Managed detection
and response (MDR)
Give us your alerts and we’ll give you answers (written in plain English)
People come to this page for lots of reasons. Here are the top four.
Managed detection and response (MDR) is managed security that gives you what MSSPs promised … but didn’t deliver.
Summary of Expel MDR Capabilities
| Detection | |
|---|---|
| Proactive threat hunting | We go find the attacks your products don’t alert on and which only a human can find |
| Advanced data analytics | We spruce up your alerts with context from your business and from our experience |
| 24x7 monitoring | Yup, analysts in our SOC keep a constant eye on your business (they get free snacks too!) |
| Alert triage | Triaging alerts and weeding out false positives is our bread and butter (one analyst is even CPR-certified) |
| Endpoint analysis | API-integration to your EDR tools gives us alerts and lets us investigate as if we were in your office |
| Network analysis | We take alerts from your network security tools (also via APIs); they also help us investigate |
| Log analysis | We plug into your SIEM using APIs (see a pattern?) … not so much for alerts … but to investigate |
| Expel detection rules | High fidelity alerts from Expel-curated rules can go beyond host and network detection |
| Response | |
| Incident validation and notification | One click gets you detailed analysis including answers to what happened, where, when, why and how |
| Remote response | Our analysts investigate and give you detailed reports (written in plain English!) with clear actions |
| Containment and remediation | We go as far as you want … from telling you what to do … to pushing the button to contain threats |
| Resilience recommendations | We’ll give you detailed guidance on how to improve and get at the root cause of repeated incidents |
| How we work with you | |
| Use your security tech | We’ll use the security tools you already invested in, not make you buy ours (and we don’t sell tools) |
| See what our analysts see | We like company, so you get to share the same view as our analysts via the Expel Workbench |
| Metrics, reporting and summaries | We show you what we’re doing as we do it, and calculate metrics so you can hold us accountable |
| Direct interaction with analysts | Talk live with our analysts any time via a dedicated Slack channel |
| Security device monitoring | While we don’t patch and upgrade your tools, we make sure they’re configured right … and stay that way |
| Transparent pricing | We love a good time, but playing pricing games isn’t our thing; our real prices are on our website |
So what is managed detection and response?
(a symptom of MSSPs’ lack of innovation)
Customer dissatisfaction with MSSPs has gotten so bad that a whole new “proto-market” has popped up that basically … well … it does the things customers thought they were getting when they first signed their MSSP contract. Specifically, MDR providers improve threat detection monitoring and add deeper analysis and investigation of alerts with specific guidance on how to remediate the threats they uncover and validate.
“MDR services give security teams the ability to find, investigate and remove attackers from the environment long before traditional security tools’ alarm bells ring.”
— Forrester Research, Inc., “Now Tech: Managed Detection And Response (MDR) Services, Q2 2018,” April 26, 2018.
What’s unique about Expel’s MDR service?
(for starters … our value doesn’t stop when the alerts stop)
It uses your tech
We don’t force our tech stack on you. We make your existing tech work harder.
It’s transparent
You see exactly what our analysts are doing, even as an investigation unfolds.
You get results fast
You’ll start seeing value from Expel in a couple of weeks… not months (…or worse).
We make you better
Resilience recommendations help you keep incidents from happening over and over.