AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

MDR for
cloud infrastructure

24x7 monitoring and response for AWS, Azure and GCP

Give us 30 minutes to show you how we help companies that look like you

Thanks for clicking submit. Your message is now being directed to a real person.

Detection and response
built for the cloud

Getting signal from the cloud is easy, it’s what we do with it that’s unique. Our detection and response strategies are specific to AWS, Azure and GCP. We’ll let you know when we discover anomalous activity, the investigative details and next steps to fix it.

How we work with each cloud provider

Examples of things we monitor across cloud services
Suspicious logins
Resource sharing
Unusual admin activity
Unusual changes to virtual private clouds (VPC)
Examples of unique things we monitor for each cloud service
Suspicious or unusual activity

Suspicious commands via AWS SSM

Deleted or disabled CloudTrail or GuardDuty

AWS EC2 credential compromise

Publicly accessible S3 buckets

Suspicious AWS CloudWatch event rule creation

Unauthorized resource sharing

Use of lambda to backdoor AWS accounts

Creation of public resources

Credential dumping via runbook

Disabling or downgrading Windows Defender ATP

Suspicious RDP activity

Suspicious modification to resource hierarchy

Suspicious interactions with Service Accounts

Deleted or exported GCP MySQL logs

Publicly accessible Cloud Storage buckets

Suspicious creation of VPC firewall rules

Publicly accessible BigQuery dataset

How we ingest signal
Expel uses data from the following cloud-specific services and APIs




Elastic Block Storage








AWS System Managers


Security Center

Platform Logs



AD Identity Protection

Virtual Machines


Blog Storage

Azure Log Analytics

Key Vault

Resource Manager

App Service

SQL Service

Cosmos DB

Event Threat Detection (ETD)

Admin Activity Audit Logs

Cloud iAM

Cloud Compute

Cloud Endpoint

Cloud Function

Cloud App Engine

Cloud SQL

Cloud VPC



How will your life change with Expel?

(for starters… you’ll be able to see what you’re paying for)

Get answers, not alerts

You won’t get alerts that create more work for you. You’ll get answers that tell you what you need to do.


Use tools you already own

We won’t force our tech stack on you while ignoring the tools you already own.

Get results fast

You’ll start seeing value from Expel in a couple weeks… not months (…or worse).

Make your team happier

Your team will be happier because they can focus on the work they love.

Expel helped us optimize our security signal, which saved us about $150,000 a year. Now we’re using that money to accelerate several other strategic security initiatives.”

– Patrick Gilbert, Head of security and Senior IT Security Manager

Give us 30 minutes to show you how we help companies that look like you.

Back To Top