Technology

Using Halberd: A More Reliable Way to Test Your Multi-Cloud Security

Running multiple cloud platforms but not fully confident in your security posture? Meet Halberd, a tool that helps you test and validate your multi-cloud security in a practical, hands-on way, not just based on assumptions.

ITSEC Asia

Feb 28, 2026

Using Halberd: A More Reliable Way to Test Your Multi-Cloud Security

Running multiple cloud platforms but not fully confident in your security posture?
Meet Halberd, a tool that helps you test and validate your multi-cloud security in a practical, hands-on way, not just based on assumptions.

Why Guessing Isn’t a Security Strategy?

Today, many organizations rely on multiple cloud providers. Some use Amazon Web Services for infrastructure, Microsoft Azure for certain applications, and maybe Google Cloud for other workloads.

The challenge? The more platforms you use, the more complex your environment becomes. So the real question is: Are you truly confident your systems are secure?

That’s where Halberd comes in.

The Cloud Security Landscape Has Changed

Security used to focus heavily on firewalls and perimeter defenses. Today, attackers are far more interested in user accounts, credentials, and identity access.

As organizations move deeper into multi-cloud environments, common challenges start to surface:

Different providers with different configurations
Expanding infrastructure that’s harder to monitor
Security tools that operate in silos
Limited visibility across the entire environment

In many cases, security evaluation ends up feeling like, “We hope this is secure enough.”

So, why Halberd?

Halberd is an open-source tool built to help security teams run controlled attack simulations against their cloud environments.

Instead of just watching dashboards, Halberd allows you to actively test:

Whether your detection systems are working properly
Whether hidden gaps still exist
What logs are generated during simulated attacks
How quickly your systems respond

In short, it’s about real validation, not assumptions.

1. One Tool for Multiple Cloud Platforms

Halberd supports several platforms within a single environment:

Amazon Web Services
Microsoft Azure
Microsoft Entra ID
Microsoft Office 365
Google Cloud

This means your team doesn’t need to switch between different tools to test each cloud separately.

2. Structured and Comprehensive Attack Simulations

Halberd includes over 100 attack simulation techniques aligned with industry standards.

Each simulation can be configured and produces clear, actionable results. This helps security teams determine whether their defenses are truly prepared for real-world threats.

3. Easy to Use, No Complex Command Line Required

Many security tools rely heavily on command-line interfaces and require deep technical expertise. Halberd takes a different approach.

With its web-based interface:

It’s more intuitive
No need to memorize commands
Accessible directly from a browser
Easier for teams to collaborate

Security testing becomes more practical and efficient.

How Does It Compare to Other Tools?

Halberd vs Pacu

Pacu is an open-source tool designed specifically for AWS security testing.

However:

It focuses only on AWS
It is command-line based

Halberd, on the other hand:
✔ Supports multi-cloud environments
✔ Web-based graphical interface
✔ Provides a more integrated experience

Halberd vs Stratus Red Team

Stratus Red Team is built to test cloud threat detection using predefined attack scenarios.

Key differences:

Command-line based
Typically relies on dedicated simulation infrastructure

Halberd offers more flexibility across real cloud environments and is designed to be more user-friendly.

ITSEC’s Contribution to Halberd

ITSEC, through the Cloud Security team, has made significant contributions to the Halberd project, including:

Technical Core
Contributed 4.8K lines of code across 36 commits and 10 pull requests. This was not just maintenance; it was a structural expansion.
Closing the Google Cloud Gap Support
Introduced comprehensive support for Google Cloud, including over 10 new attack techniques, ensuring Halberd provides the same depth as it does for other cloud providers/platforms.
Reliability and User Experience Improvements
Fixed bugs and enhanced the Halberd user interface (UI) and refined event logging mechanisms.
General Refinements
Implemented various minor improvements and changes in the project.
Community Evangelism
Extended our contribution beyond code by presenting the project at PyCon Indonesia 2025, helping grow the tool's user base within the Python developer community.

It’s Time to Move Beyond Monitoring

Securing multi-cloud environments isn’t just about deploying monitoring tools and hoping everything is fine.

Organizations need to:

Actively test their defenses
Identify gaps before attackers do
Ensure detection systems actually work
Gain full visibility across their cloud environments

Halberd helps make this process structured, measurable, and easier to execute.

