blog-header-image
| 4 min read
| Jun 19, 2019
| by Dave Merkel, Justin Bajko and Yanek Korff

Judgment, relationships and gratitude


“Oh great, yet another cybersecurity company raised bleventeen million dollars. Guess the security vendor logo chart’s gonna need a second page sometime soon. Can’t wait for those sales calls.”

Yeah, that’s partially our fault. But we feel your pain. And that pain is precisely why we raised our latest round of $40 million from the great folks at Index Ventures and our existing cohort of fantastic investors (thank you!). Allow us to explain.

You see, while having more cash doesn’t make orgs safer, it does allow us to continue on our journey to change the current model of what most people think of when they hear the term “managed security.”

The old thinking in managed security is that throwing more people into a security operations center (SOC) to wait for alerts to come in is the way to scale operations. Don’t get us wrong — people are important (more on that in a minute) — but the standard school of thought just makes for poor service quality and more errors. That’s not helping anybody.

When it comes to people, there are a few things that only people can do that truly make us safer: using their judgment and building relationships. When security teams have enough time to build strong relationships with the various parts of the business in which they operate, they gain crucial context that improves their judgment to determine the best course of action for both enabling and protecting their orgs.

There’s just one problem: these people don’t exist. Or at least not as many of them as we need {insert your favorite cliche about the lack of great cybersecurity talent here}. And that’s not changing anytime soon.

But the money keeps flowing. It’s created no shortage of interesting and innovative technologies to generate security signal. And they all require — you guessed it — more people. But what’s a CISO (if you’re lucky enough to have one) to do if they can’t find the people to tend to all those products? How can they take that signal and find a way to take action on it quickly, reliably and at a predictable cost?

Our take

It all comes back to judgment and relationships. We think security teams add the most value when they’re focusing that judgment and those relationships on risks that are unique to their business. Technology should be used to automate everything else. And it turns out there sure is a lot that can be automated.

As we set out to create Expel, we wanted to build something that would let CISOs everywhere stop playing a game of alert whack-a-mole and focus on managing the risks unique to their business. One CISO we work with recently told us that the relationship with Expel “gives us the ability to do other things. Not to mention it’s nice to be able to actually go on vacation and know we’re covered.” This is exactly the kind of freedom we were hoping to give security teams of all shapes and sizes.

Put another way, the value of your security department is measured by how cost effectively you’ve reduced your risk … not by how many people you have sitting in your SOC. And that’s what led us to charting a new managed security path that’s driven by tech and supported by smart people (not the other way around).

What we’ve learned

While we had some initial core beliefs about the state of managed security that led to us building something different, our customers have taught us a lot in the past two years, and it has helped to confirm those beliefs. In fact, if anything surprised us it’s how bad experiences have caused so many to give up on the original promise of the MSSP market.

For example, we know teams want a tech-first approach to managed security — one that doesn’t depend on them hiring lots of people (who don’t exist, anyway!) to hang out in a SOC and sift through alerts day after day. They want to get more value out of the tools they already own versus being asked to buy a bunch of new ones. They want to be able to see what their provider is doing and they want that provider to feel like an extension of their team. They also want vendors who “speak cloud” because most are running at least partially in AWS or Microsoft Azure or Google Cloud Platform.

And above all else, they just want to get better. They want to be able to confidently tell their CEO and board of directors that the org is better protected from the latest threats than it was yesterday. And they want a vendor that’s actually got their back and is going to give them advice on how to go from good to great.

So we set out on a mission to do all of that. We’ve had some great wins so far but there’s always more work to be done. We’re thrilled to continue growing (and building new stuff and doing all the things even better and faster than before).

Where we’re going (and thanks)

Sure, we could jot down a laundry list of all the things we’re going to do thanks to this new funding (actually, if you want a sneak peek, go check out our press release.

It all comes down to this: we’ll continue to deliver the highest quality service possible to our customers. We’ll grow with them as their orgs and security needs inevitably evolve over time. And we’ll find ways to improve on the stuff we think we could do better (see that “highest quality service” thing above).

None of us are really great with speeches, but if what we’re up to sounds interesting, get in touch. And to all of our employees, customers, partners and investors: thank you. We appreciate you and are thrilled to continue this journey of changing managed security … together.


Subscribe
Digital_device_screens_with_background

Gartner Market Guide for Managed Detection and Response Services

Use this research to determine whether MDR services are appropriate for your environment.
Download the Report