Building detections in Google Cloud Platform (GCP) but not sure where to start? Time to get strategic. Our detection and response engineers demystify the process for building detections in the cloud.
A red team recently swooped in and showed off some new tactics. What started as a PowerShell download cradle quickly turned into a custom rootkit download. Find out how we spotted the crafty red team.
Need to ensure your tech, privacy and security policies are compliant? Find out what compliance means in practice and how your MDR provider can support your compliance program, not become a liability.
Crafty attackers are finding new ways to bypass multiple-factor authentication. Find out how our SOC detected an attack and get some tips on how your org can prevent credentials phishing.
A new ransomware attack upheaved the beginning of Fourth of July weekend. Fortunately, there are steps you can take right now to stay safe. Find out what’s happening and how Expel is looking ahead.
We’re noticing a trend in ransomware attacks. But that doesn’t mean it’s time to go into panic mode. Find out what you need to know and get some tips on how you can keep your org safe.
You can scale your SOC and improve quality. Seems impossible? Not if you know how and what to measure. The crew that helped build Expel’s SOC explain how they pulled it off – and how you can too.
We shared the top attack trend spotted during the pandemic and what to keep an eye out for looking ahead. But how do you remediate and stay resilient against these attacks? Our crew shares some tips.
Our team shares some success stories in creating efficiency and reducing analyst burnout. They end this three-part series with a gift from our SOC – a downloadable resource to measure performance.
We’ve added something new to Expel Hunting: cloud hunts. Find out how our crew’s newly developed hunting techniques can help you spot visibility gaps in your cloud (and give you some peace of mind).
Check out our newest infographic to learn about the top attack trend during the COVID-19 pandemic, how our SOC’s data reinforces these recent findings and how you should be looking ahead.
Take our short quiz to find out how your approach to AWS security compares to similar orgs. Based on your responses, we’ll also share some resources to help you level up your AWS security game.
Find out how Expel’s internal teams collaborated to migrate our core infrastructure from a legacy environment to GCP, with no downtime (while also making sure they were prepared for a little chaos).
Expel is recognized as a leader in The Forrester Wave™: Managed Detection And Response, Q1 2021 report. And our CEO – along with the whole Expletive crew – are pretty excited about it.
Flying blind when it comes to running Hashicorp Vault in Kubernetes? We’ve got you covered. Accelerate your path to production without compromising on security with these tips and best practices.
Establishing metrics is vital. But how do you report progress and have a conversation about what you’re seeing? Are you even looking at the right things? Here are some tips on measuring cybersecurity.
Migrating to Kubernetes as Expel’s core engineering platform with zero downtime – and without interfering with our analysts’ workflow – is a tall order. But our engineers pulled it off. Find out how.
Expel’s SOC spotted a new trend in REvil campaigns and they’re sounding the alarm. Find out what’s new about this type of attack, how our analysts spotted it and what you can do to protect your org.
Find out how Expel’s internal teams built an integration on top of Azure signal – creating a new detection strategy for ASC that provides more context around alerts and improves customer visibility.
We’re excited to announce the launch of our first SaaS product! It automates the investigation of AWS alerts and logs – allowing your team to spend less time finding and fixing security issues.
Got Microsoft Azure? Running Microsoft products in your org? Then you might want to get a free copy of our all-new Azure guidebook.
Find out how Expel’s D&R engineers think about detection writing, and how this process helps our SOC analysts make smart decisions and gain a deeper understanding of our customers’ environments.
What do you do when you can’t trust the internet? Supply chain attacks like the SolarWinds Orion breach are not new. Here are some things you can do to help prepare and guard against similar attacks.
Here’s how Expel created a phishing triage process that keeps our analysts’ heads above water while also ensuring that a trained pair of eyes is on every email submitted by our customers.
Here are some of our early observations on the SolarWinds Orion breach, plus our ideas on what to do next to detect related activity and better protect your org.
Ever wonder about how Expel’s analysts investigate alerts? Our SOC team created a workflow called the Expel Workbench managed alert process. Read on to find out how it works and how it can help you.
Red team sneak attack? Bring it on. Find out how we tackled a red team attack using open source offensive security tools in AWS and what you can do to protect your org from similar attacks.
It’s impossible to sum up a year that felt like 1000 in a single blog post. But we did gather some topline takeaways on security trends and the evolving role of the CISO from Expel’s Bruce Potter.
We’ve been doing a lot of investigations in AWS using CloudTrail logs and have been noticing some interesting things along the way. So we created an AWS mind map for our team (and you). Check it out!
We’re open sourcing a python client in the Expel Workbench! This labor of love will allow our customers to take advantage of our APIs. Find out what the release of the pyexclient project includes.
In this second post in our three-part series on all things metrics and SOC leadership, our team dives into details of what metrics and techniques are used to protect the SOC against volatility.
Expel just introduced a new offering: Expel for Phishing! Lost in a sea of phishing emails? Find out how our product goes beyond automated triage and helps our customers come up for air.
You’ve heard that Expel integrates with your tech. But not YOUR tech. What gives? Well, sometimes it doesn’t always make sense. Expel’s COO explains why and what this means when working with us.
How do you establish metrics for SOC efficiency? This first post in a three-part series shares our team’s approach to setting SOC goals, creating a strategy and measuring success.
How can a SIEM help you address your business needs? Do you even need a SIEM? Finding the right answer isn’t easy. Here are some tips to help you make a decision that works best for you.
An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.