Security operations | 3 min read
New mind maps & cheat sheets: Azure & Kubernetes

Our new Kubernetes mind map/cheat sheet makes it easier for you to know which API calls are associated with different MITRE ATT&CK tactics in k8s environments.

Tips | 3 min read
Four ways to stay safe online: CAM turns 20

Cybersecurity Awareness Month 2023 focuses on using strong passwords and a password manager; turning on MFA; recognizing/reporting phishing; and keeping your software up to date.

Tips | 1 min read
Supercharge your first 100 days as a new CISO

New CISOs have a lot to consider when starting their role. Our new ebook shares helpful advice from seven of our customers’ CISOs on the steps they should take in their first 100 days.

Security operations | 2 min read
Add context to supercharge your security decisions in Expel Workbench

Defenders need so much information to make good security decisions in the SOC. Adding Context to Expel Workbench is one way to make faster and better decisions.

Engineering | 8 min read
Instrumenting the “big three” managed Kubernetes offerings with Python

What’s the best way to securely access the Kubernetes API for managed offerings like GKE, EKS, and AKS? Each has its own middleware, best practices, and hurdles to clear. In this post, we’ll give you the tools you need to do it yourself.

Security operations | 1 min read
Understanding the 3 Classes of Kubernetes Risk

The first step toward securing Kubernetes environments is understanding the risks they pose and identifying the ways in which those risks can be mitigated.

Tips | 7 min read
So you’ve got a multi-cloud strategy; here’s how to navigate five common security challenges

Switching to a multi-cloud solution? Easy! Just kidding. Expel’s senior detection & response engineer shares some things you need to think about when going multi-cloud – and how to stay sane.

Tips | 2 min read
BEC and a “Visionary” scam

The lessons we learn in “real life” apply to the cyber world, and vice versa. You should take your sensitivity to the iffy product and service claims you encounter with you every day when you log in.

Engineering | 1 min read
So long, 2022! Our year in review

To mark the end of 2022 and the beginning of 2023, we’ve curated some of our favorite blog posts from the past 12 months.

Tips | 5 min read
The Security Clause

Believe it or not, there are some parallels between Scott Calvin figuring out his new gig as Santa in the 1994 film, The Santa Clause, and a person entering a new cybersecurity role. Here are a few.

Tips | 5 min read
The Zen of cybersecurity culture

Cybersecurity Awareness Month always generates helpful dos and don’ts. But instead of the bullet points being something we think about doing, they must become things we do without having to think.

Security operations | 2 min read
Security alert: high-severity vulnerability affecting OpenSSL V3 and higher

The OpenSSL Project has identified two security vulnerabilities affecting OpenSSL v3.0 and later. Potentially affected users of versions 3.0.0-3.0.6 should upgrade to v3.0.7 as soon as it is reasonable to do so.

Security operations | 5 min read
Understanding role-based access control in Kubernetes

Understanding authorization is critical to knowing how role-based access control (RBAC) works for securing Kubernetes. No matter your skill level, you must understand the rules that govern Kubernetes.

Security operations | 3 min read
Three Kubernetes events worth investigating

Monitoring your Kubernetes environment is important — especially if you’re running production workloads. This post explains what you should be looking for once you’ve collected the audit logs.

Security operations | 3 min read
Kubernetes: the whale in the room

More than half our cloud customers use Kubernetes (k8s), which can help companies ship software faster, avoid platform lock-in, and reap cost savings from elastic infrastructure that scales on demand.

Tips | 5 min read
An Expel guide to Cybersecurity Awareness Month 2022

As proud Champions of Cybersecurity Awareness Month 2022, we’ve curated some Expel resources to help your organization improve its cybersecurity posture—this October, and beyond.

Tips | 5 min read
Helpful tools for technical teams to collaborate without meetings

Looking to reduce the meeting load on your technical teams while maintaining effective communication and collaboration? Learn the tools and tips that our CTO uses to improve his team’s “meeting mojo.”

Tips | 3 min read
5 pro tips for detecting in AWS

Cloud-based infrastructures can be confusing, but sometimes building a better security program starts with the basics. Try these pro tips to help focus the lens for detecting threats in AWS.

Tips | 6 min read
How to create (and share) good cybersecurity metrics

Establishing metrics is vital. But how do you report progress and have a conversation about what you’re seeing? Are you even looking at the right things? Here are some tips on measuring cybersecurity.

Threat intelligence | 6 min read
Supply chain attack prevention: 3 things to do now

What do you do when you can’t trust the internet? Supply chain attacks like the SolarWinds Orion breach are not new. Here are some things you can do to help prepare and guard against similar attacks.

Tips | 9 min read
3 steps to figuring out where a SIEM belongs in your security program

How can a SIEM help you address your business needs? Do you even need a SIEM? Here are some tips to help you make a decision that works best for you.

Tips | 6 min read
Prioritizing suspicious PowerShell activity with machine learning

Attackers love to look to PowerShell to enact their evil plans. Expel’s senior data scientist tells us how she used machine learning to help analysts spot malicious activity in PowerShell quickly.

