CloudPassage is launching a new security product for virtual servers in public clouds such as Amazon Web Services that it says takes care of the all-important need for security when using services from infrastructure providers.
The product, called Halo NetSec, offers a firewall, two-factor authentication in order to access virtual servers, as well as intrusion-detection capabilities. It allows administrators to set up a so-called “perimeter” defense without needing access to the actual network, which they don’t have when using cloud-based services, said Rand Wacker, vice president of product at CloudPassage.
“What we’ve done is create a cloud-ready platform that handles automatically all management and policy controls with a combination of a lightweight host-based agent and software-as-a-service grid,” Wacker said.
Halo NetSec runs a small, 3MB daemon on a virtual server, which is responsible for executing commands and communicating with CloudPassage’s computing grid. The small footprint means customers do not end up paying more to their provider for computing services, Wacker said.
CloudPassage has developed technology to be able to deploy the firewall as administrators fire up new virtual servers such as databases or Web applications, the firewall and its rules are applied.
“We never considered in the old days of firewall management the idea of a server dynamically appearing, disappearing and changing IPs,” Wacker said.
Halo NetSec also has two-factor authentication for administrators when accessing their servers. An administrator goes to CloudPassage’s Web portal and uses a USB key to generate a one-time passcode, and then access is granted to their servers, Wacker said.
The product also does not need access to the hypervisor since it runs within the operating system of the virtual server, Wacker said. Other types of security software need access to the hypervisor, but infrastructure providers such as Amazon Web Services and Rackspace do not allow it.
“Amazon has no issue with where our software is installed,” Wacker said.
Halo NetSec is a lighter version of its Halo Professional package. For example, administrators can do a daily intrusion-detection scan and store the log for one day. With a Professional subscription, administrators can run a scan once an hour and store the results for two years, Wacker said. CloudPassage also has a free basic version of Halo.
The goal with Halo NetSec was to create a “mid-range” package that was “very easy to get a basic set of security capabilities,” Wacker said.
Halo NetSec costs 3.5 cents per server per hour, although volume discounts apply and other discounts are available with a monthly minimum usage commitment.