AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content
X

It’s time to talk. And listen. And learn. And listen some more. Read a few words from Expel’s CEO.

X

Managed detection and response

  • 8 min read

Is Windows Defender ATP any good? Here’s our two cents

Expel recently integrated Microsoft Defender ATP into our platform and we gotta say, we’re impressed! Our SOC analysts share why they love it and show us how they use it to triage alerts.

  • 5 min read

The myth of co-managed SIEMs

Think you can get a co-managed SIEM and then step away to let the magic happen? Not so fast. Our CISO shares some common myths and the realities you should consider before making a decision.

  • 11 min read

Behind the scenes in the Expel SOC: Alert-to-fix in AWS

Wonder what real-life investigation and response looks like in the cloud? Buckle up! Our team walks you through a coin-mining attack in AWS that they recently foiled – all the way from alert to fix.

  • 6 min read

Prioritizing suspicious PowerShell activity with machine learning

Attackers love to look to PowerShell to enact their evil plans. Expel’s senior data scientist tells us how she used machine learning to help analysts spot malicious activity in PowerShell quickly.

  • 6 min read

6 things to do before you bring in a red team

Red team engagements are essential to helping your SOC analysts stay battle ready. But before screaming, “CHARGE,” here are six things you should do to prepare for taking on a red team.

  • 5 min read

So you’ve got a multi-cloud strategy; here’s how to navigate four common security challenges

Switching to a multi-cloud solution? Easy! Just kidding. Expel’s senior detection & response engineer shares some things you need to think about when going multi-cloud – and how to stay sane.

  • 1 min read

Introducing 24x7 monitoring and response for Google Cloud Platform

Running a Google Cloud Platform (GCP) workload or thinking about integrating it into your security portfolio? Expel can help! We’ve officially launched our GCP 24x7 monitoring and response services.

  • 6 min read

How to create and maintain Jupyter threat hunting notebooks

We got a lot of questions about configuring Jupyter notebooks after presenting at Infosec Jupyterthon 2020. See our response along with some tips for incorporating this tech into infosec processes.

  • 8 min read

Spotting suspicious logins at scale: (Alert) pathways to success

Find out how our SOC analysts used automation to reduce the time it takes to investigate and report a suspicious login by 75%. The team outlines the process and shares a case study of it in action.

  • 13 min read

Obfuscation, reflective injection and domain fronting; oh my!

During a recent red team engagement, the CrowdStrike EDR Platform alerted our SOC team on the execution of a suspicious VBScript file. This is what they learned from untangling the malware code.

  • 10 min read

Malware operators Zoom’ing in

Over the weekend, Expel’s analysts discovered a new way attackers are using Zoom to compromise users’ security. Here’s what they learned and what you can do to avoid getting duped.

  • 5 min read

7 habits of highly effective (remote) SOCs

Security ops is a team sport … but how do you “play” together when your company’s working 100% remotely? Jon’s got some advice.

  • 6 min read

7 habits of highly effective SOCs

Wondering what it takes to build an effective SOC full of motivated, happy analysts? We’ve got some thoughts on that.

  • 10 min read

It’s time to drive a rising tide

There are a few cybersecurity fundamentals that keep us safe … but how do you get the people in your org to adopt them? Our COO Yanek Korff’s got some ideas.

  • 8 min read

Our journey to JupyterHub and beyond

If you use or are considering trying JupyterHub, it’s your lucky day -- we’re sharing configuration tips and tricks, how we’re using it to make technical research easier, and much more.

  • 5 min read

Managed detection and response (MDR): symptom or solution?

An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.

Back To Top