Secure
your cloud(s)
24x7 monitoring and response for AWS, Azure and SaaS apps including O365
If any of these sound like you, chances are we can help.
24x7 monitoring and response for …
Cloud infrastructure
SaaS applications
The cloud isn’t just one thing. What you need to look for depends what you’re looking at. Expel’s cloud detection strategy is tailored to the cloud apps and infrastructure we monitor.
 |
 |
 |
|
|---|---|---|---|
| Examples of things we monitor across cloud services | |||
| Suspicious logins | |||
| Resource sharing | |||
| Unusual admin activity | |||
| Unusual changes to virtual private clouds (VPC) | |||
| Examples of unique things we monitor for each cloud service | |||
|
Suspicious or unusual activity |
Suspicious commands via AWS SSM Deleted or disabled CloudTrail or GuardDuty AWS EC2 credential compromise Publicly accessible S3 buckets Suspicious AWS CloudWatch event rule creation Unauthorized resource sharing Use of lambda to backdoor AWS accounts |
Creation of public resources Credential dumping via runbook Disabling or downgrading Windows Defender ATP Suspicious RDP activity |
Suspicious modification to resource hierarchy Suspicious interactions with Service Accounts Deleted or exported GCP MySQL logs Publicly accessible Cloud Storage buckets Suspicious creation of VPC firewall rules Publicly accessible BigQuery dataset |
| How we ingest signal | |||
|
Expel uses data from the following cloud-specific services and APIs |
AWS CloudTrail AWS EC2 Amazon GuardDuty AWS Lambda Amazon Macie Amazon Redshift audit logs AWS S3 |
Azure Activity Log Azure Active Directory Azure Log Analytics Azure Security Center Azure Identity Protection |
Audit Logs Compute Engine Event Threat Detection (ETD) Cloud Functions Virtual Private Cloud (VPC) BigQuery Cloud Storage Cloud SQL |
What does 24x7 monitoring and response for AWS, Azure, GCP and SaaS apps include?
Expel ingests your events and log data from your AWS, Azure and SaaS apps and enriches it with context that’s specific to your environment. Then, we continuously look for indicators of attacker behavior.
When something’s suspicious, we investigate and tell you what happened and what you need to do about it (in plain English).
Getting a grip on your cloud security strategy
Understanding how to think about cloud security differently is half the battle. Here are three key points that should inform your cloud strategy.
Seven ways to spot a business email compromise in O365
It’s getting trickier to protect against BEC attacks. Here are some telltale signs you can look for that are tip-offs that something’s amiss.
Making sense of Amazon GuardDuty alerts
What is AWS GuardDuty and how can you make sense of all the signals? Here are our pro tips.
Three questions other MDR
and MSSP providers are hoping you won’t ask them
Is your detection strategy tailored to each cloud service?
Do you treat log data from cloud services differently than other logs?
How do you train your analysts to investigate incidents that originate in the cloud?
Ready to talk to a human?
When you tell us you’re ready, we won’t waste your time. Let us know what you’re looking for and we’ll have someone get in touch who can talk tech.
Thanks for clicking submit. Your message is now being directed to a real person.