Why I Joined Prelude: Josha Stella, VP of Cloud Security
In the world of computer security, there are a lot of "I think so" and "we're doing everything to best practices" sort of confidence levels in how protected the organization is. I really don't like those kinds of answers. What we want to know is whether and where we have exposure. To get to "I think so" we employ a vast array of tools and follow best practices. We have email security tools, endpoint security tools, cloud security tools, network security tools, etc. We practice red or purple teaming. We constantly examine alerts and try to keep up with threat intelligence and the news.
The primary reason I joined Prelude is that our approach is the first practical one I've seen for getting closer to actual knowledge of our threat exposures and how to correct where needed. We will never get to a place in computing where we can fully trust our infrastructure and applications. We will never have perfect deployment and configuration of our security tools. What is needed is constant and low latency knowledge of the imperfections and a means to streamline fixing.
To reach the levels of frequency and constancy needed, we need to employ automation and AI. We need AI driven automated threat detection and management as a fundamental part of the fabric of our security toolstack. Running a static set of human-generated tests can help, but we really need automation of test creation and immediately actionable remediations as well, and LLMs are extremely well suited for this task. I've seen the "co-pilot" sort of LLM integration with security tools, but what we are doing at Prelude goes much deeper and is integral to our architecture. This is exactly the sort of thing Garry Kasparov talks about with AI - using it for the things humans are bad or inefficient at, as helpers to the human decision makers.
Of course, once we’ve identified where we aren’t effective at stopping threats, we need to change our security posture with the tools we’ve chosen to implement. From hunting for threats, to detecting them, to remediation, a full lifecycle of the found threat and its remediation is needed. Prelude’s threat-oriented tooling uniquely allows our customers to manage this entire lifecycle.
Prelude isn't trying to replace parts of your security tool stack, we're force multiplying your security team. By embedding modern AI deeply into our product we're taking a lot of the labor intensive aspects of having a good security posture off your list of manual processes. This both radically improves the velocity of performing efficacious testing of your security posture, and helps solve the perennial labor shortage issues we all face in computing security.
Prelude is building a threat-oriented meta layer over your security tool stack to give you better knowledge of potential outcomes. Not just risk mitigation, but actionable knowledge about real threats across endpoint, cloud, AI, or anything else in the future. The hackers don’t care about our asset types - they jump from one to another in seconds. Prelude actually addresses what they do.
Those are the reasons why I wanted to join this amazing team, but that had to be reciprocal! Spencer and the team and I did some great working sessions, and it was clear to all of us that my background in cloud-specific security would be a good addition to the experts in host/endpoint security and AI at Prelude. I'm super excited to be here and just wait til you see what's coming from Prelude!