Client Overview
An 80-person hospitality technology company that powers the non-room revenue engine for some of the most iconic resorts and casinos in Las Vegas and beyond. Their platform is used to monetize everything that isn't a room—from nightlife admission tickets to reservations of pool cabanas, shows, lounges, excursions, and other resort experiences.
The Challenge
Thin Scans, Big Stakes
The hospitality company is compliant with SOC 2, which requires continuous vulnerability management and penetration testing. But the team wanted to expand their existing tools and processes to face today's quickly evolving threats, especially as the company grew and their internet-facing footprint expanded to almost 6,000 assets.
"I don't come from a development or security background," their VP of operations shared. "I wanted to understand what was really going on 'under the hood' of our software and expand our vulnerability scanning. We have a small team. We wanted to add a strong third-party vulnerability tool with experts I could lean on to validate what was really happening across our attack surface, and maximize my team's time and our company's budget."
The Solution
An EASM Partner, Not Just a Platform
When their VP raised his concern with their CEO, he recommended Halo Security. The VP reviewed other EASM and ASM vendors, but the combination of a trusted referral and Halo's deep scanning with superior cloud visibility, paired with Halo's partnership-driven approach, made the choice clear.
"Halo stood out because it didn't feel like 'here's a giant platform—good luck.' There was a clear consultancy and partnership angle. They weren't just selling scans; they were offering to walk through the results with us and help us make sense of them," he shared.
He felt that Halo's onboarding stood out for its consultative support and direct access to senior expertise. The Halo team helped the hospitality company identify the right targets, organize their assets, and align internally without any high-pressure sales hassles.
Halo's initial scans during the free trial uncovered numerous previously unseen vulnerabilities. The company felt Halo offered the best value with comprehensive external scanning to reduce their risk and help safeguard their SOC 2 compliance. In addition, Halo's flexible dashboards enabled the team to sort data in multiple ways, prioritize, and easily assign remediation tasks to their team.
The Results
Halo Security has helped the company transform its external attack surface management into a guided, collaborative security program that quickly surfaces critical issues, delivers contextual information for vulnerabilities, and organizes the remediation work.
The VP shared that the most valuable changes from implementing the Halo Security platform are:
- Reduced vulnerabilities. Halo has helped the company strengthen its security posture. The platform helps identify and remediate external vulnerabilities to manage the company's external attack surface and provides continuous scanning that enables the company to stay ahead of cyberattacks.
- Strengthened SOC 2 compliance processes. By providing credible third-party evidence, revealing blind spots in their attack surface, and turning raw scan results into clear, prioritized remediation work, Halo has streamlined the company's SOC 2 compliance processes and reporting.
- EASM security guidance that many SMBs need and don't always have in-house. Halo has helped the VP and his team understand which issues are worth immediate action versus which can reasonably wait. They found that this was a critical benefit with today's resource-constrained IT teams.
The Halo Difference: Usability With Real Depth Behind It
The VP wanted an excellent EASM solution, but he wanted more than a tool; he wanted a security partner who helped him deliver the remediation outcomes the company needed to ensure they stay SOC 2 compliant.
Halo's emphasis on providing expert guidance was a key differentiator. Instead of leaving the company to interpret findings alone, Halo helps the team understand what's urgent, what's noise, and why—something the VP cited as critical.
Halo delivered exactly what the team needed: a powerful EASM platform backed by real security experts who help interpret, prioritize, and act on findings.
