic plan that can be deployed on up to 25 servers. Next level up is NetSec, which costs 3.5 cents per server hour. The top tier is the Pro plan which costs 10 cents per server hour. There are volume discounts for multiple servers. More information on Halo’s pricing and plans can be found here.