Procedurally, after authentication, download, and installation, the daemon/service verifies itself, then proceeds to examine its environment as a root system process on the platform where it's been installed and invoked. Data gets sent to the CloudPassage portal. The analysis engine is gruesomely tight, and is referenced to CVSS bulletins and detailed policies descriptions, which you can add to, or untighten at will by turning down the sensitivity of the policies, or by adding your own, or by turning down the Severity Levels of the CVSS Threat.
Halo has an extensive list of configuration settings and tests that it performs on the instance it resides in. No matter how perfect and clean we thought we were, Halo will rat out every single configuration mistake it can find, and it can find plenty of them. Then comes the devil of the details.
Configuration mistakes, often referencing CVEs are then listed, categorized by criticality, external vulnerability, often with a CVE bulletin citing chapter and verse of a known vulnerability. The lists are operating system version-specific, and the details are gruesome. No matter how clever you believe you are, Halo will out-you for your mistaken configuration. It's depressing, and horridly effective.
For some applications, there are no fixes for CVEs and the presence of software that triggers configuration vulnerabilities. One can turn down the noise level, but policy alterations are noted. Why wasn't that fixed? Ah — we see you altered the policy to permit the deadly configuration we're not about to hang you by.
We attempted to find ways to make pleasing versions of both Linux and Windows that would satisfy Halo's obsessive-compulsive list. It's nigh impossible to do, and so changing the criticality of the problem cited is the key to apparent happiness and Halo's end goal of compliance. You will be subjected to policy control by Halo, and you will love to hate it.
Anturis offers individual component monitoring for both Windows (Vista+ and servers) and Linux (x86/x64) instances. It's a top-side view of major component functions, rather than the comparatively extreme configuration information rendered by CloudPassage Halo. Anturis watches everything from its portal once you've started your monitoring, and has the resources to give a "world-view" of how your site and its components are reacting to different parts of the world.
The components can be servers, databases, mail systems, and more. One of the most clever monitors is an interactive automated web server monitor that can be programmed to interact with a website to see if active pages respond correctly to get/post transactions.
The Anturis system contains public and private agents. The main portal is hosted in Germany, but agent hosts located in Dallas, Moscow, Vancouver B.C., Amsterdam and the HQ in Berlin can be used to do things like ping hosts for response time.
Sign up for CIO Asia eNewsletters.