Halo Security is a complete platform for understanding and managing risk across your attack surface. Our goal with all of our customers is to help them eliminate blindspots, improve their security posture and decrease their organization's risk of an external data breach.
We'll cover our general approach and key concepts below, but if you're looking to dive right in, check out our getting started guide:
The Halo Security discovery and analysis process.
To get a complete picture of the attack surface of an organization, customers start by adding seeds to the account. This can include known domains, network ranges, connectors to cloud providers, and more. From these seeds the platform automatically compiles a list of assets that likely belong to your organization. You can then add the assets you control as targets for additional scanning. As targets are scanned, additional connected are fed back to the assets list for further review. The platform also suggests other potential seeds for additional discovery.
As targets are scanned, we identify and catalog issues, technologies, ports and services and other web elements to help you improve the security posture of your attack surface.
We offer a number of services within in our platform and generally recommend a standard approach for reducing external risk across the organization.
- 1.Get a complete inventory of internet-facing assetsOur discovery services help find internet-facing subdomains, connected domains and hostnames, and alive IP address within your network. This allows you to monitor the security of your external attack surface.
- 2.Identify risky services and firewall misconfigurationsAs you add targets to your account, firewall monitoring identifies the open ports, services, and products available on those assets, so you can identify and reduce unnecessary exposures.
- 3.Ensure website security best practicesWebsite monitoring gives you visibility into the status of your SSL/TLS certificates, HTTP security headers, forms and more.
- 4.Find technologies being used by your assetsThe technology section discovers applications, services, and third-party providers being used on your attack surface and classifies them by their potential risk.
- 5.Identify server and application vulnerabilities for remediationOur external vulnerability scanning services identify known vulnerabilities (CVEs) and OWASP Top 10 security risks, such as SQL injection and cross-site scripting.
- 6.Achieve PCI complianceAs an approved scanning vendor (ASV), you can use Halo Security to manage PCI ASV scans and reports for PCI compliance.
- 7.Go beyond automated assessments with manual penetration testingWork with us to quickly scope and kick off penetration test right from you dashboard. Our experienced penetration testers will use a variety of methods to try to test your systems and provide high-quality reports and insights.
Below we'll cover a few of the foundational concepts to understand. These concepts flow into one another as such:
- 6.You remediate or reduce those risks to increase the security of your attack surface (you fix the underlying issue)
Your attack surface is comprised of your internet-facing assets. We use the term assets to describe your exposed hostnames (
www.example.com) and IP addresses (
220.127.116.11). Our discovery process attempts to identify all internet-facing assets that belong to your organization. We use your domains domains (
example.com) and networks (
18.104.22.168/24) to find assets or "suggested targets" to add to the Halo Security platform.
Assets that belong to your organization are added to your account as targets. Our scanning services are run on targets to identify issues on them. Our pricing based on the number of targets you are monitoring and the services being used on them.
Learn more about targets:
Services are what we call the types of scans run on targets. We believe that not all targets need to be analyzed at the same way. While your primary web application may need dynamic application security testing (we call this application scanning), you may need to only check the firewall and website status on a third-party hosted asset like a blog or help center.
By default our scanned detect and organize data around:
- Application Scanning: Dynamic application security testing (DAST) services identifies application vulnerabilities, such as SQL injection. This is a per target add-on designed for custom-coded applications.
- Compliance Reporting: Submit and down PCI reports from an PCI DSS Approved Scanning Vendor (ASV). This is an account-level add. Targets that process transmit, or store credit cards can use the Compliance policy to meet PCI requirements.
The services enabled on a target, along with its settings, determine how it is scanned. There are four separate scans that can be run on each target (firewall scan, website scan, server scan and application scan). Scan results are summarized across your targets and on a per target basis. Issues detected during scans are called risks and vulnerabilities.
One key objective to Halo Security is to help you identify and understand the risks present across your assets. There are several ways we indicate risk:
- 1.Issues: Issues represent various types risks, misconfigurations, and vulnerabilities we identify during a scan. They include vulnerabilities and configuration issues that we believe would be attractive to an attacker. Issues are assigned point values for risk scores.
- 2.Risk scores: We sum up the value of different issues we detect to create risk scores. Your account, your targets and groups of targets you designate with tags all have risk scores applied and are tracked over time.
- 3.Risk indicators: We use colors (green, red and blue) throughout the dashboard to show the relative risk of certain elements to one another, so you can tell, for instance, which open ports or cipher suites are riskiest.
To learn more about risk:
We use the term remediation to describe the process of removing or reducing risks. Halo Security does not directly remediate any issues our scans detect, but we work with you to verify, understand and prioritize the issues we find. We also provide workflow management tools within the dashboard, along with integrations into your existing tools.
Generally, once you remediate or remove a risk, you want to rescan to confirm that the issue is no longer present.