How to

To build something useful you must first understand your users. Find out how Expel used Terraform and Atlantis to build a platform that makes self-service provisioning in cloud infrastructure easy.

Wonder what real-life investigation and response looks like in the cloud? Buckle up! Our team walks you through a coin-mining attack in AWS that they recently foiled – all the way from alert to fix.

Attackers love to look to PowerShell to enact their evil plans. Expel’s senior data scientist tells us how she used machine learning to help analysts spot malicious activity in PowerShell quickly.

Creating strong leaders is paramount to the health and success of a company ... but managers are rarely given the tools to lead. That’s why we built a managers program at Expel.

Red team engagements are essential to helping your SOC analysts stay battle ready. But before screaming, “CHARGE,” here are six things you should do to prepare for taking on a red team.

Many of us recently became remote workers. Now, more than ever, it’s important for us to understand how to keep our at home networks safe. Here are 10 tips to stay secure at home.

There’s lots to like about the NIST CSF. Here are our practical tips for how to use it, plus a preview of a new NIST feature we introduced in Expel Workbench™.

Creating alert thresholds is critical to *not* driving your SOC analysts batty, but what’s the “right” number? Here are some tips, tricks and favorite tools we use to determine alert thresholds for customer environments.

We love EDR tools too, but here are our best tips and tricks for combining EDR data with other (equally) important security signals.

What’s this new framework and how should you use it? Our CISO’s got all the details plus a FREE downloadable self-scoring tool to help you assess where your org’s at when it comes to privacy.

If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.

Jupyter Notebook gave us the freedom to rethink the way we analyzed hunting data. Here are some tips and tricks you can use in your own analysis.

If you’re running workloads on AWS, then you’d better be running GuardDuty. But what is it and how can you make sense of all the signals? Here are our pro tips.

Is Signal Sciences WAF part of your tech stack? Then you’ve got an amazing webshell detection method right at your fingertips.

Think MFA will be your web mail’s knight in shining armor when a crafty attacker strikes? Think again, and do these four things to make sure your org’s protected.

All good cybersecurity policies share some similar traits. Here are our pro tips for creating a solid policy for your own org.

Looking to get more or better security signals out of AWS? Then you’ll wanna read our pro tips on making the most of Amazon CloudTrail.

Relativity CSO Amanda Fennell shares the top five, easy-to-get-started things she sees forward-thinking law firms doing to improve their security.

If you use or are considering trying JupyterHub, it’s your lucky day -- we’re sharing configuration tips and tricks, how we’re using it to make technical research easier, and much more.

So you decided you want to build a threat hunting program ... but where do you start? Here are our three must-dos when you’re planning your hunt.

Got Macs in your org? Here are a few recent Mac OS attack trends and how you can become more resilient to ‘em.

Finding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.

Your IT team isn’t racking and stacking servers like they used to, but cracking the cloud security code is easier than you think. Get our pro tips for doing just that.

How do you decide which tech to use to carry out your hunt? This post’s got some pro tips for when and how to use different technology for your threat hunting mission.

How well is your MSSP or MDR going to manage your fleet of security signals over time? Here’s how to figure out whether they’re up for the challenge.

Want to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.

You’re processing loads of data every day...but are you catching it all? Here are tips from our pros for rocking your data auditing.

How can you figure out if the quality of the service you’re about to sign up for will improve over time? Our COO Yanek Korff’s got some tips for making sure you choose a service that’ll last.

Why do Amazon S3 bucket breaches happen and how can you protect your own org from making this mistake? We’ve got all the AWS pro tips for you in our latest post.

We use technologies behind the scenes to make Expel Workbench and our analysts more efficient. GreyNoise is one of those -- here's how we use it and why you might find it useful too.

We’ve heard lots of interesting Qs as prospective customers evaluate which solution's right for them... here are the 12 you should be asking.

As attackers behind BEC attacks find ever more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.

If your team doesn’t have lots of incident response practice under their belt (yet!), a threat emulation exercise is the perfect way to help them flex those response muscles and improve your collective skills.

If you're left holding the hot potato of a legacy lackluster security program, or are suddenly forced to protect your org and its data with less, here are a few quick steps to take to get cybersecurity efforts back on track.

If you're feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.

Figuring out how to protect your SaaS infrastructure like Office 365 -- especially if you’re newer to cloud -- can feel overwhelming. So here are five Office 365 security best practices to check out right now.

Seven smart ways to prepare for a tour of a security operations center (SOC) and five clues to watch out for during your visit.

Understanding how to think about cloud security differently is half the battle. We've thought a lot about it, and we’ve identified three key points that should inform your cloud strategy.

Oh Noes! is a role-playing game designed to help you and your organization become better prepared to respond to cybersecurity incidents.

Here are some of the most frequent ways attackers can use your website and your web presence to harm your company, your users and the public at large.

Use the hunting process to find attackers performing reconnaissance, through actions that aren’t things most users typically do, in your system.

Let us walk you through our third-party assessment process. We think it's lightweight but still achieves the objective - determining if a vendor can be trusted.

In this guest post, Amanda Fennell, CSO at Relativity reflects on what she’s learned.

Our list of five things you can do to take the first steps to an entry-level technical cybersecurity career.

We give you a quick tour of the NIST Cybersecurity framework and describe how you can baseline your efforts in a couple of hours. So check it out.

A little nerdy (and a lot math-y) post to help you better understand your SOC's systems, so you know how changes will impact its operation. If you’re wondering what “I Love Lucy” has to do with this then read on.

Not all 24x7 SOCs are created equal. To figure out how much it costs to go 24x7, you have to first figure out what kind of SOC you’re trying to build. We outline four possible security operations centers and an estimate of your costs.

So… what is resilience? We’ll cover that and also how it works in this post. We’ve even thrown in a couple examples to get you started.

Walk through a practical example of how you can make a weak signal actionable by combining events from your endpoint and network security technologies into one meaningful alert.

The three parts of the investigative mindset and how to apply them when you triage endpoint alerts.