Tips | 6 min read
6 things to do before you bring in a red team

Red team engagements are essential to helping your SOC analysts stay battle ready. But before screaming, “CHARGE,” here are six things you should do to prepare for taking on a red team.

Tips | 6 min read
How to create and maintain Jupyter threat hunting notebooks

We got a lot of questions about configuring Jupyter notebooks after presenting at Infosec Jupyterthon 2020. See our response along with some tips for incorporating this tech into infosec processes.

Tips | 7 min read
10 tips for protecting computer security and privacy at home

Many of us recently became remote workers. Now, more than ever, it’s important for us to understand how to keep our at home networks safe. Here are 10 tips to stay secure at home.

Tips | 6 min read
Malware operators Zoom’ing in

Over the weekend, Expel’s analysts discovered a new way attackers are using Zoom to compromise users’ security. Here’s what they learned and what you can do to avoid getting duped.

Tips | 10 min read
It’s time to drive a rising tide

There are a few cybersecurity fundamentals that keep us safe … but how do you get the people in your org to adopt them? Our COO Yanek Korff’s got some ideas.

Tips | 4 min read
5 tips for writing a cybersecurity policy that doesn’t suck

All good cybersecurity policies share some similar traits. Here are our pro tips for creating a solid policy for your own org.

Tips | 4 min read
Four common infosec legal risks and how to mitigate them

There are four missteps we see happen often that open fast-growing companies up to unnecessary legal risks -- here’s how to course correct.

Tips | 6 min read
Dear fellow CEO: do these seven things to improve your org’s security posture

Need to get the security train back on the tracks? Our CEO’s got some pro tips on improving your org’s security ASAP.

Tips | 6 min read
Five tips for improving your data ingestion and auditing process

You’re processing loads of data every day...but are you catching it all? Here are tips from our pros for rocking your data auditing.

Tips | 4 min read
How public-private partnerships can support election security

Election security measures (or lack thereof) are making headlines. How can private sector orgs contribute to public sector security? Our CISO Bruce Potter’s got some ideas.

Tips | 8 min read
How to find Amazon S3 bucket misconfigurations and fix them ASAP

Why do Amazon S3 bucket breaches happen and how can you protect your own org from making this mistake? We’ve got all the AWS pro tips for you in our latest post.

Tips | 6 min read
Evaluating GreyNoise: what you need to know and how it can help you

We use technologies behind the scenes to make Expel Workbench and our analysts more efficient. GreyNoise is one of those -- here's how we use it and why you might find it useful too.

Tips | 9 min read
12 revealing questions to ask when evaluating an MSSP or MDR vendor

We’ve heard lots of interesting Qs as prospective customers evaluate which solution's right for them... here are the 12 you should be asking.

Tips | 10 min read
Seven ways to spot a business email compromise in Office 365

Learn what business email compromise is, BEC scams categories, and how to prevent or identify these spam phishing attacks in Office 365 including mailbox rule examples and more.

Tips | 8 min read
Why we love threat emulation exercises (and how to get started with one of your own)

If your team doesn’t have lots of incident response practice under their belt (yet!), a threat emulation exercise is the perfect way to help them flex...

Tips | 6 min read
How to get the most out of your upcoming SOC tour: making your provider uncomfortable

If you’re in the market for an MSSP or looking to keep tabs on your existing provider, visiting their security operations center (SOC) can be a good way to get a sense for what you’re really buying. Let us walk you through how to prepare for your visit to get the most out of your visit.

Tips | 4 min read
Five quick checks to prevent attackers from weaponizing your website

Here are some of the most frequent ways attackers can use your website and your web presence to harm your company, your users and the public at large.

Tips | 5 min read
How to hunt for reconnaissance

Use the hunting process to find attackers performing reconnaissance, through actions that aren’t things most users typically do, in your system.

Tips | 10 min read
Investigating Darktrace alerts for lateral movement

Learn how Darktrace works and read an Expel review and features guide for Darktrace to decide if this AI cybersecurity platform is right for you.

Tips | 3 min read
How to disrupt attackers and enable defenders using resilience

So… what is resilience? We’ll cover that and also how it works in this post. We’ve even thrown in a couple examples to get you started.

Tips | 1 min read
Heads up: WPA2 vulnerability

A (very) quick overview of the reported WPA2 weakness. The TL;DR is “don’t flip out.” (1 min read)

Tips | 7 min read
From webshell weak signals to meaningful alert in four steps

A practical example of how you can make a weak signal actionable by combining events from your endpoint and network security tech into one meaningful alert.

Tips | 7 min read
How to triage Windows endpoints by asking the right questions

The three parts of the investigative mindset and how to apply them when you triage endpoint alerts. (8 min read)

Tips | 5 min read
A cheat sheet for managing your next security incident

Tactical advice on how to survive a security incident when you don’t have an incident response plan. (6 min read)