Platform Overview

Halo Security is a complete platform for understanding and managing risk across your attack surface. Our goal with all of our customers is to help them eliminate blindspots, improve their security posture and decrease their organization's risk of an external data breach.
We'll cover our general approach and key concepts below, but if you're looking to dive right in, check out our getting started guide:

Our Approach

We offer a number of services within in our platform and generally recommend a standard approach for reducing external risk across the organization.
  1. 1.
    Get a complete inventory of internet-facing assets
    Our discovery services help find internet-facing subdomains, connected domains and hostnames, and alive IP address within your network. This allows you to monitor the security of your external attack surface.
  2. 2.
    Identify risky services and firewall misconfigurations
    As you add targets to your account, firewall monitoring identifies the open ports, services, and products available on those assets, so you can identify and reduce unnecessary exposures.
  3. 3.
    Ensure website security best practices
    Website monitoring gives you visibility into the status of your SSL/TLS certificates, HTTP security headers, forms and more.
  4. 4.
    Find technologies being used by your assets
    The technology section discovers applications, services, and third-party providers being used on your attack surface and classifies them by their potential risk.
  5. 5.
    Identify server and application vulnerabilities for remediation
    Our external vulnerability scanning services identify known vulnerabilities (CVEs) and OWASP Top 10 security risks, such as SQL injection and cross-site scripting.
  6. 6.
    Achieve PCI compliance
    As an approved scanning vendor (ASV), you can use Halo Security to manage PCI ASV scans and reports for PCI compliance.
  7. 7.
    Go beyond automated assessments with manual penetration testing
    Work with us to quickly scope and kick off penetration test right from you dashboard. Our experienced penetration testers will use a variety of methods to try to test your systems and provide high-quality reports and insights.

Key concepts

Below we'll cover a few of the foundational concepts to understand. These concepts flow into one another as such:
  1. 1.
    You own an asset (
  2. 2.
    You add that to your account as a target (
  3. 3.
    You apply services to that target (application scanning)
  4. 4.
    Scans run on the target (an application scan is run on
  5. 5.
    The scans detect risks (an application scan finds a SQL injection vulnerability on
  6. 6.
    You remediate or reduce those risks to increase the security of your attack surface (you fix the underlying issue)


Your attack surface is comprised of your internet-facing assets. We use the term assets to describe your exposed hostnames ( and IP addresses ( Our discovery process attempts to identify all internet-facing assets that belong to your organization. We use your domains domains ( and networks ( to find assets or "suggested targets" to add to the Halo Security platform.


Assets that belong to your organization are added to your account as targets. Our scanning services are run on targets to identify issues on them. Our pricing based on the number of targets you are monitoring and the services being used on them.
Learn more about targets:


Services are what we call the types of scans run on targets. We believe that not all targets need to be analyzed at the same way. While your primary web application may need dynamic application security testing (we call this application scanning), you may need to only check the firewall and website status on a third-party hosted asset like a blog or help center.
Here are the services that can apply to targets:

Website and firewall monitoring

Firewall and website monitoring is applied to all targets and detects several risks and provides deep context about the target.
If you signed up before June 1, 2021, you'll need to upgraded to our full attack surface management platform to apply this service.

Server scanning

This vulnerability scanning identifies out-of-date software and known vulnerabilities (CVEs).
Targets that have server scanning enabled and process, transmit or store credit card data can also be added to PCI scope. When targets are in PCI scope they can be included in submitted PCI ASV reports.

Application scanning

Dynamic application security testing (DAST) services identifies application vulnerabilities, such as SQL injection.
Learn more about services:


The services enabled on a target, along with its settings, determine how it is scanned. There are four separate scans that can be run on each target (firewall scan, website scan, server scan and application scan). Scan results are summarized across your targets and on a per target basis. Issues detected during scans are called risks and vulnerabilities.


One key objective to Halo Security is to help you identify and understand the risks present across your assets. There are several ways we indicate risk:
  1. 1.
    Risks: Risks are the issues we identify during a scan. They include vulnerabilities and configuration issues that we believe would be attractive to an attacker. Risks are assigned point values for risk scores.
  2. 2.
    Risk scores: We sum up the value of different risks we detect to create risk scores. Your account, your targets and groups of targets you designate with tags all have risk scores applied and tracked over time.
  3. 3.
    Risk indicators: We use colors (green, red and blue) across throughout the dashboard to show the relative risk of certain elements to one another, so you can tell, for instance, which open ports or cipher suites are riskiest.
  4. 4.
    Vulnerabilities: Vulnerabilities are a specific subset of all risks that are detected and include both CVEs and application flaws.
To learn more about risk:


We use the term remediation to describe the process of removing or reducing risks. Halo Security does not directly remediate any issues our scans detect, but we work with you to verify, understand and prioritize the issues we find. We also provide workflow management tools within the dashboard, along with integrations into your existing tools.
Generally, once you remediate or remove a risk, you want to rescan to confirm that the issue is no longer present.