Best practices for applying Halo Security's security testing and monitoring services to your assets
Halo Security helps businesses reduce cyber risk and safeguard cloud environments with a number of security testing and monitoring services.
When you’re just getting started with Halo Security's attack surface management services, we know it can be difficult to understand which services should be applied to different types of assets within your organization.
In this blog, we’ll help you match your assets to the correct scanning and services so that you can make the most of our security program.
Discovery service
Halo Security’s Discovery service helps you detect all of your internet-facing assets, regardless of platform, network, and operating system in order to create a map of your external attack surface.
To initiate the service, start by inputting your domains and any IP ranges into your account. This seed information will be used to find additional assets like subdomains and TLDs that you may have forgotten about or were not aware of.
Firewall Monitoring
Halo Security’s Firewall Monitoring service shows you what's going on with every website or IP address in your arsenal, giving you insight into firewall configuration issues and weaknesses. We continually assess risk at the firewall level, and monitor for exposed ports and services and firewall configuration changes. If we discover unauthorized changes or identify anomalies, you’ll receive an alert immediately.
Firewall Monitoring should be applied to all assets found with the Discovery service, with the exception of any assets found that you don’t actually control.
Website Monitoring
Halo Security’s Website Monitoring service helps you discover and monitor the risk of certificates, cookies, third-party integrations, and HTTP security headers and policies.
Apply this service to all of your assets that have websites. You can easily filter for these assets using the has-website
tag which is automatically applied to detected assets with HTTP service during the firewall scan.
Server Scanning
Halo Security’s Server Scanning service detects server weaknesses and vulnerabilities, missing security patches, and out-of-date software in your web services, web frameworks, and operating systems.
After running a firewall scan, you can use filtering to see which targets have ports with the automatically applied has-ports
tag. With assistance from your Halo Security account rep, you’ll review the services available then add server scanning to the servers you control and run patch management on.
Application Scanning
Halo Security’s Application Scanning service utilizes dynamic application testing, injection testing, and testing for OWASP top 10 issues to identify coding flaws and security weaknesses on your websites that could be used to exploit your business.
Use application scanning on any websites or applications with a custom user experience. Assets run on platforms that you don’t manage the primary logic for, like a Shopify site or Zendesk help center, generally shouldn't be scanned in this way.
Compliance Reporting
As an Approved Scanning Vendor, Halo Security's Compliance Reporting service helps you obtain PCI scan compliance required by your merchant bank or interested parties.
Compliance Reporting should be enabled for any assets in your cardholder data environment. These are assets that transmit, store, or process credit card information.
Penetration Testing
With Halo Security's manual Penetration Testing services, our experienced team of security engineers and ethical hackers identifies perimeter vulnerabilities and recommends fixes.
After automated testing is configured and continuously testing, our final step is to target the parts of the environment that require manual testing. We’ll work with you to determine which targets will be tested based on the needs of your business. Halo Security offers Compliance, Network, and Application Penetration Testing.
Upon completion of your pentest, you will receive a full report of our findings in an easy-to-follow format.
We hope this helped you get a better understanding Halo Security’s attack surface management services and what types of assets they work with. If you need additional resources, check out our help center or feel free to reach out to us.
Editor's note (July 2022): This article was originally posted on the TrustedSite blog in April 2021. It has been updated for the Halo Security blog.