Prelude Detect is designed to run an array of active security tests on enterprise endpoints with the goal of testing and validating the state of their defenses. Prelude Verified Security Tests (VST’s) provide insight to the effectiveness of defensive controls (AV, NGAV, EPP), hardened configurations (OS/App configuration) and finally emerging threats (latest high severity CVE’s).
Prelude Detect was designed from the ground up with safety in mind. We have documented a number of key safety and security features on our documentation site
Prelude probes are lightweight processes with extremely flexible deployment options. The Probe can be deployed using any systems management or software distribution tool. The probe can also be directly deployed using our Crowdstrike integration.
Probe deployment options
Probe deployment using Crowdstrike
Prelude Detect is configured with 5 default tests with additional tests available as an option. Prelude recommends enabling several of the Malware Prevention tests as a starting point for the Proof of Concept
A key component of the Prelude Detect POC is ensuring that key security events are generated and logged within your EDR and or SIEM tools. As part of the initial deployment process, we recommend configuring your EDR and SIEM to avoid any unexpected SOC activities. Please review the FAQ for SIEM Events and Alerts here
At the conclusion of each Prelude Detect POC, Prelude will provide a summary of the findings and a list of recommendations on improving the security of the managed devices.
Evaluation Lead: your designated Evaluation Lead will coordinate with other teams in your company as needed, to facilitate communication, resource allocation, and technical connections when needed.
Endpoints: you will designate a group of up to 1000 endpoints for the evaluation. We recommend a mix of Windows, Mac, and Linux workstations. Prelude Probes and VSTs are compatible with modern versions of these operating systems (Windows X and newer, Mac Y and newer, Linux Z?).
Deployment mechanism: with assistance from the Prelude team, you’ll select and use a software deployment mechanism to distribute and run Prelude Probes on the designated endpoints.
Security Operations contact: A designated team member from your Security Operations Team (or other function that reviews and acts on security alerts from your defensive tooling) will coordinate with the Evaluation Lead and Prelude personnel to verify that events and alerts are (a) being received and (b) tagged and actioned as intended/known stimuli.
When deploying Prelude Probes to designated endpoints, we recommend a simple phased approach, with two to three days of test results and observation at each phase before proceeding to the next.
Initial group (10): deploy Probes to 10 endpoints. If desired, the initial group could all be on endpoints running the same operating system. Once Probes have been deployed to the initial group, verify that the Probes and VSTs run, results are displayed in the Detect dashboard, and security alerts/notifications are correctly captured and classified.
Expanded group (50): expand the deployment to additional endpoints. If the initial group was on just one operating system, the expanded group should include endpoints on any other operating systems used by your organization. Deployment to the expanded group will allow observation and remediation of any complexities with deployment or reporting, before moving to the full evaluation group.
Full group (up to 1000): deploy Probes to the remaining endpoints in the evaluation group.
