AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Managed detection
and response (MDR)

Give us your alerts and we’ll give you answers (written in plain English)

People come to this page for lots of reasons. Here are the top four.

Icon - MDR Providers

Someone said you
should look at MDR providers
and you were like, “what’s an MDR?”

Hunt for Threats

You want (someone?) to hunt
for threats your security
tools don’t alert on.


You want more
help triaging and
investigating alerts?

Face palm

YOU had to alert your MSSP … about an alert they missed

Managed detection and response (MDR) is managed security that gives you what MSSPs promised … but didn’t deliver.

Summary of Expel MDR Capabilities

Proactive threat hunting We go find the attacks your products don’t alert on and which only a human can find
Advanced data analytics We spruce up your alerts with context from your business and from our experience
24x7 monitoring Yup, analysts in our SOC keep a constant eye on your business (they get free snacks too!)
Alert triage Triaging alerts and weeding out false positives is our bread and butter (one analyst is even CPR-certified)
Endpoint analysis API-integration to your EDR tools gives us alerts and lets us investigate as if we were in your office
Network analysis We take alerts from your network security tools (also via APIs); they also help us investigate
Log analysis We plug into your SIEM using APIs (see a pattern?) … not so much for alerts … but to investigate
Expel detection rules High fidelity alerts from Expel-curated rules can go beyond host and network detection
Incident validation and notification One click gets you detailed analysis including answers to what happened, where, when, why and how
Remote response Our analysts investigate and give you detailed reports (written in plain English!) with clear actions
Containment and remediation We go as far as you want … from telling you what to do … to pushing the button to contain threats
Resilience recommendations We’ll give you detailed guidance on how to improve and get at the root cause of repeated incidents
How we work with you
Use your security tech We’ll use the security tools you already invested in, not make you buy ours (and we don’t sell tools)
See what our analysts see We like company, so you get to share the same view as our analysts via the Expel Workbench
Metrics, reporting and summaries We show you what we’re doing as we do it, and calculate metrics so you can hold us accountable
Direct interaction with analysts Talk live with our analysts any time via a dedicated Slack channel
Security device monitoring While we don’t patch and upgrade your tools, we make sure they’re configured right … and stay that way
Transparent pricing We love a good time, but playing pricing games isn’t our thing; our real prices are on our website

So what is managed detection and response?

(a symptom of MSSPs’ lack of innovation)

Customer dissatisfaction with MSSPs has gotten so bad that a whole new “proto-market” has popped up that basically … well … it does the things customers thought they were getting when they first signed their MSSP contract. Specifically, MDR providers improve threat detection monitoring and add deeper analysis and investigation of alerts with specific guidance on how to remediate the threats they uncover and validate.

Detection and Response Laptop

“MDR services give security teams the ability to find, investigate and remove attackers from the environment long before traditional security tools’ alarm bells ring.”
— Forrester Research, Inc., “Now Tech: Managed Detection And Response (MDR) Services, Q2 2018,” April 26, 2018.

Blog: Managed detection and response (MDR): symptom or solution?

Blog: Introducing 24x7 monitoring and response for Google Cloud Platform

Blog: Here’s what you need to know about business email compromise (BEC)

What’s unique about Expel’s MDR service?

(for starters … our value doesn’t stop when the alerts stop)


It uses your tech

We don’t force our tech stack on you. We make your existing tech work harder.

It's Transparent

It’s transparent

You see exactly what our analysts are doing, even as an investigation unfolds.

You get results fast

You’ll start seeing value from Expel in a couple of weeks… not months (…or worse).

Makes You Better

We make you better

Resilience recommendations help you keep incidents from happening over and over.

Give us 30 minutes to show you how we help companies that look like you.

Back To Top