Platform Overview

Halo Security is a complete platform for understanding and managing risk across your attack surface. Our goal with all of our customers is to help them eliminate blindspots, improve their security posture, and decrease their organization's risk of an external data breach.

We'll cover our general approach and key concepts below, but if you're looking to dive right in, check out our getting started guide:

Our Process

To get a complete picture of the attack surface of an organization, customers start by adding seeds to the account. This can include known domains, network ranges, connectors to cloud providers, and more. From these seeds, the platform automatically compiles a list of assets that likely belong to your organization. You can then add the assets you control as targets for additional scanning. As targets are scanned, additional connected assets are fed back to the assets list for further review. The platform also suggests other potential seeds for additional discovery.

As targets are scanned, we identify and catalog issues, technologies, ports and services, and other web elements to help you improve the security posture of your attack surface.

Recommended Approach

We offer several services within our platform and generally recommend a standard approach for reducing external risk across the organization.

1. Get a complete inventory of internet-facing assets

   Our discovery services help find internet-facing subdomains, connected domains and hostnames, and alive IP addresses within your network. This allows you to monitor the security of your external attack surface.

2. Identify risky services and firewall misconfigurations

   As you add targets to your account, firewall monitoring identifies the open ports, services, and products available on those assets, so you can identify and reduce unnecessary exposures.

3. Ensure website security best practices

   Website monitoring gives you visibility into the status of your SSL/TLS certificates, HTTP security headers, forms, and more.

4. Find technologies being used by your assets

   The technology section discovers applications, services, and third-party providers being used on your attack surface and classifies them by their potential risk.

5. Identify server and application vulnerabilities for remediation

   Our external vulnerability scanning services identify known vulnerabilities (CVEs) and OWASP Top 10 security risks, such as SQL injection and cross-site scripting.

6. Achieve PCI compliance

   As an approved scanning vendor (ASV), you can use Halo Security to manage PCI ASV scans and reports for PCI compliance.

7. Go beyond automated assessments with manual penetration testing

   Work with us to quickly scope and kick off a penetration test right from your dashboard. Our experienced penetration testers will use a variety of methods to test your systems and provide high-quality reports and insights.

Key concepts

Below we'll cover a few of the foundational concepts to understand. These concepts flow into one another as such:

1. You own an asset (www.example.com)

2. You add that to your account as a target (www.example.com)

3. You apply services to that target (application scanning)

4. Scans run on the target (an application scan is run on www.example.com)

5. The scans detect risks (an application scan finds a SQL injection vulnerability on www.example.com)

6. You remediate or reduce those risks to increase the security of your attack surface (you fix the underlying issue)

Assets

Your attack surface is comprised of your internet-facing assets. We use the term assets to describe your exposed hostnames (www.example.com) and IP addresses (111.111.111.111). Our discovery process attempts to identify all internet-facing assets that belong to your organization. We use your domains domains (example.com) and networks (111.111.111.111/24) to find assets or "suggested targets" to add to the Halo Security platform.

Targets

Assets that belong to your organization are added to your account as targets. Our scanning services are run on targets to identify issues on them. Our pricing is based on the number of targets you are monitoring and the services being used on them.

Learn more about targets:

Services

Services are what we call the types of scans run on targets. We believe that not all targets need to be analyzed in the same way. While your primary web application may need dynamic application security testing (we call this application scanning), you may need to only check the firewall and website status on a third-party hosted asset like a blog or help center.

By default our scanned detect and organize data around:

• Firewalls

• DNS records

• Websites

• Technology

• Server Vulnerabilities

Scan policies allow more control over what types of scans are run.

Add-on Services

• Application Scanning: Dynamic application security testing (DAST) services identify application vulnerabilities, such as SQL injection. This is a per-target add-on designed for custom-coded applications.

• Compliance Reporting: Submit and down PCI reports from a PCI DSS Approved Scanning Vendor (ASV). This is an account-level add. Targets that process transmit, or store credit cards can use the Compliance policy to meet PCI requirements.

Scans

The services enabled on a target, along with its settings, determine how it is scanned. Four separate scans can be run on each target (firewall scan, website scan, server scan, and application scan). Scan results are summarized across your targets and on a per-target basis. Issues detected during scans are called risks and vulnerabilities.

Risk

One key objective of Halo Security is to help you identify and understand the risks present across your assets. There are several ways we indicate risk:

1. Issues: Issues represent various types of risks, misconfigurations, and vulnerabilities we identify during a scan. They include vulnerabilities and configuration issues that we believe would be attractive to an attacker. Issues are assigned point values for risk scores.

2. Risk scores: We sum up the value of different issues we detect to create risk scores. Your account, targets, and groups of targets you designate with tags all have risk scores applied and are tracked over time.

3. Risk indicators: We use colors (green, red, and blue) throughout the dashboard to show the relative risk of certain elements to one another, so you can tell, for instance, which open ports or cipher suites are riskiest.

To learn more about risk:

Remediation

We use the term remediation to describe the process of removing or reducing risks. Halo Security does not directly remediate any issues our scans detect, but we work with you to verify, understand, and prioritize the issues we find. We also provide workflow management tools within the dashboard, along with integrations into your existing tools.

Generally, once you remediate or remove a risk, you want to rescan to confirm that the issue is no longer present.