The security industry focuses the vast preponderance of its time, resources, and intellectual capital on designing advanced tools only accessible to 'elite' (government + very large) organizations. There are good reasons for this - these organizations often have the most to lose in being attacked, have the resources to spend on defense, and staff full-time security teams.
In many ways, this can be thought of as raising the security ceiling, constantly pushing to advance technology in order to outsmart/outrun adversaries.
Unfortunately, very little of that advanced technology makes its way down to the rest of the market, including critical infrastructural organizations like hospitals, schools, and just about every small-and-medium-sized organization.
We consider the work of bringing this advanced security down to all organizations as raising the security floor.
This is Prelude's mission. We want to help bring advanced security to all organizations, in order to raise the collective security floor. We think this is important for many reasons, not least of which is that we now exist in a flattened supply chain ecosystem - where attackers can leverage unprotected smaller organizations to get to critical corporations or government agencies. Society’s greatest security risk is in the virtually undefended tier of organizations below the ‘elite’ level. Collectively, they represent our biggest vulnerability.
To start, we are focusing on making offensive security technology more accessible. Why offensive security, rather than defensive? Most sophisticated attacks come from well-funded/organized organizations that use advanced adversarial techniques to break into systems. In order to defend against these attacks, organizations must be able to mimic their behavior against their own defenses. In doing this, they can continuously test the efficacy of their defensive tools, and most importantly, the behaviors of their people, against these attacks. We believe that injecting ‘realistic attack data’ into the security stack is going to become standard in the near future.
Today, we are launching Prelude Operator V1.0 out of beta - an easy-to-use desktop application that helps to defend organizations by deploying realistic adversarial attacks. We make it as simple as possible to create, test, and integrate realistic attacks into your system in order to evaluate your defenses and adjust to evolving adversaries. This technology, known as adversary emulation or mimicry, has largely existed in research papers or expensive enterprise products. We have made it open and accessible for any security engineer to use, for free.
We are also excited to announce our partnership with The MITRE Corporation. MITRE's mission is to solve problems for a safer world. In the security space, MITRE is well known for its public projects like ATT&CK, CALDERA, and CVE. Prelude & MITRE will be working together to collaborate on research and product development to offer small and mid-sized organizations advanced security tools that can help protect them.
Prelude is also announcing an integration with Elastic Security. Using Operator and Elastic, security teams can build and deploy sophisticated adversary emulations and collect security events within Elastic Agent & Fleet. Elastic users can use Operator to generate realistic attack data and test whether their Elastic instances pick up on that adversarial behavior. In just a few clicks, both products can be connected to “close the loop” in testing security defenses.
We have assembled a team of employees, investors, and advisors dedicated to accelerating our mission. The team, which you can read more about here, includes two of the core developers/researchers from the CALDERA project. We are grateful to have raised a seed round of $4.25m from Four Rivers, IA Ventures, Rise of the Rest, General Advance, New Ground Ventures, The MITRE Corporation, Jerry Murdock, and others to build out our vision.
With Operator, Prelude is focused on making advanced security accessible, simple and transparent. If you’re interested in helping in this journey, please feel free to reach out to us on Twitter or email us. Download Operator for free.