
How to create (and share) good cybersecurity metrics
Establishing metrics is vital. But how do you report progress and have a conversation about what you’re seeing? Are you even looking at the right things? Here are some tips on measuring cybersecurity.

Containerizing key pipeline with zero downtime
Migrating to Kubernetes as Expel’s core engineering platform with zero downtime – and without interfering with our analysts’ workflow – is a tall order. But our engineers pulled it off. Find out how.

Attack trend alert: REvil ransomware
Expel’s SOC spotted a new trend in REvil campaigns and they’re sounding the alarm. Find out what’s new about this type of attack, how our analysts spotted it and what you can do to protect your org.

Behind the scenes: Building Azure integrations for ASC alerts
Find out how Expel’s internal teams built an integration on top of Azure signal – creating a new detection strategy for ASC that provides more context around alerts and improves customer visibility.

Introducing Expel Workbench™ for Amazon Web Services (AWS)
We’re excited to announce the launch of our first SaaS product! It automates the investigation of AWS alerts and logs – allowing your team to spend less time finding and fixing security issues.

Got workloads in Microsoft Azure? Read this
Got Microsoft Azure? Running Microsoft products in your org? Then you might want to get a free copy of our all-new Azure guidebook.

Plotting booby traps like in Home Alone: Our approach to detection writing
Find out how Expel’s D&R engineers think about detection writing, and how this process helps our SOC analysts make smart decisions and gain a deeper understanding of our customers’ environments.

Supply chain attack prevention: 3 things to do now
What do you do when you can’t trust the internet? Supply chain attacks like the SolarWinds Orion breach are not new. Here are some things you can do to help prepare and guard against similar attacks.

Improving the phishing triage process: Keeping our analysts (and our customers) sane
Here’s how Expel created a phishing triage process that keeps our analysts’ heads above water while also ensuring that a trained pair of eyes is on every email submitted by our customers.

The SolarWinds Orion breach: 6 ideas on what to do next and why
Here are some of our early observations on the SolarWinds Orion breach, plus our ideas on what to do next to detect related activity and better protect your org.

How to investigate like an Expel analyst: The Expel Workbench managed alert process
Ever wonder about how Expel’s analysts investigate alerts? Our SOC team created a workflow called the Expel Workbench managed alert process. Read on to find out how it works and how it can help you.

Evilginx-ing into the cloud: How we detected a red team attack in AWS
Red team sneak attack? Bring it on. Find out how we tackled a red team attack using open source offensive security tools in AWS and what you can do to protect your org from similar attacks.

The CISO in 2020 (and beyond): A chat with Bruce Potter
It’s impossible to sum up a year that felt like 1000 in a single blog post. But we did gather some topline takeaways on security trends and the evolving role of the CISO from Expel’s Bruce Potter.

Introducing a mind map for AWS investigations
We’ve been doing a lot of investigations in AWS using CloudTrail logs and have been noticing some interesting things along the way. So we created an AWS mind map for our team (and you). Check it out!

Announcing Open Source python client (pyexclient) for Expel Workbench
We’re open sourcing a python client in the Expel Workbench! This labor of love will allow our customers to take advantage of our APIs. Find out what the release of the pyexclient project includes.

Performance metrics, part 2: Keeping things under control
In this second post in our three-part series on all things metrics and SOC leadership, our team dives into details of what metrics and techniques are used to protect the SOC against volatility.

Introducing Expel for phishing
Expel just introduced a new offering: Expel for Phishing! Lost in a sea of phishing emails? Find out how our product goes beyond automated triage and helps our customers come up for air.

Why don’t you integrate with [foo]?
You’ve heard that Expel integrates with your tech. But not YOUR tech. What gives? Well, sometimes it doesn’t always make sense. Expel’s COO explains why and what this means when working with us.

Performance metrics, part 1: Measuring SOC efficiency
How do you establish metrics for SOC efficiency? This first post in a three-part series shares our team’s approach to setting SOC goals, creating a strategy and measuring success.

3 steps to figuring out where a SIEM belongs in your security program
How can a SIEM help you address your business needs? Do you even need a SIEM? Finding the right answer isn’t easy. Here are some tips to help you make a decision that works best for you.

Managed detection and response (MDR): symptom or solution?
An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.