Glasswall Halo

Industry-leading Content Disarm and Reconstruction out-of-the-box – enabling security teams to quickly and easily protect their organization against file-based threats

Oracle Cloud Marketplace logoMicrosoft Azure Marketplace logo

Existing security solutions leave critical data at risk

It is common practice for security teams to deploy detection-based cybersecurity solutions, such as antivirus software and sandboxes, to protect their organization against file-based threats. However, this reliance on detection means no matter how complex a security solution may be, it can still only protect against what it has observed or seen before.
Learn more about how detection falls short

Glasswall Halo:
out-of-the-box zero-trust file protection

Zero-trust file protection by Glasswall Halo is different. Instead of looking for malicious content, our advanced CDR (Content Disarm and Reconstruction) process treats all files as untrusted, validating, rebuilding and cleaning each one against their manufacturers ‘known-good’ specification.

Glasswall Halo is a cloud-native CDR solution that provides security teams with out-of-the-box file protection capabilities. Built on a Kubernetes architecture, it provides organizations with protection that can scale infinitely to meet demand. Glasswall Halo’s OpenAPI specification compliant design provides developer-centric web services, while open source connectors provide easy on-premises and cloud integrations.
Learn about zero-trust CDR

Embed scalable zero-trust file protection
across all critical applications

Illustration about multiple network segments
Deploy hubs across your organization to enable CDR workflows across multiple network segments
Utilize open source-based connectors for easy on-premises and cloud integrations
Illustration about software development with html opening and closing tags
Take control of developer-centric web services with OpenAPI specification compliant design
magnifying glass above data graphs
Analyze original file risk with out-of-the-box  metrics and reporting
Glasswall Halo icon

Key features

  • API controllable content management policy for Microsoft Office, PDF, WebP, Tiff and SVG file formats.
  • Intuitive API endpoints to help developers devise the most effective integration approach to meet their needs
  • Kubernetes-based architecture can be deployed via a managed Kubernetes service such as AKS, EKS and OKE
  • Virtual appliance deployment options for custom or air-gapped environments. OVA and VHD images are based on hardened (DoD STIG) Red Hat Enterprise Linux and RKE2 (or RKE Government) with CIS Kubernetes Benchmark 1.6 conformance.
  • Terraform deployment scripts and helm charts to support a managed Kubernetes service
  • Deployment options enable an always-on service that provides organizations with ability to establish resilient patterns spanning multiple availability zones and regions around the world
  • OpenAPI (OAS3) compliant code samples and examples provided for easy system integration with the API
  • Deep file inspection, beyond artefacts such as the so-called magic number, to accurately report what file data suggests about the true file type
  • 85+ supported file formats and counting


synchronous API icon

Synchronous API

Our Synchronous API endpoints enable security teams to present file analysis and rebuild requests to Glasswall Halo – typically securing files in under a second. In addition, the API facilitates policy management actions – enabling security teams to match the processing of a files components with their organizations risk appetite.
Synchronous API documentation
Asynchronous API symbol

Asynchronous API

The Asynchronous API enables security teams to present and respond to multiple file analysis requests for Glasswall Halo. The APIs ability to handle concurrent operations and non-blocking I/O allows Glasswall Halo to manage resources and respond to multiple requests concurrently – enabling the user to continue at their own convenience, eliminating the requirement to wait for file processing. 
Asynchronous API documentation
policy management icon

Policy Management API

The Policy Management API gives security teams the capability to configure content management policies to match their organizations risk appetite, allowing them to govern the treatment of files and their contents during the CDR process. Users are able to create, update, delete or reset content management policies for Glasswall Halo.  
Policy Management API documentation
licence management API icon

License Management API

This API facilitates the management of licenses for Glasswall Halo. It performs 3 main tasks:
1 – Enables the insertion of a new license certification
2 – Returns a description of all currently installed licenses
3 – Enables the deletion of a currently installed license
License Management API documentation
Glasswall Menlo Security API icon

Menlo Security Platform API

Our Menlo API enables security teams with Menlo Security Platform deployments to seamlessly harness the power of Glasswall zero-trust CDR technology. It instantly processes web content traffic and downloads encountered by the Menlo Security Platform – ensuring users can safely browse the internet.
Menlo API documentation

ICAP Profile Management API

Utilizing the Internet Content Adaptation Protocol (ICAP), Glasswall CDR provides rapid threat processing, ensuring safe file access for users in various scenarios. Web proxy servers filter requests and enhance performance, while reverse proxy servers aid in caching to alleviate server load. Integrated into SSL inspection, Glasswall CDR automatically removes threats and utilizes existing proxy servers to guarantee file safety across trust boundaries.
ICAP API documentation

Deployment options

Glasswall Halo supports deployment into a range of managed Kubernetes environments via the use of Helm charts. Security teams also have the option of deploying Glasswall Halo in virtualized environments such as Microsoft’s Hyper-V, VMware’s vSphere/ESXi and Virtualbox. 

Supported managed Kubernetes

Supported virtual environments: 

Talk to us about our industry-leading CDR

Book a demo

Best-in-class file-based protection from Glasswall

Glasswall is the market leader for Content Disarm and Reconstruction (CDR). We supply our zero-trust file protection solutions to nations across the world, including members of NATO, the Five Eyes Alliance and AUKUS. Our CDR technology is infinitely scalable and helps organizations to comply with initiatives such as the NCSC's Pattern for Safely Importing Data, the NSA's Raise the Bar and the NIST Risk Management Framework by the US Department of Commerce.
NATO logoAUKUS logoNational Security Agency logo USANCSC logoNIST (Nastional Institute of Standards and Technology) logo

How we do it better:

  • Complete file analysis – giving users transparency into file non-conformance with industry specifications
  • Complete file protection – threats removed and files returned to known-good specifications
  • Content management options to shape an organization’s security policy based on risk appetite
  • True file type detection going beyond just the file extension or magic number

Industry-leading performance:

Cluster configuration assumes specific memory and compute allocations for containers. Production performance will ways depend on size and complexities of real world files. Configurations can be optimised to favour throughput or file processing speeds.

20 business files ranging from 17 MB to 0.05 MB in size
  • File types include: PowerPoint, Video, Excel, Word, Image, PDF, Audio
  • Mean file size = 3.74 MB
  • Median file size = 0.64 MB
  • 5 Engines per node
  • 8 virtual cores
  • 28 GB Memory
  • Request concurrency to availability of resource is 1:1

Book a demo

Talk to us about our industry-leading CDR solutions

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.