Logo
Technology

Using Halberd: A More Reliable Way to Test Your Multi-Cloud Security

Running multiple cloud platforms but not fully confident in your security posture? Meet Halberd, a tool that helps you test and validate your multi-cloud security in a practical, hands-on way, not just based on assumptions.

ITSEC AsiaITSEC Asia
|
Feb 28, 2026
Using Halberd: A More Reliable Way to Test Your Multi-Cloud Security

Using Halberd: A More Reliable Way to Test Your Multi-Cloud Security

Running multiple cloud platforms but not fully confident in your security posture?
Meet Halberd, a tool that helps you test and validate your multi-cloud security in a practical, hands-on way, not just based on assumptions.

Why Guessing Isn’t a Security Strategy?

Today, many organizations rely on multiple cloud providers. Some use Amazon Web Services for infrastructure, Microsoft Azure for certain applications, and maybe Google Cloud for other workloads.

The challenge? The more platforms you use, the more complex your environment becomes. So the real question is: Are you truly confident your systems are secure?

That’s where Halberd comes in.

The Cloud Security Landscape Has Changed

Security used to focus heavily on firewalls and perimeter defenses. Today, attackers are far more interested in user accounts, credentials, and identity access.

As organizations move deeper into multi-cloud environments, common challenges start to surface:

  • Different providers with different configurations

  • Expanding infrastructure that’s harder to monitor

  • Security tools that operate in silos

  • Limited visibility across the entire environment

In many cases, security evaluation ends up feeling like, “We hope this is secure enough.”

So, why Halberd?

Halberd is an open-source tool built to help security teams run controlled attack simulations against their cloud environments.

Instead of just watching dashboards, Halberd allows you to actively test:

  • Whether your detection systems are working properly

  • Whether hidden gaps still exist

  • What logs are generated during simulated attacks

  • How quickly your systems respond

In short, it’s about real validation, not assumptions.

1. One Tool for Multiple Cloud Platforms

Halberd supports several platforms within a single environment:

  • Amazon Web Services

  • Microsoft Azure

  • Microsoft Entra ID

  • Microsoft Office 365

  • Google Cloud

This means your team doesn’t need to switch between different tools to test each cloud separately.

2. Structured and Comprehensive Attack Simulations

Halberd includes over 100 attack simulation techniques aligned with industry standards.

Each simulation can be configured and produces clear, actionable results. This helps security teams determine whether their defenses are truly prepared for real-world threats.

3. Easy to Use, No Complex Command Line Required

Many security tools rely heavily on command-line interfaces and require deep technical expertise. Halberd takes a different approach.

With its web-based interface:

  • It’s more intuitive

  • No need to memorize commands

  • Accessible directly from a browser

  • Easier for teams to collaborate

Security testing becomes more practical and efficient.

How Does It Compare to Other Tools?

Halberd vs Pacu

Pacu is an open-source tool designed specifically for AWS security testing.

However:

  • It focuses only on AWS

  • It is command-line based

Halberd, on the other hand:
âś” Supports multi-cloud environments
âś” Web-based graphical interface
âś” Provides a more integrated experience

Halberd vs Stratus Red Team

Stratus Red Team is built to test cloud threat detection using predefined attack scenarios.

Key differences:

  • Command-line based

  • Typically relies on dedicated simulation infrastructure

Halberd offers more flexibility across real cloud environments and is designed to be more user-friendly.

ITSEC’s Contribution to Halberd  

ITSEC, through the Cloud Security team, has made significant contributions to the Halberd project, including:

  1. Technical Core
    Contributed 4.8K lines of code across 36 commits and 10 pull requests. This was not just maintenance; it was a structural expansion.

  2. Closing the Google Cloud Gap Support
    Introduced comprehensive support for Google Cloud, including over 10 new attack techniques, ensuring Halberd provides the same depth as it does for other cloud providers/platforms.

  3. Reliability and User Experience Improvements
    Fixed bugs and enhanced the Halberd user interface (UI) and refined event logging mechanisms.

  4. General Refinements
    Implemented various minor improvements and changes in the project.

  5. Community Evangelism
    Extended our contribution beyond code by presenting the project at PyCon Indonesia 2025, helping grow the tool's user base within the Python developer community.

It’s Time to Move Beyond Monitoring

Securing multi-cloud environments isn’t just about deploying monitoring tools and hoping everything is fine.

Organizations need to:

  • Actively test their defenses

  • Identify gaps before attackers do

  • Ensure detection systems actually work

  • Gain full visibility across their cloud environments

Halberd helps make this process structured, measurable, and easier to execute.

At ITSEC, we don’t just recommend a tool, we actively develop it alongside the open-source community.

Prepare Before It Becomes a Crisis

Waiting for an incident to expose weaknesses is risky, and you need to proactively validate your multi-cloud security.

