AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content
X

It’s time to talk. And listen. And learn. And listen some more. Read a few words from Expel’s CEO.

X

Amazon Web Services

24x7 detection and response for AWS workloads and custom apps using AWS native services

Managed detection and response for AWS

(delivered by a team that knows AWS instances are cattle, not pets)

When you’re growing, security can take a back seat to the needs of your engineers. That makes sense. After all, you want your engineers focused on coding. Expel helps your security strategy keep up by detecting and chasing down security risks unique to Amazon Web Services.

Detections designed
for your AWS environment

Our AWS detection strategy uses native AWS services:

  • Analyzes GuardDuty and Macie alerts
  • Adds custom detections for high-risk activities
  • Then, we tune our detections to match your apps and workloads
AWS_Dashboard

What we do

Expel-Diamonds_diamond-01
Mobile-Diagram_Mobile 1
AWS-Icons_monitoring

24x7 AWS monitoring

Our analysts chase down your AWS alerts so you can focus on building new features, products and services.

Expel-Diamonds_diamond-02
Mobile-Diagram_Mobile 2
AWS-Icons_investigating

Investigations in AWS

We’ll connect the dots from suspicious AWS alerts back to their root cause and tell you what they mean.

Expel-Diamonds_diamond-03
Mobile-Diagram_Mobile 3
AWS-Icons_fixes

Fixes “written in cloud”

Whenever possible, our analysts will recommend configuration changes to address activities we tell you about.

We wanted [a provider] with analysts who were well-versed with cloud tools and architecture. We were impressed with Expel’s cloud knowledge … Expel’s approach to security felt more like a partnership — one where our two teams would work seamlessly together.

— Lori Temples, VP, IT Security

What we look for

(updated at AWS speed)

AWS rolls out nifty new services and capabilities at a dizzying pace. As you add new AWS services, we’ll evaluate them and update our detection and response strategy where it makes sense so your security strategy can stay in synch with your engineering team. Here are a few examples of things we’ll look for:

AWS-icons-01

Suspicious logins and
unauthorized access

AWS-icons-02

Disabling or changing AWS
security capabilities

AWS-icons-03

Unauthorized sharing or access to
sensitive data

AWS-icons-04

Evidence of
instance compromise

AWS-icons-05

Unusual changes to AWS Virtual
Private Clouds (VPC)

AWS-icons-06

Risky violations of AWS best
practices

How we use native AWS services

(hint: GuardDuty is just a starting point)

Expel uses API integrations to connect directly to the AWS platform. We support authentication via an AWS IAM Role (recommended) or IAM User with a set of read-only permissions. To collect data, Expel communicates directly with APIs for services like GuardDuty and Amazon Inspector, and pulls CloudTrail data from S3.

AWS Infographic New

How Expel uses AWS services for detection, investigation and response

AWS service Examples of how we use them Detect Investigate Remediate

Detection signal

Things that ring the bell and tell us there’s something to look for

Amazon GuardDuty To find things that go bump in your VPC
AWS Identity & Access Management Monitor who’s accessing your environment
Amazon Inspector Know when config changes are putting you at risk
AWS Key Management Service Monitor who’s touching your encrypted data
Amazon Macie Know when your sensitive data goes walking
Amazon RDS Know when your data goes for a walk
Amazon Redshift Know when your data goes for a walk
AWS Security Hub Unified view and compliance checks
AWS WAF Know when someone’s poking at your application

Investigative support

What our SOC uses to determine if there’s a real threat and determine the scope and intent

AWS CloudTrail The API audit log you’ve been waiting for
Amazon CloudWatch Operational monitoring, FTW!
Amazon Detective Decision support that turns frowns upside down

Remediation tools

We don't kill or isolate production services but we can talk about how to use these services

AWS Lambda Make fixes to give you that 'post' breach touch-up look
AWS Systems Manager Automation to restore you to know-good
Blog 500x300 Amazon Guardduty Alerts

Blog

What is AWS GuardDuty and how can you make sense of all the signals? Here are our pro tips.

Blog 500x300 Strong Aws Security Signals

Blog

Looking to get more or better security signals out of AWS? Then you’ll wanna read our pro tips on making the most of Amazon Cloud Trail.

Blog 500x300 Where Does Amazon Detective Fit In Your AWS Security Landscape 2

Blog

If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.

Give us 30 minutes to show you how we can protect your data and workloads in AWS.

Back To Top