At ITSEC, we don’t just recommend a tool, we actively develop it alongside the open-source community.

Prepare Before It Becomes a Crisis

Waiting for an incident to expose weaknesses is risky, and you need to proactively validate your multi-cloud security.

ITSEC can help you:

Conduct multi-cloud security testing
Validate detection and response mechanisms
Identify misconfigurations and hidden risks
Strengthen your overall cloud resilience

Reach out to the ITSEC team for a consultation and initial assessment tailored to your organization’s needs.

Talk to our Cloud Security Expert Now!

Share this post

Introduction to SOAR

Info

In a sense, SOAR can truly help your CSOC feel like it has wings. SOAR is a security operations and reporting platform that leverages machine-readable data from various sources to provide management, analysis, and reporting capabilities to support cybersecurity analysts. The SOAR platform applies decision-making logic, combined with context, to provide standardized workflows and enables triage (priority assignment) of cybersecurity remediation tasks. The SOAR platform provides actionable intelligence, allowing you to stay on top of your workflows. WHAT IS THE DIFFERENCE BETWEEN SOAR AND SIEM? SIEM has been around for some time and has evolved from being a security event correlation tool to a full-fledged security analysis system. Traditionally, SIEM practices involve collecting your security logs and events to provide visibility into what is happening within your organization from a cybersecurity perspective. The evolution of the tools we use is an ongoing process, and while alerts about suspicious behavior are necessary, the primary goal is to act quickly and effectively upon those alerts. Traditional SIEM will notify you that something is

ITSEC Asia

Jul 10, 2023 — 4 minutes read

Technology

ITSEC Guide to DevSecOps

Tips

Hacks

Any technical team currently using the DevOps framework should seek ways to move towards the DevSecOps mindset by enhancing the security skills of each team member from various technology backgrounds. From building business-focused cybersecurity services to testing potential cybersecurity exploits, the DevSecOps framework ensures that cybersecurity is built by embedding it into applications rather than being just an add-on. By ensuring security considerations at every stage of software delivery, you continuously integrate security, which reduces compliance costs and enables the rapid and secure delivery of software. DEVSECOPS IN PRACTICE The advantage of DevSecOps is that it brings about increased automation along the software delivery pipeline. This automation is beneficial in the long run as it eliminates errors, reduces cyberattacks, and minimizes downtime. Organizations looking to integrate security into their DevOps framework find that the process can be relatively seamless if they use the right DevSecOps tools. The workflows of DevOps and DevSecOps can be summarized as follows: An engineer writes code within a version control platform. Changes are applied to the version

ITSEC Asia

Jul 10, 2023 — 4 minutes read

Technology

Why Cybersecurity Asset Inventory Is the Foundation of Strong Cyber Defense

INTRODUCTION Many cyber attacks succeed not because security tools fail, but because organizations do not fully know what they are protecting. According to the World Economic Forum, cyber risk continues to increase as digital environments become more complex and interconnected, especially with the rapid adoption of cloud services and remote work. New systems, applications, and devices are added faster than security teams can track them. Over time, some assets become forgotten, unmanaged, or left without proper security controls. These unknown assets often become the easiest entry point for attackers. If you’d like a deeper look at why asset visibility matters at a basic level, see our earlier post Why You Need To Take Asset Inventory Seriously [https://itsec.asia/blog/why-you-need-to-take-asset-inventory-seriously?utm_source=chatgpt.com] — it explains the core concept in simple terms. This article builds on that foundation and explains why cybersecurity asset inventory is a foundational capability for modern cyber defense. WHAT IS CYBERSECURITY ASSET INVENTORY? Cybersecurity asset inventory is the process of identifying and maintaining visibility over all digital assets within an organization. This includes: * Endpoints such

ITSEC Asia

Jan 09, 2026 — 4 minutes read

Using Halberd: A More Reliable Way to Test Your Multi-Cloud Security

Using Halberd: A More Reliable Way to Test Your Multi-Cloud Security

Why Guessing Isn’t a Security Strategy?

The Cloud Security Landscape Has Changed

So, why Halberd?

1. One Tool for Multiple Cloud Platforms

2. Structured and Comprehensive Attack Simulations

3. Easy to Use, No Complex Command Line Required