Arpan Sarkar, Senior Security Engineer at Vectra AI highlights the benefits of multi-cloud testing tools, AI’s growing role in security and testing and a few key security fundamentals for global IT teams:
———-
Arpan, welcome to our CIO Interview Series, tell us more about your role at Vectra AI.
I serve as a Senior Security Engineer within the product management team, which puts me in a fascinating position at the intersection of security research and product development. Vectra AI builds an AI-powered threat detection and response platform, and my role is to ensure we stay ahead of emerging threats and build robust security capabilities.
My work involves two key aspects. First, I conduct hands-on security research and red team engagements. This gives us invaluable insights into how threats manifest in the real world.
Second, I translate these insights into actionable product capabilities by working closely with our product managers, engineering teams, and other security researchers.
I also get to contribute to the broader security community by developing open-source security tools based on our research findings. After all, the best way to fight shadows is to shine a light on them.
Also Read: CIO Influence Interview with Donald Fischer, Co-founder and CEO, Tidelift
How are you seeing AI play a more significant game in the security and testing domain? Tell us about Halberd too…
Halberd emerged from a fundamental challenge we observed in the security industry – while cloud adoption has skyrocketed, the ability to effectively test cloud security posture has remained complex and fragmented, which makes testing time-consuming and expensive.
What sets Halberd apart is its comprehensive yet simplified approach. Through a single intuitive web interface, security teams can execute over 80 attack techniques across Entra ID, M365, AWS, and Azure (and yes, we see you GCP users, you’re on the roadmap). These include everything from reconnaissance to privilege escalation and simulate attack patterns we see in real incidents.
The impact is significant – teams previously juggling multiple tools and spending days on test setup can now deploy Halberd in under 10 minutes and start validating their cloud security.
The ultimate goal is simple – make meaningful security testing accessible to every organization, regardless of their size or security maturity. When security teams spend less time on tool complexity and more time on actual security validation, everyone benefits except the attackers.
When it comes to AI in Security Testing, while AI has become a buzzword in the recent past, I believe the true value of AI in security isn’t about replacing human expertise – it’s about extending what’s humanly possible. We’re seeing this play out in three critical areas:
- Using AI to find subtle patterns in vast cloud configurations that human analysts might miss – like identifying risky permission combinations or abnormal service interactions that could indicate security gaps.
- It’s changing how we approach test coverage by dynamically adapting security tests based on an organization’s unique cloud architecture, moving us beyond the limitations of static playbooks.
- Processing threat intelligence and security logs at scale in real-time to identify emerging attack patterns and translating them into actionable test scenarios.
However, it’s crucial to understand that AI isn’t a silver bullet. The most effective security testing combines AI’s analytical capabilities with human expertise. Security professionals need to understand the ‘why’ behind each test, interpret results in context, and make informed decisions about risk mitigation. That’s why tools like Halberd focus on empowering security teams rather than replacing their judgment.
Also Read:Â A Comprehensive Guide to DDoS Protection Strategies for Modern Enterprises
How are multi-cloud testing tools more beneficial from a fundamental level?
The benefits of multi-cloud testing tools go beyond simple convenience. First, they provide a unified security perspective. When you’re testing across multiple cloud platforms simultaneously, you can identify cross-platform vulnerabilities that might be missed when testing platforms in isolation.
Second, they eliminate the mental gymnastics security teams perform when juggling multiple tools. Instead of mastering five different tools with five different interfaces, teams can focus on what matters – finding security gaps. This not only saves time but also improves the quality of testing by enabling teams to focus on security scenarios rather than tool mechanics.
Finally, multi-cloud tools better reflect the reality of modern enterprise environments. Most organizations don’t operate in a single cloud – they have hybrid environments with interconnected services. Testing these environments in isolation is like checking individual puzzle pieces without seeing the complete picture.
Can you throw light on some of the most security protocol fundamentals that users and IT teams should look into more deeply today as well as more on the biggest threats affecting today’s digital first teams and brands?
The fundamentals haven’t changed as much as the context has evolved. This means that the core principles of security remain constant, but where these fundamentals are applied have shifted.
Identity remains the new perimeter in cloud environments. Organizations need to focus on basics like access management, privilege escalation paths, and resource exposure.
The biggest threats today stem from the inherent complexity of modern cloud environments. We’re seeing attackers masterfully abuse cloud-native features – turning legitimate automation services into attack platforms, exploiting trust relationships between services, and weaponizing built-in administrative capabilities.
The challenge isn’t just about misconfigured permissions anymore; it’s about attackers understanding cloud architectures sometimes better than us defenders. They’re living off the cloud land, if you will – using the same tools and services that keep businesses running to execute their attacks. The complexity of service interactions, coupled with the rapid pace of cloud evolution, creates a perfect storm where a single overlooked permission or service connection can cascade into a significant breach. Supply chain attacks have become particularly potent in cloud environments, where the interconnected nature of services means compromising one component can create ripple effects across the entire infrastructure.
For IT and security teams, the priority should be on:
- Regular & comprehensive security testing across all cloud surfaces
- Understanding identity and access paths, especially across cloud boundaries
- Implementing strong detection and response capabilities
- Maintaining visibility into resource configurations and changes
- Building security automation into deployment pipelines
The key is moving from reactive to proactive security postures. Tools like Halberd enable teams to continuously validate their security controls rather than waiting for incidents to occur.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
Vectra AI is a leader in AI driven extended detection and response (XDR). The Vectra AI Platform delivers integrated signal across network, identity, cloud, SaaS, and Gen AI in a single platform.
Arpan Sarkar, is Senior Security Engineer at Vectra AI