About Detect

Continuous security testing at scale

Detect is a testing service that provides continuous visibility of your endpoint security.

It is a Software as a Service (SaaS) solution that works like this:

  • Schedule tests that safely replicate the latest security attacks and vulnerabilities
  • Deploy lightweight probes on all your endpoints
  • Monitor how your endpoints respond from an executive dashboard

Know with certainty that your defenses will protect you from the latest threats. Immediately.

The Detect difference

At scale

Security testing has long been reserved for low-scale development environments. The results are typically extrapolated to the infrastructure as a whole. The decisions that follow are made with partial information. The problem with this approach is that two endpoints are rarely the same. Differing configurations, user behavior and installed applications create a variable attack surface.

Detect is designed to run at production scale. By testing endpoints independently, each unique risk can be exposed and resolved.

Relevant threats

When a new threat is identified in the wild - typically through a government advisory - it is converted into a security test and scheduled against all relevant endpoints. This process exposes the risk a particular threat has to your specific environment. Detect exposes the endpoints that are relevant to the threat and the subset of them that are unprotected.

Secure vs insecure

Year-over-year security incidents climb in number and impact. It has become clear our protection measures are not making the world a safer place.

Breaking the problem down to the primitives - there are clients and there are servers. Our laptops and phones are clients. Our cloud VMs, containers and spinning drives are servers. Each device - or endpoint - is either secure or insecure. Making a device secure can be done either "by design" or through patching.

Detect separates your endpoints into secure and insecure device types and marks them as either protected or unprotected after each test.


Detect integrates with your EDR and attempts to self-heal any endpoint that fails a test. This is a two-pronged process:

  1. An IOC/IOA representing the threat is cataloged so other endpoints can prevent it.
  2. The EDR (may) start a behavioral analysis to detect and prevent similar attacks in the future.

The continuous nature of Detect makes it easy to identify when an endpoint heals, moving from an unprotected to a protected state.

Get started

This documentation is the most robust location for Detect knowledge, covering all available features and written in a contextual style to supplement the technical details. It is organized chronologically but each page stands on its own. Either click through in order or head straight to an area of interest.