Podcast Summary: Threat Vector by Palo Alto Networks

Episode: Why Proactive Security Can’t Wait
Date: November 20, 2025
Host: David Moulton (Senior Director of Thought Leadership, Unit 42)
Featured Guest: Elad Karan (Security Leader)

Episode Overview

In this episode, David Moulton sits down with Elad Karan to explore why reactive security models are falling short in the face of today’s rapidly evolving threat landscape. Together, they break down the necessity for proactive security approaches, discuss integrating security early (“shifting left”) in the development cycle, examine the risks posed by attackers’ use of AI and automation, and share practical insights for security leaders aiming to unify both peacetime and wartime security strategies. The conversation is energetic, candid, and loaded with actionable advice for security professionals.

Key Discussion Points & Insights

The Failure of Reactive Security in Modern Environments

• Cloud Complexity & Posture Management
  • Elad Karan dispels the belief that simply maintaining good cloud posture or hygiene guarantees safety:

    "I haven't found a single organization that was able to maintain this amazing posture and even if they could achieve it, maintaining it for a while, it's impossible." – Elad Karan [02:53]

  • The ever-increasing number of cloud services and integrations raises both attack surface and complexity, making it harder for teams to stay ahead.

Warning Signs of a Reactive Security Model

• Chasing Technology & Budget Constraints
  • Security teams are often forced into a reactive position, lagging behind business and development with legacy approaches:

    "Security teams keep on trying to chase the technology of their organization... the business wants to move as fast as possible... security teams need to fight for budget for people..." – Elad Karan [05:26]

  • Signs of trouble: High security team turnover and an over-reliance on adding people, rather than pursuing efficiency through better tools and data integration.

Security as a Business Accelerator

• Security as an Enabler, Not a Roadblock
  • Citing a past guest, Mira, David Moulton argues that robust security helps organizations innovate with confidence:

    "Security... allows her and the CIO organization to go faster... she feels confident that security is a strong brake when something needs to stop, but it allows her to take an aggressive approach to innovation..." – David Moulton [08:31]

  • Adding more people doesn’t always yield better outcomes—efficiency and smart consolidation of tools is vital.

Attackers Leveraging AI & Automation

• Defender Disadvantage Without Proactive Measures
  • Attackers are using AI and automation to accelerate and adapt their attacks, outpacing organizations that do not match this speed and capability.
• Real-World Example: Secrets in GitHub
  • Elad describes internal research showing that leaked secrets in public repos are exploited within minutes:

    "It takes minutes, minutes between having a secret available in a repo in GitHub... before it's harvested." – Elad Karan [12:04]

  • Reinforces the need for security embedded in CI/CD, proactively blocking risky actions before they hit production.

Defining Proactive Security

• Beyond Hygiene: From "Peacetime" to "Wartime"
  • Proactive security encompasses everything done before an incident, including hardening, configuration, process integration, and even infrastructure to support future investigations.

    "Proactive security is everything you do in peacetime before an attack has happened. Everything. It... includes also having the right infrastructure to support the reactive security." – Elad Karan [16:33]

Integrating Vulnerability & Threat Management

• Unified Approach Needed
  • Traditional separation between vulnerability and threat management is outdated; attackers exploit the seams between them.

    "You cannot really look at the threat detection piece without understanding the context of vulnerability management, exposure management that goes even beyond vulnerability management." – Elad Karan [18:25]

  • Unifying these provides critical investigation context and supports more decisive, effective response.

Importance of a Unified Data Layer

• Data Fragmentation is a Critical Barrier
  • Siloed and incomplete data sets cripple detection and context-aware response:

    "If you don't, you're missing a big chunk of information... being able to use anomaly detection, AI-based capabilities in systems because you collect the right set of data and it's all stitched together..." – Elad Karan [23:23, 26:57]

  • Unified data enables context-rich detection (e.g., not just “high blood pressure,” but the story around it), future-proofing against evolving threats.

Building Developer Trust and Shifting Left

• Evidence-Driven Engagement
  • Security must earn developer trust by providing actionable, evidence-based feedback, not just directives:

    "It does not come with just a statement that says, trust us, it'll work. No, it needs to come with data, it needs to come with evidence... Being able to highlight the potential risk if you're not doing that properly..." – Elad Karan [28:41]

  • Empowering security practitioners to communicate clearly with developers helps drive adoption of proactive controls within the development lifecycle.

Notable Quotes & Memorable Moments

• On the Acceleration of Cloud Risk:

  "As more sensitive data is going to the cloud, risk is higher, availability of attack surface to attackers higher, and your level of protection getting lower. You need better protection." – Elad Karan [03:52]

• On Shifting Security Left:

  "If you add security as soon as possible, then you can rest assured that it will not come back at the end and tell you, hey listen... you have users information out there explicitly open to attackers..." – Elad Karan [11:41]

• On Unified Threat and Vulnerability Management:

  "If you're not tying those two together, then you're missing a critical piece in that investigation." – Elad Karan [19:51]

• On the Value of Context in Security Data:

  "That level of assessment is only available if you truly have the data properly connected and properly collected... not just analyze what happens now, but what can potentially happen later, that is a huge thing." – Elad Karan [27:35]

Timestamps for Important Segments

| Timestamp | Segment Description | |-----------|--------------------------------------------------------------------------------------------------| | 02:37 | Why reactive security fails in today’s cloud and hybrid environments | | 05:04 | Warning signs of a stuck, reactive security team | | 08:25 | Security as an innovation accelerator, not just a brake | | 10:14 | Risks if defenders fail to match attackers using AI/automation | | 12:04 | Example: Secret in GitHub repo exploited in minutes | | 15:59 | Elad’s definition of proactive security and “peacetime” actions | | 17:42 | Integrating threat, vulnerability, and exposure management | | 20:14 | The importance of unifying peacetime and wartime security strategies | | 23:04 | Data fragmentation as a barrier to proactive defense | | 26:40 | Analogy: Security context is like medical context—full data is essential | | 28:16 | Shifting left: How security leaders can drive change and earn developer trust |

Conclusion

This episode underscores the urgent need to move away from legacy, reactive security practices and toward a unified, proactive, and context-driven defense posture. By building trust with development teams, integrating disparate data sources, and aligning vulnerability management with threat detection, organizations can better anticipate threats and respond with agility and clarity. The conversation is a must-listen for security professionals aiming to enable business acceleration without sacrificing safety.