ITSEC can help you:

  • Conduct multi-cloud security testing

  • Validate detection and response mechanisms

  • Identify misconfigurations and hidden risks

  • Strengthen your overall cloud resilience

Reach out to the ITSEC team for a consultation and initial assessment tailored to your organization’s needs.

Talk to our Cloud Security Expert Now!

Share this post

You may also like

Why Cybersecurity Asset Inventory Is the Foundation of Strong Cyber Defense
Technology

Why Cybersecurity Asset Inventory Is the Foundation of Strong Cyber Defense

INTRODUCTION Many cyber attacks succeed not because security tools fail, but because organizations do not fully know what they are protecting. According to the World Economic Forum, cyber risk continues to increase as digital environments become more complex and interconnected, especially with the rapid adoption of cloud services and remote work. New systems, applications, and devices are added faster than security teams can track them. Over time, some assets become forgotten, unmanaged, or left without proper security controls. These unknown assets often become the easiest entry point for attackers. If you’d like a deeper look at why asset visibility matters at a basic level, see our earlier post Why You Need To Take Asset Inventory Seriously [https://itsec.asia/blog/why-you-need-to-take-asset-inventory-seriously?utm_source=chatgpt.com] — it explains the core concept in simple terms. This article builds on that foundation and explains why cybersecurity asset inventory is a foundational capability for modern cyber defense. WHAT IS CYBERSECURITY ASSET INVENTORY? Cybersecurity asset inventory is the process of identifying and maintaining visibility over all digital assets within an organization. This includes: * Endpoints such

ITSEC AsiaITSEC Asia
|
Jan 09, 2026 — 4 minutes read
5 Industries That Need Security Solutions Integration the Most
Technology

5 Industries That Need Security Solutions Integration the Most

INTRODUCTION Security threats today are no longer isolated incidents. They are interconnected, fast-moving, and increasingly sophisticated. Organizations may deploy surveillance cameras, alarms, and cybersecurity tools, yet still remain vulnerable if these systems operate independently. The reality is simple: risk does not come from the absence of security tools. It comes from gaps between them. As highlighted in many breach investigations, vulnerabilities often emerge when systems fail to communicate or respond collectively. Fragmented security environments delay detection, weaken response, and amplify damage once an incident occurs. This mirrors broader security findings where systemic failures, not single points of failure, are the primary cause of major incidents. Security solutions integration addresses this problem by connecting physical security, cybersecurity, and operational monitoring into one coordinated system. And in certain industries, this integration is not just beneficial. It is critical. Below are five industries where security system integration has become essential to operational continuity, safety, and risk management. 1. HEALTHCARE INDUSTRY Healthcare organizations manage some of the most sensitive environments in modern society. Hospitals operate 24/7, handle confidential medical

Ajeng HadeAjeng Hade
|
Mei 04, 2026 — 6 minutes read
OT Cybersecurity Incident Response: ICS4ICS Roles and Responsibilities
Technology

OT Cybersecurity Incident Response: ICS4ICS Roles and Responsibilities

ot cybersecurity
ot technology

As industrial operations continue to embrace digital transformation, Operational Technology (OT) systems—which control and monitor critical physical processes—are becoming increasingly vulnerable to cyber threats. Unlike IT systems, OT environments often lack mature cybersecurity controls, making them attractive targets for attackers. A successful cyberattack can result in physical damage, safety risks, operational disruption, and significant financial losses. In this high-stakes context, a well-structured, role-based incident response plan is essential. This whitepaper introduces a comprehensive OT cyber incident response model that integrates globally recognized standards, including ISA/IEC 62443, NIST SP 800-82r3, NIST SP 800-61r2, and ISO/IEC 27001, while operationalizing the response using FEMA’s Incident Command System (ICS) and industry-specific enhancements from the ICS4ICS initiative. The framework focuses on establishing clear roles and responsibilities across both corporate and site-level teams—such as Incident Commander, Safety Officer, and Operations Section Chief—and aligning actions through the Planning “P” cycle to ensure a coordinated, safe, and timely response. An example case study involving ransomware at a gas-fired power plant demonstrates the effectiveness of this approach, highlighting zero downtime, rapid containment, and

ITSEC AsiaITSEC Asia
|
Jan 01, 2023 — 17 minutes read

Receive weekly
updates on new posts

Subscribe
Logo
Indonesia

Noble House, Level 11
Jakarta 12950, Indonesia

Singapore

112 Robinson Road, #11-04
Singapore 068902

Australia

Level 22, 120 Spencer St Melbourne,
Victoria, 3004

United Arab Emirates

Golden Mile 4, Office 13, Floor M,
Palm Jumeirah, Dubai, United Arab Emirates

Mauritius

The Catalyst Building, Ground Floor, Lot 40,
Silicon Avenue Ebene, Mauritius

Services

Copyright © ITSEC 2026 | All Rights Reserved