AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Cloud security

  • 12 min read

Migrating to GKE: Preemptible nodes and making space for the Chaos Monkeys

Find out how Expel’s internal teams collaborated to migrate our core infrastructure from a legacy environment to GCP, with no downtime (while also making sure they were prepared for a little chaos).

  • 6 min read

5 best practices to get to production readiness with Hashicorp Vault in Kubernetes

Flying blind when it comes to running Hashicorp Vault in Kubernetes? We’ve got you covered. Accelerate your path to production without compromising on security with these tips and best practices.

  • 8 min read

Containerizing key pipeline with zero downtime

Migrating to Kubernetes as Expel’s core engineering platform with zero downtime – and without interfering with our analysts’ workflow – is a tall order. But our engineers pulled it off. Find out how.

  • 12 min read

Behind the scenes: Building Azure integrations for ASC alerts

Find out how Expel’s internal teams built an integration on top of Azure signal – creating a new detection strategy for ASC that provides more context around alerts and improves customer visibility.

  • 3 min read

Introducing Expel Workbench™ for Amazon Web Services (AWS)

We’re excited to announce the launch of our first SaaS product! It automates the investigation of AWS alerts and logs – allowing your team to spend less time finding and fixing security issues.

  • 1 min read

Got workloads in Microsoft Azure? Read this

Got Microsoft Azure? Running Microsoft products in your org? Then you might want to get a free copy of our all-new Azure guidebook.

  • 7 min read

Plotting booby traps like in Home Alone: Our approach to detection writing

Find out how Expel’s D&R engineers think about detection writing, and how this process helps our SOC analysts make smart decisions and gain a deeper understanding of our customers’ environments.

  • 6 min read

Supply chain attack prevention: 3 things to do now

What do you do when you can’t trust the internet? Supply chain attacks like the SolarWinds Orion breach are not new. Here are some things you can do to help prepare and guard against similar attacks.

  • 3 min read

The SolarWinds Orion breach: 6 ideas on what to do next and why

Here are some of our early observations on the SolarWinds Orion breach, plus our ideas on what to do next to detect related activity and better protect your org.

  • 6 min read

Evilginx-ing into the cloud: How we detected a red team attack in AWS

Red team sneak attack? Bring it on. Find out how we tackled a red team attack using open source offensive security tools in AWS and what you can do to protect your org from similar attacks.

  • 2 min read

Introducing a mind map for AWS investigations

We’ve been doing a lot of investigations in AWS using CloudTrail logs and have been noticing some interesting things along the way. So we created an AWS mind map for our team (and you). Check it out!

  • 8 min read

The power of orchestration: how we automated enrichments for AWS alerts

Automation is key when it comes to helping analysts focus on doing what they do best – investigating legitimate threats. Find out how we use orchestration to automate enrichments for AWS alerts.

  • 8 min read

Terraforming a better engineering experience with Atlantis

To build something useful you must first understand your users. Find out how Expel used Terraform and Atlantis to build a platform that makes self-service provisioning in cloud infrastructure easy.

  • 11 min read

Behind the scenes in the Expel SOC: Alert-to-fix in AWS

Wonder what real-life investigation and response looks like in the cloud? Buckle up! Our team walks you through a coin-mining attack in AWS that they recently foiled – all the way from alert to fix.

  • 5 min read

So you’ve got a multi-cloud strategy; here’s how to navigate four common security challenges

Switching to a multi-cloud solution? Easy! Just kidding. Expel’s senior detection & response engineer shares some things you need to think about when going multi-cloud – and how to stay sane.

  • 8 min read

Why the cloud is probably more secure than your on-prem environment

Is your data really safer in the server room next door? Probably not. Here are five reasons why the cloud offers better security than your on-prem environment.

  • 3 min read

Where does Amazon Detective fit in your AWS security landscape?

If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.

  • 5 min read

Making sense of Amazon GuardDuty alerts

If you’re running workloads on AWS, then you’d better be running GuardDuty. But what is it and how can you make sense of all the signals? Here are our pro tips.

  • 7 min read

Generate Strong Security Signals with Sumo Logic & AWS Cloudtrail

Looking to get more or better security signals out of AWS? Then you’ll wanna read our pro tips on making the most of Amazon CloudTrail.

  • 3 min read

Here’s what you need to know about business email compromise (BEC)

How often does a business email compromise actually happen? And what should you do about it? Our infographic answers those questions and more.

  • 5 min read

This is how you should be thinking about cloud security

Your IT team isn’t racking and stacking servers like they used to, but cracking the cloud security code is easier than you think. Get our pro tips for doing just that.

  • 4 min read

Four common infosec legal risks and how to mitigate them

There are four missteps we see happen often that open fast-growing companies up to unnecessary legal risks -- here’s how to course correct.

  • 7 min read

How to build a useful (and entertaining) threat emulation exercise for AWS

Want to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.

  • 4 min read

How public-private partnerships can support election security

Election security measures (or lack thereof) are making headlines. How can private sector orgs contribute to public sector security? Our CISO Bruce Potter’s got some ideas.

  • 8 min read

How to find Amazon S3 bucket misconfigurations and fix them ASAP

Why do Amazon S3 bucket breaches happen and how can you protect your own org from making this mistake? We’ve got all the AWS pro tips for you in our latest post.

  • 9 min read

Seven ways to spot a business email compromise in Office 365

As attackers behind BEC attacks find ever more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.

  • 3 min read

Three tips for getting started with cloud application security

If you're feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.

  • 3 min read

Office 365 security best practices: five things to do right now to keep attackers out

Figuring out how to protect your SaaS infrastructure like Office 365 -- especially if you’re newer to cloud -- can feel overwhelming. So here are five Office 365 security best practices to check out right now.

Cloud security
  • 7 min read

Getting a grip on your cloud security strategy

Understanding how to think about cloud security differently is half the battle. We've thought a lot about it, and we’ve identified three key points that should inform your cloud strategy.

Back To Top